Click here to Skip to main content
12,697,801 members (25,945 online)
Rate this:
Please Sign up or sign in to vote.
Hi All,

I’m currently looking at security for a new project centred around an ASP.NET WebAPI & Database with various clients like web site built using Javascript, mobile app.

I’ve been reading a lot about OAuth, OpenID and how to integrate these which actually seems fairly easy and more or less a requirement for shared APIs in general but the more I’ve read the less I feel I understand where the boundaries of each tech start and finish. I’m still confused about how to provide a ‘Default’ login mechanism that doesn’t use any 3rd party elements.

OpenID will let users use another account on someone else’s system to login to my site whilst OAuth will allow safely exposing my services to 3rd parties without proliferating passwords around this I get and really like the idea of but what if someone comes to the site and they don’t have an OpenID and they aren’t a 3rd party app?

Is the default fallback tech still FormsAuthentication? Or is it possible / sensible to become an OpenID provider?

Posted 27-Sep-12 0:10am
Updated 21-Oct-16 9:21am

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy | Mobile
Web02 | 2.8.170118.1 | Last Updated 21 Oct 2016
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100