Reputation: 189
ASP.NET Web API 2 and ASP.NET Internet Application integration
I'm new to ASP.NET, but I need to create a small project - consisting of administration panel (a website) and an android application (written in java). The plan is to publish ASP.NET Web API and consume it by both the android application and the website (probably ASP.NET MVC). The aforementioned clients have differenet functionality. I also need to recognize previously registered android clients. I have a couple of questions:
- Is it a good design?
- How to ensure identification and authorization? Can I attach registered deviceID in http request every time I call the service? Is there a better solution?
- Should I use WCF Web Service instead of Web API?
I would be grateful for any hints and advice.
Upvotes: 0
Views: 212
Answers (1)
Reputation: 48240
The plan sounds ok, there should be no major pitfalls.
As for the authentication/authorization, consider token-based Oauth2-like authentication. There are different flows designed to handle both passive clients (web browsers) as well as mobile native applications by the very same authentication protocol. This way you expose your webapis once and use it from such very different types of clients, always with proper security.
Using the deviceID sounds like an approach to develop a custom security protocol, this always hurts sooner or later.
For more details on token based authentication:
http://www.amazon.com/Pro-ASP-NET-Web-API-Security/dp/1430257822
Upvotes: 1
Related Questions
- ASP MVC 4 + Web API
- Web API call from a ASP.NET MVC5 application
- Web API approach
- Consume ASP.Net Web API from ASP.Net MVC 4 Web Application
- ASP.net web api
- Asp.net mvc web application with asp.net web apis
- ASP.NET Web API in asp net
- Pure asp.net Web API application
- webapi aspnet 4 Architecture
- ASP.net Web API and System.Net.Http