Reputation: 1959
ASP.NET MVC Framework 'REST-like' API
I have developed a 'REST-like' XML API that I wish to expose for consumption by third-party web applications. I'm now looking to implement a security model for the exchange of data between a third-party application and the 'REST-like' XML API. I would appreciate suggestions for a suitable asymmetric encryption model.
Upvotes: 0
Views: 1245
Answers (3)
Reputation: 2263
Most common is to implement the OAuth protocol. This is what is used for the OpenSocial providers that checks authorization with 2-legged and/or 3-legged oAuth
Just do some google search and you will find a lot of implementations.
Upvotes: 0
Reputation: 3488
HTTPS works with asymmetric key encryption. It is well-known protocol easy to implement. It protects against 3p intrusion in your communication.
All you need to implement "below" is authentication - to make sure your user known to you.
Common thing to do is to provide users with key that needs to be sent with every request.
Upvotes: 0
Reputation: 532445
If you want encryption why not just use SSL to encrypt the connection rather than encrypting the response data? If 128-bit SSL isn't sufficient, then you'll either need to integrate some existing PKI infrastructure using an external, trusted authority or develop a key distribution/sharing infrastructure yourself and issue your public key and a suitable private key/identifier to your API consumers. Choose one of the cryptography providers in System.Security.Cryptography that supports public/private key exchange.
Upvotes: 1
Related Questions
- Rest-ful Basic Authentication with ASP.NET MVC
- WEB API restfull/mvc
- web api authentication in MVC application?
- MVC RESTful Service Authorization
- MVC .net for restful api
- .NET WebApi Authentication
- Looking for authentication/impersonation strategies for a RESTful API
- Authentication with a REST API
- ASP.NET MVC RESTful authentication API
- Authenticating REST requests in MVC 2