Analysis on Claim-based-security for ASP.NET Web APIs using DotNetOpenAuth

I do a short analysis on the “Claim-based-security for ASP.NET Web APIs using DotNetOpenAuth”
Few things I tried to short out are listed below:

Why I like this approach:

  1. It’s easy to implements for any client authentication based API access, basically which (the client) will consume the API.
  2. Simple flow such as:
    1. The client request to the issuer for token, actually issuer is the OAuth.
    2. Using of OAuth AuthorizationServer class which is doing the token issuance request, producing and returning a token for valid & authenticated request.
    3. Easy to configure resource server to generate keys from the certificate.
    4. Single REST call base authentication.
  3. Overall process is short / effort less to integrate with RESTful api using WebAPI framework for client request authentication.

Why I am concern on the following scenario:

  1. Each and every client request will assume as a new client and apply fresh authentication process, that is:
    1. This example will simply verify a client has been registered to access the resource rather than the specific user.
    2. How can we make the request for refresh the token? (We need to implements database part)
  2. As per current sample with considering current flow than we have to use Microsoft Windows Identity Foundation.

3 thoughts on “Analysis on Claim-based-security for ASP.NET Web APIs using DotNetOpenAuth

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s