Identity Management - securing a REST API / web service
Question
What are the practices in 2015 in the companies you work in to provide the highest security level when designing a REST API / web service?
Please answer taking into account Identity Management .
For example - do you still use hashes for passwords in your databases? I am sure many of you work in companies where the security level is of a great importance. I would be extremely grateful if you could share your current experience.
If it matters, we would like to use .NET 5 with their newest Web Api.
EDIT Opinion based? I am asking for what people use to secure their services nowadays, there is nothing to be opinion based.
1 answers
solution1
2 ACCPTED 2015-05-27 15:28:54
It's best to avoid doing your own identity management all together. For applications used within your company, use your Active Directory ( ADFS ) or cloud based directory ( Azure AD ).
For all other (internet) applications, use a social identity provider like Facebook , Google or Twitter .
Your users don't need another username and password to remember and you don't need the headaches of storing passwords and doing password resets.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.