Click here to Skip to main content
15,867,330 members
Please Sign up or sign in to vote.
1.44/5 (2 votes)
See more:
Currently, I am creating a WebAPIrest services. These services will be called from different client and all clients are having their API Keys, like:

A: APIKeyA
B: APIKeyB
C: APIKeyC


with these API keys Resources are something like:

C#
www.example.com/GetAccount/?APIKey=APIKeyA



and so on. In our services we are checking APIKeys and validated the client requests. But, we need to rid-off these API Keys.

and our Resources would be:

C#
www.example.com/GetAccount/


Now, issue is after removing APIKeys how we make sure that request is authenticated, as any one can request with above Resource/url.

How we can make this service as secured service?
Posted
Updated 30-Oct-14 12:05pm
v4
Comments
Sergey Alexandrovich Kryukov 30-Oct-14 17:52pm    
Not clear. Before getting rid of something, it would be good to explain what is that.
—SA
Gaurav Aroraa 30-Oct-14 18:01pm    
@SAKryukov - Updated the question
Kornfeld Eliyahu Peter 30-Oct-14 18:40pm    
We used two solutions for that
1. A special API call that behaves like a login and gives the caller (if positively identified) a ticket, that valid for a certain period of time...
2. Request SSL certificate from a client - in this case we were hand out certificate files for our clients...
Gaurav Aroraa 31-Oct-14 2:36am    
Can you please elaborate #1? For #2 - we are not going to use any SSL certificate
Kornfeld Eliyahu Peter 31-Oct-14 3:05am    
After looking your - updated - code I understood that my #1 isn't really different from your solution, so you will not like it...
But I have an other idea - use normal session info from within your WebAPI application. If you do so all you need is add an identification API call that will validate the client as long as the session lives...

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900