Authentication with Asp.net MVC 6 and Web Api
Question
I'm developing a new project with Asp.Net MVC 6. Each controller will act like a isolated SPA where the Index method will render a view and all operations will be done by Web Api calls. This Web Api will also be used for future mobile apps and also for third party systems.
Is it safe from a integration point of view to use Owin basic authentication over ssl? In older projects I used tokens for the web api project, but in this new one the MVC and Web Api will be mixed and I require an alternative authentication method.
1 answers
solution1
1 2015-07-27 20:08:50
Basic authentication 's main problem is that the username and password travel in nearly plaintext (it's actually a base64 encoded string, which is easy to recover plaintext from). Meaning that anyone between the client and server can easily retrieve the username and password.
However, if you only allow basic authentication over SSL, then your traffic is encrypted and you can reasonably sure that it's "safe". Assuming it's a good SSL implementation.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.