2

Possible Duplicate:
How to secure an ASPNET MVC Web API

I have searched a lot about authentication in asp.net web api for desktop applications, but seems there is no good documentation. the official site also provides a useless and short explanation. Also some folks wrote blogs about it but are outdated. anyway.

I have a desktop client that sends and receives data to ASP.NET Web API, and should be authenticated first. How can I do this in a secure way? What do people do in this case?

Community
  • 1
  • 1
Blazi
  • 991
  • 3
  • 9
  • 19
  • Have a look at this article [here](http://www.infoq.com/news/2010/01/rest-api-authentication-schemes) – Ameen Dec 26 '12 at 22:21
  • thanks Robert.. I saw it before, it needs hashed password stored on DB. and user has to access it first. it is a bit unsecure – Blazi Dec 26 '12 at 22:26
  • Most security schemes are going to store a hashed password. What makes you think that is insecure? – Robert Harvey Dec 26 '12 at 22:28
  • for sure, no problem in hashing password. But I mean the client needs to has that hashed password and make the signature with it. So I have to send the hashed password to client one time, and the problem is here. Or user himself should recreate the same hash, but I don't know how to make a hash just like asp.net mvc default membership, can I? – Blazi Dec 26 '12 at 22:33
  • You create the hash the first time the user supplies the password, and store that hash in the database. Then, each time the user logs in, you hash the password they provide, and compare that hash with the hash you stored in the database. If they match, the user is authenticated. – Robert Harvey Dec 26 '12 at 23:15

0 Answers0