I do a short analysis on the “Claim-based-security for ASP.NET Web APIs using DotNetOpenAuth”
(http://zamd.net/2012/05/04/claim-based-security-for-asp-net-web-apis-using-dotnetopenauth/?goback=%2Egde_4477233_member_121979238).
Few things I tried to short out are listed below:
Why I like this approach:
- It’s easy to implements for any client authentication based API access, basically which (the client) will consume the API.
- Simple flow such as:
- The client request to the issuer for token, actually issuer is the OAuth.
- Using of OAuth AuthorizationServer class which is doing the token issuance request, producing and returning a token for valid & authenticated request.
- Easy to configure resource server to generate keys from the certificate.
- Single REST call base authentication.
- Overall process is short / effort less to integrate with RESTful api using WebAPI framework for client request authentication.
Why I am concern on the following scenario:
- Each and every client request will assume as a new client and apply fresh authentication process, that is:
- This example will simply verify a client has been registered to access the resource rather than the specific user.
- How can we make the request for refresh the token? (We need to implements database part)
- As per current sample with considering current flow than we have to use Microsoft Windows Identity Foundation.
Recent Comments