ASP.NET Web API 2 and ASP.NET Internet Application integration
Question
I'm new to ASP.NET, but I need to create a small project - consisting of administration panel (a website) and an android application (written in java). The plan is to publish ASP.NET Web API and consume it by both the android application and the website (probably ASP.NET MVC). The aforementioned clients have differenet functionality. I also need to recognize previously registered android clients. I have a couple of questions:
- Is it a good design?
- How to ensure identification and authorization? Can I attach registered deviceID in http request every time I call the service? Is there a better solution?
- Should I use WCF Web Service instead of Web API?
I would be grateful for any hints and advice.
1 answers
solution1
1 2014-03-22 20:30:04
The plan sounds ok, there should be no major pitfalls.
As for the authentication/authorization, consider token-based Oauth2-like authentication. There are different flows designed to handle both passive clients (web browsers) as well as mobile native applications by the very same authentication protocol. This way you expose your webapis once and use it from such very different types of clients, always with proper security.
Using the deviceID sounds like an approach to develop a custom security protocol, this always hurts sooner or later.
For more details on token based authentication:
http://www.amazon.com/Pro-ASP-NET-Web-API-Security/dp/1430257822
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.