December 9, 2012

Analysis on Claim-based-security for ASP.NET Web APIs using DotNetOpenAuth

By Md. Marufuzzaman

I do a short analysis on the “Claim-based-security for ASP.NET Web APIs using DotNetOpenAuth”
(http://zamd.net/2012/05/04/claim-based-security-for-asp-net-web-apis-using-dotnetopenauth/?goback=%2Egde_4477233_member_121979238).
Few things I tried to short out are listed below:

Why I like this approach:

  1. It’s easy to implements for any client authentication based API access, basically which (the client) will consume the API.
  2. Simple flow such as:
    1. The client request to the issuer for token, actually issuer is the OAuth.
    2. Using of OAuth AuthorizationServer class which is doing the token issuance request, producing and returning a token for valid & authenticated request.
    3. Easy to configure resource server to generate keys from the certificate.
    4. Single REST call base authentication.
  3. Overall process is short / effort less to integrate with RESTful api using WebAPI framework for client request authentication.

Why I am concern on the following scenario:

  1. Each and every client request will assume as a new client and apply fresh authentication process, that is:
    1. This example will simply verify a client has been registered to access the resource rather than the specific user.
    2. How can we make the request for refresh the token? (We need to implements database part)
  2. As per current sample with considering current flow than we have to use Microsoft Windows Identity Foundation.
About these ads

About Md. Marufuzzaman

He is the founder & CEO of MNH Technologies and working for urban and rural sectors to improve people’s lifestyle, better medical facilities, education, social business etc,. The goal of this company is to bring the technology to their hand.He has over eight year of professional experiences in design and developing Client-Server, Multi-Tier, Database, Web based business software solutions, Enterprise Applications, API, Google Analytics implementation, Add-In, Documentation & Technical Writing etc for Windows / Mac using Microsoft SQL Server, Oracle, MySql, PS, C#, VB.NET, ASP.NET, PHP, RoR, Visual Basic etc. He has also more than two years experience in Mobile-VAS (Platform Development). He was the co-founder & CEO of TadpoleTechnologies and work for various software development & technology consulting. His core focus on technologies to create dynamic data-driven systems that add value to your business and dynamic technology consulting that builds advanced solutions for the industries across the various vertices. He also work as a Solution Architect at Dhrupadi Techno Consortium Limited (DTCL) and responsible for analyzing business requirements and offered optimum solutions (multiple options), which would address all current requirements, provide flexibility for future growth and allow smooth transition between old system and new system. He graduated with honors from The University of Asia Pacific, in Computer Science and Engineering. He was awarded as “Most Valuable Professional” (MVP) at 2010 and 2011 by CodeProject.com and also selected as a Mentor of CodeProject.com Specialties: Software Development Management, System Integration, Data Warehouse Architecture, Virtualization. View all posts by Md. Marufuzzaman
This entry was posted on Sunday, December 9th, 2012 at 8:41 pm and posted in ASP.Net, RESTful, RESTful Service, WebAPI. You can follow any responses to this entry through the RSS 2.0 feed.

3 Responses to “Analysis on Claim-based-security for ASP.NET Web APIs using DotNetOpenAuth”

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: