Bassel Alkhateeb
Reputation: 1584
Is Using REST for authentication a good practice?
As I understand, when using REST services we count on the URI to request data and so in an authentication service, we would need to send the username & password through the URL, which is bad, am I missing something here?
Upvotes: 2
Views: 90
Answers (2)
Mac
Reputation: 1642
Your authentication service should be a POST, which will keep the credentials out of the URL. As long as the service runs over HTTPS (it does, right?), then you're safe from prying eyes.
Upvotes: 2
spatulamania
Reputation: 6663
If you don't want to add data to the URL, you can also Post to a REST service.
Upvotes: 0
Related Questions
- WCF Authentication / WCF REST Authetication..Different Method?
- WCF OAuth - Not using RESTFUL services
- Implementing Security in REST?
- WCF, RESTful Web Services and custom authentication
- Basic Authentication with WCF REST service to something other than windows accounts?
- What are my options for authentication for WCF rest?
- Authentication approaches for WCF REST
- REST WCF authentication scheme
- REST WCF Authentication
- WCF REST based services authentication schemes