网页API认证的最佳实践 [英] Web API Authentication best practice

问题描述

哪一个是一个网页API的最好方法验证，考虑到数据的安全性是至关重要的，ASP.NET应用程序在Azure上运行？

Which one is the best authentication approach for an Web API, considering that the data security is essential and the ASP.NET application runs on Azure?

推荐答案

在身份验证处理和保护Web API我建议你遵循多米尼克·拜尔的指导方针。有可能是世界上ASP.NET身份管理没有更好的专家。

When dealing with authentication and securing your Web API I recommend you follow the guidelines set by Dominick Baier. There might be no better expert on ASP.NET identity management in the world.

您可以找到他的 http://leastprivilege.com/ 并在的NuGet，Thinktecture.IdentityModel一个优秀的Web API身份包博客 - <一href=\"http://nuget.org/packages/Thinktecture.IdentityModel\">http://nuget.org/packages/Thinktecture.IdentityModel
与大多数优秀的开源库，因为所有的功能是提供您免费，没有必要推倒重来。

You can find his blog at http://leastprivilege.com/ and a great Web API Identity package at Nuget, Thinktecture.IdentityModel - http://nuget.org/packages/Thinktecture.IdentityModel As with most of the good open source libraries, since all the functionality is available for your for free, there is no need to reinvent the wheel.

这是一个顶部至底部的身份和放大器;访问控制库.NET 4.0 / WIF和.NET 4.5（包括MVC和Web API的支持）。

This is a top-to-bottom identity & access control library for .NET 4.0/WIF and .NET 4.5 (including support for MVC and Web API).

如果您想了解更多有关保护您的Web API，你也应该看这个视频 http://vimeo.com/43603474 - 从NDC奥斯陆Dominick的谈话房价

If you want to learn more about securing your Web API, you should also watch this video http://vimeo.com/43603474 - Dominick's talk from NDC Oslo 2012.

这篇关于网页API认证的最佳实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！