Reputation: 82311
Using another site to secure my site
I want to write a website that will add additional functionality beyond what an existing site offers.
But I would rather not setup my own security for my site.
I am thinking I will write some web api services that I want to be secure.
This is what the existing site says about its login page:
This is the URL you will use to authenticate the user. If the authentication was successful, you should get a 200 response code and the phrase "Sign In" shouldn't be found in the response body. Use an HTTP POST for this request.
I know that I could call the login page for every service call, but I want the user to have to login only once.
Is there some way I can know they logged in recently but still protect against someone who is trying to spoof that they have logged in?
Upvotes: 0
Views: 45
Answers (1)
Reputation: 14920
There are currently 2 options to to do that via Single Sign On.
- Using Federated Authentication using Ws-Federation.
- Using oAUTH 2.0/Open-Id connect using something like IdentityServer.
Upvotes: 1
Related Questions
- How do I call a generic method using a Type variable?
- How do I get ASP.NET Web API to return JSON instead of XML using Chrome?
- Secure hash and salt for PHP passwords
- If you can decode JWT, how are they secure?
- Should 'using' directives be inside or outside the namespace in C#?
- Why not inherit from List<T>?
- How do I update the GUI from another thread?
- How should I ethically approach user password storage for later plaintext retrieval?
- Secure cookies and mixed https/http site usage