2

Possible Duplicate:
How to secure an ASPNET MVC Web API

I have searched a lot about authentication in asp.net web api for desktop applications, but seems there is no good documentation. the official site also provides a useless and short explanation. Also some folks wrote blogs about it but are outdated. anyway.

I have a desktop client that sends and receives data to ASP.NET Web API, and should be authenticated first. How can I do this in a secure way? What do people do in this case?

Improve this question
5
  • Have a look at this article here Commented Dec 26, 2012 at 22:21
  • thanks Robert.. I saw it before, it needs hashed password stored on DB. and user has to access it first. it is a bit unsecure Commented Dec 26, 2012 at 22:26
  • Most security schemes are going to store a hashed password. What makes you think that is insecure? Commented Dec 26, 2012 at 22:28
  • for sure, no problem in hashing password. But I mean the client needs to has that hashed password and make the signature with it. So I have to send the hashed password to client one time, and the problem is here. Or user himself should recreate the same hash, but I don't know how to make a hash just like asp.net mvc default membership, can I? Commented Dec 26, 2012 at 22:33
  • You create the hash the first time the user supplies the password, and store that hash in the database. Then, each time the user logs in, you hash the password they provide, and compare that hash with the hash you stored in the database. If they match, the user is authenticated. Commented Dec 26, 2012 at 23:15
Related questions
1218
How do I get ASP.NET Web API to return JSON instead of XML using Chrome?
360
JWT authentication for ASP.NET Web API
538
Pass an array of integers to ASP.NET Web API?
Load 3 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.