Reputation: 125
Implementing Security in REST?
I am concerned on how to implement security measures may it be Authentication or Authorization.. How can these be implemented.. if you have any thoughts or links that you can share with regards to WCF REST 4.0 Security and if you've implemented it also the better. because ive been trying to find out on this topic all i find is information on how to implement it using 3.5 and lower versions which seem to be different from the samples i see for 4.0 which i tried but did not make sense while implementing it.
Thank you
Upvotes: 2
Views: 1303
Answers (3)
Reputation: 3959
You might want to explore this solution for WCF REST, it is a interceptor for implementing basic authentication with a custom user database.
That interceptor authenticates the user with a password, and initializes the current principal, so you can use that one from the service itself for doing authorization or implement an IAuthorizationManager if you want to have that logic as something reusable across several services.
You will also find some other authentication methods in my blog, like certificate authentication or OAuth, which are less common.
Thanks Pablo.
Upvotes: 1
Reputation: 67039
Because REST is stateless you cannot use a cookie or session id. It is common to use HTTP Basic Authentication and HTTPS for all requests.
Upvotes: 1
Related Questions
- How to implement Authentication and Authorization in WCF Restful Service
- WCF Rest Authentication
- Authenticating a WCF web service
- Membership / Authorization over a REST service
- Authentication approaches for WCF REST
- WCF Authentication Strategies
- How to secure a WCF restful service?
- REST WCF Authentication
- WCF REST RequestInterceptor authentication
- WCF REST based services authentication schemes