Hawk Authentication for ASP.NET Web API using Thinktecture.IdentityModel.45 – Response Payload Verification

Badri's Blog

This is continuation of my earlier post on implementing Hawk authentication for ASP.NET Web API using Thinktecture.IdentityModel.45.

One of the primary design goals of the Hawk scheme is to “simplify and improve HTTP authentication for services that are unwilling or unable to deploy TLS for all resources”. It is highly recommended to use TLS (HTTPS) even with Hawk but the design goal of Hawk is to ensure the working of the scheme in the absence of HTTPS as well. I covered the basics of Hawk and how the request payload can be protected by Hawk. In the absence of TLS, a man-in-the-middle (MITM) can tamper with the web API response even if the request is protected. One of the key aspects related to preventing the responses getting tampered is the response payload verification and it works like this.

View original post 552 more words

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s