Authentication with Asp.net MVC 6 and Web Api

Question

Authentication with Asp.net MVC 6 and Web Api

I am developing a new project with Asp.Net MVC 6. Each controller will act as an isolated SPA where the Index method will render the view and all operations will be done with Web Api calls. This Web Api will also be used for future mobile applications as well as third party systems.

Is it safe from an integration point of view to use Owin Basic Authentication over ssl? In older projects I used tokens for the web api project, but in this new MVC and Web Api will be mixed and I need an alternative authentication method.

+3

asp.net asp.net-mvc asp.net-core-mvc asp.net-web-api2

Max Bündchen Jul 27. 15 at 18:24

source to share

1 answer

mason · Answer 1 · 2015-07-27T20:08:50+0000

Basic Authentication The main problem is that the username and password move around in almost plain text (actually it's a base64 encoded string that easily recovers plain text from). This means that any client and server can easily retrieve the username and password.

However, if you enable basic authentication over SSL, your traffic is encrypted and you can reasonably make sure it is "secure". Assuming it's a good SSL implementation.

Authentication with Asp.net MVC 6 and Web Api

More articles: