Reputation: 4367
Identity Management - securing a REST API / web service
What are the practices in 2015 in the companies you work in to provide the highest security level when designing a REST API / web service?
Please answer taking into account Identity Management.
For example - do you still use hashes for passwords in your databases? I am sure many of you work in companies where the security level is of a great importance. I would be extremely grateful if you could share your current experience.
If it matters, we would like to use .NET 5 with their newest Web Api.
EDIT Opinion based? I am asking for what people use to secure their services nowadays, there is nothing to be opinion based.
Upvotes: 0
Views: 199
Answers (1)
Reputation: 23436
It's best to avoid doing your own identity management all together. For applications used within your company, use your Active Directory (ADFS) or cloud based directory (Azure AD).
For all other (internet) applications, use a social identity provider like Facebook, Google or Twitter.
Your users don't need another username and password to remember and you don't need the headaches of storing passwords and doing password resets.
Upvotes: 2
Related Questions
- Securing REST API without reinventing the wheel
- Securing user/password for REST API
- User Login Authentication with Restful asp.net Web api and securing API
- REST service authentication
- Advice on OpenID/OAuth on ASP.NET Web API RESTful Services
- Implementing Security in REST?
- How to secure RESTful web services?
- Authentication and REST
- Security Concerns with REST Full WebServices
- Membership / Authorization over a REST service