How to secure Restful web API

Question

0.00/5 (No votes)

See more:

I have a Rest web API and I want to secure it.I used OAuth Authentication fot third party but now I dont want to use Oauth aunthentication for my internal applications(Web Application,Android Application,IPhone Application).How I authenticate my Rest Api for internal use??????should I apply IP address check but it sounds not good.Any other ideas.

Thanks in advance :)

Posted 8-Oct-13 21:13pm

Genius15

Updated 8-Oct-13 21:24pm

ArunRajendra

v2

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

santoshsasane · Answer 1 · 2013-10-08T21:41:00

Solution 1

I think This Link Will Help you . to solved this

http://www.axway.com/products-solutions/api-management/rest-security
http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/
http://jamiekurtz.com/2013/01/14/asp-net-web-api-security-basics/

Posted 8-Oct-13 21:41pm

santoshsasane

Comments

Genius15 10-Oct-13 2:28am

Thanks for a reply :).I'm stuck at one point.We host our Rest WEB API on server where certicates are installed with same name as Domain of Our API.Now,with transport security in webconfig and other settings my API host on https with help of SSL Certificate and my web API access from outer world application through https;//XXXXXXX.Here the main problem I am facing,when from outer world application access my web API through https:/XXXXXXX they faced a SSL connection error.Is necessary for them to install a same certificate on their side also to make web API call successfull through Https:/XXXXXXX
NOTE:I'm using self signed certificate.Guess same problem I will face when I purchase a SSL certificate too and wihtout SSL settings with simple http://XXXXX request all going good.
Thanks in advance :)