0

Very much new to Web API's. Trying to implement the token method the Web API uses to authenticate a user against database and use the token for all successive API calls. But i am finding it very difficult to follow the steps to do the same for mysql DB . I also feel it is a complex process for a simple login.

So my question is instead of using the Web API token method. Why not have a traditional Login function(web api) which checks the userid/pwd against db userid/pwd ? Which generates a token similar to AuthenticationTicket in ApplicationOAuthProvider, and send it as response to an ajax call and store in javascript sessionStorage for successive calls.

What is the difference in terms of security/general in both cases?

Improve this question

1 Answer 1

Reset to default
1

There are lot of thing needs to be considered while using a token for authentication. If you are using standard token implemention like JWT, you will get all of these out of the box.

  • Expiration Handling
  • Tamper proof (Signed)
  • Encrypted
  • Replay Attack protection
  • Claim based
  • Decentralized

If you want to go with your custom token implementation, in that case you need to handle all of these on your own which can be time consuming and prone to vulnerability.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Any url available on how to setup token for mysql? Is EF mandatory?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.