0

I have built a RESTful web service built using ASP.NET Web API that can be accessed by third party client applications.

Developing the API's is straight forward, even for a Rookie like me. However, the security is not so much. This is further compounded by the fact that the web application is not using SSL connection. I know its not mandatory to use SSL connections but a secure Web API requires that we use the SSL connection.

I have seen countless examples with OAuth 2.0, Basic Authentication, etc.. But Basic Authentication does not suit our needs, and I have yet to find a convincing example that uses ASP.NET Membership instead of Identity. (Can this work with Membership is perhaps the first question I should have asked). The default asp.net membership has been overridden by a custom membership provider.

I have exhausted several hours trying to find something that maybe can point me in the right direction. (Perhaps I am not looking for the right thing to begin with).

Anyone with a similar experience that can point me in the right direction?

John Saunders
  • 160,644
  • 26
  • 247
  • 397
chigz
  • 7
  • 4
  • I closed this as a duplicate. However, I noticed that the duplicate question is from 2012. If it turns out that the 2012 answers are no longer relevant, then please ask a new question and clearly state that you know about the duplicate and that the answers there are no longer relevant. – John Saunders Sep 12 '14 at 01:59

1 Answers1

1

The right way to secure web api which will be consumed by third party clients is using OAuth bearer tokens, you can see all the details of the implementation here http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/

Taiseer Joudeh
  • 8,953
  • 1
  • 41
  • 45
  • Thanks Taiseer, Thanks for the great article. I note however, that you have used identity, whereas we are using asp.net membership. Would the implementation be along the same lines, and how would it differ? Thanks – chigz Sep 14 '14 at 20:46
  • It is the same, it will differ where you validate username/password credentials. Identity is used to store User profiles only. – Taiseer Joudeh Sep 14 '14 at 21:48
  • @TaiseerJoudeh Your solution was very helpful to get an idea of how everything works, but I am trying to follow your solution to login to a aspnet membership database using a Web api. I couldn't figure out how to change your solution so that it can be implemented to connect to a membership database. Could you share what code changes are required to do so? – Srivaishnav Gandhe May 31 '19 at 19:26