Security / Authentication Tutorials missing

Topics: Web Api
Aug 4, 2011 at 6:53 AM

Hi,
most of the web api stuff is very easy to handle. I think it's a real great step forward. But in my opinion one of the most important things is handling security when going live with such solutions. There are various posts out there (using https, etc.), but no single point of information. I would like to have a security tutorial covering the whole process including authentication, transport security, best practices. Maybe a tutorial already exists and i've missed it?


Cheers,
René

Coordinator
Aug 4, 2011 at 7:22 AM

We don't have a good tutorial on that for web api yet. Our UE team however is starting to create some tutorials, so I will ask them to add this to their backlog.

Sep 12, 2011 at 11:59 PM
Edited Sep 13, 2011 at 12:00 AM

Hello,

First of all, I would like to thank you for introducing us to WCF Web API. I think it is a much needed step in the right direction.

Having worked with numerous startups to build APIs using WCF, I can guarantee you, that this is a breath of fresh air for future development.

Having said that, I definitely would like to see a great bunch of tutorials on WCF Web API and Security.

I am in middle of creating a pretty complex application for a start-up and we really see the value in WCF Web API but the documentation isn't readily available and posts/tutorials/samples that allow me to perform specialized tasks like:

1. OAuth Integration

2. Quota Management in APIs

3. API access using application keys

and so on prevent us from using this.

I would highly appreciate it if we start seeing some documentation on the same.

Thank You,

Anup Marwadi

Sep 13, 2011 at 7:25 AM

Regarding 3. "API access using application keys", I recommend Pablo's post here: http://weblogs.asp.net/cibrax/archive/2011/04/15/http-message-channels-in-wcf-web-apis-preview-4.aspx

Pedro

Sep 15, 2011 at 12:23 AM

Thanks Pedro for pointing me to a great blog! I will read up.

Sep 22, 2011 at 12:55 AM

I second amarwadi's request. I am working on an API and we need to integrate OAuth instead of the ServiceAuthorizationManager, quota management would be great too in other words real-life scenarios.

keep up the good work

 

Sep 22, 2011 at 7:38 PM

Awesome! OAuth 2.0? keep us posted!

Oct 17, 2011 at 11:04 PM

Hi howarddierking sorry to bother you.

Any udpdate on the OAuth integration sample?

 

thanks

Oct 18, 2011 at 9:23 AM

There is a Facebook OAuth2 sample in the prototype brances, checked in last Thursday :)

http://wcf.codeplex.com/SourceControl/changeset/changes/07fc26c0b7c9