IIS & RESTful Services #FAIL

really? when will super duper IIS finally support non-Windows accounts for HTTP authentication?

http://blogs.msdn.com/b/astoriateam/archive/2010/07/21/odata-and-authentication-part-6-custom-basic-authentication.aspx

see here for a complete module including IIS management integration:

http://custombasicauth.codeplex.com

This entry was posted in WCF. Bookmark the permalink.

2 Responses to IIS & RESTful Services #FAIL

  1. Schalk says:

    Hi

    Is this still valid today (in 2013) for use with a private RESTfull API, or does the “Thinktecture.IdentityServer” and OAuth supersede this?

    There are so many options out there and the old (proven) ways gets muddled by then new fancy ways, which get bloged about by people who don’t always know what they are talking about, resulting in confusion…

    I’m struggling to understand how a token based security system can work without some sort of encryption, surely the token can be intercepted and reused.

    Currently I’m investigating the options for a simple authentication/authorization implementation for a RESTfull API that will be used by a mobile application as well as web clients? Also do you have any suggestions on how one can handle such authentication off-line in a mobile application?

    Thanks

    • Well – without knowing the details (or wanting to know them ;)) – typically you want to learn about OAuth2 – since this is the general direction for mobile apps/web apis.

      Encryption is to protect confidentiality. That’s typically the smallest of your concerns.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s