0

I'm new to ASP.NET, but I need to create a small project - consisting of administration panel (a website) and an android application (written in java). The plan is to publish ASP.NET Web API and consume it by both the android application and the website (probably ASP.NET MVC). The aforementioned clients have differenet functionality. I also need to recognize previously registered android clients. I have a couple of questions:

  • Is it a good design?
  • How to ensure identification and authorization? Can I attach registered deviceID in http request every time I call the service? Is there a better solution?
  • Should I use WCF Web Service instead of Web API?

I would be grateful for any hints and advice.

Improve this question

1 Answer 1

Reset to default
1

The plan sounds ok, there should be no major pitfalls.

As for the authentication/authorization, consider token-based Oauth2-like authentication. There are different flows designed to handle both passive clients (web browsers) as well as mobile native applications by the very same authentication protocol. This way you expose your webapis once and use it from such very different types of clients, always with proper security.

Using the deviceID sounds like an approach to develop a custom security protocol, this always hurts sooner or later.

For more details on token based authentication:

http://www.amazon.com/Pro-ASP-NET-Web-API-Security/dp/1430257822

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.