Click here to Skip to main content
11,410,750 members (64,089 online)
Rate this: bad
Please Sign up or sign in to vote.
Hi All,

I’m currently looking at security for a new project centred around an ASP.NET WebAPI & Database with various clients like web site built using Javascript, mobile app.

I’ve been reading a lot about OAuth, OpenID and how to integrate these which actually seems fairly easy and more or less a requirement for shared APIs in general but the more I’ve read the less I feel I understand where the boundaries of each tech start and finish. I’m still confused about how to provide a ‘Default’ login mechanism that doesn’t use any 3rd party elements.

OpenID will let users use another account on someone else’s system to login to my site whilst OAuth will allow safely exposing my services to 3rd parties without proliferating passwords around this I get and really like the idea of but what if someone comes to the site and they don’t have an OpenID and they aren’t a 3rd party app?

Is the default fallback tech still FormsAuthentication? Or is it possible / sensible to become an OpenID provider?

Posted 27-Sep-12 0:10am

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 Sergey Alexandrovich Kryukov 239
1 Sascha Lefévre 85
2 Dave Kreskowiak 80
3 Maciej Los 68
4 RyanDev 50
0 Sergey Alexandrovich Kryukov 8,885
1 OriginalGriff 6,915
2 Maciej Los 3,390
3 Abhinav S 3,248
4 Peter Leow 3,059

Advertise | Privacy | Mobile
Web02 | 2.8.150414.5 | Last Updated 27 Sep 2012
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100