current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Sign up ×
Stack Overflow is a community of 4.7 million programmers, just like you, helping each other. Join them; it only takes a minute:
up vote 0 down vote favorite

This question already has an answer here:

I have built a RESTful web service built using ASP.NET Web API that can be accessed by third party client applications.

Developing the API's is straight forward, even for a Rookie like me. However, the security is not so much. This is further compounded by the fact that the web application is not using SSL connection. I know its not mandatory to use SSL connections but a secure Web API requires that we use the SSL connection.

I have seen countless examples with OAuth 2.0, Basic Authentication, etc.. But Basic Authentication does not suit our needs, and I have yet to find a convincing example that uses ASP.NET Membership instead of Identity. (Can this work with Membership is perhaps the first question I should have asked). The default asp.net membership has been overridden by a custom membership provider.

I have exhausted several hours trying to find something that maybe can point me in the right direction. (Perhaps I am not looking for the right thing to begin with).

Anyone with a similar experience that can point me in the right direction?

share|improve this question

marked as duplicate by Dalorzo, John Saunders asp.net Sep 12 '14 at 1:58

This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
    
I closed this as a duplicate. However, I noticed that the duplicate question is from 2012. If it turns out that the 2012 answers are no longer relevant, then please ask a new question and clearly state that you know about the duplicate and that the answers there are no longer relevant. – John Saunders Sep 12 '14 at 1:59
up vote 0 down vote accepted

The right way to secure web api which will be consumed by third party clients is using OAuth bearer tokens, you can see all the details of the implementation here http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/

share|improve this answer
    
Thanks Taiseer, Thanks for the great article. I note however, that you have used identity, whereas we are using asp.net membership. Would the implementation be along the same lines, and how would it differ? Thanks – chigz Sep 14 '14 at 20:46
    
It is the same, it will differ where you validate username/password credentials. Identity is used to store User profiles only. – Taiseer Joudeh Sep 14 '14 at 21:48
    
Thanks for this. Appreciate :) – chigz Sep 14 '14 at 23:16

Not the answer you're looking for? Browse other questions tagged or ask your own question.