Securing Asp Net Web Api Using Token Based Authentication
In this article, we have learned how to secure web api using token based authentication in step by step way and in detail manner such that junior developer can also understand it very easily, now you can secure your most client based application using this process, and also server based application. thank you, i hope you liked my article. From this article, we have learned the complete process of token based authentication in asp.net web api 2, where we have seen how to generate the token by sending the user credential and how to use the token with http header for further communication with the server through an http request to access a secured api service. Advantages of using token based authentication in asp.net web api: scalability of servers: the token which is sent to the server by the client is self contained means it holds enough data to identify the user needed for authentication. as a result, you can add easily more servers to your web farm, there is no dependent on shared session stores. When handling authentication for a server to server api, you really only have two options: http basic auth or oauth 2.0 client credentials. because oauth 2.0 is the most popular way to secure api services like the one we’ll be building today (and the only one that uses token authentication), we’ll be using that. The asp.net web api is an extensible framework for building http based services that can be accessed in different applications on different platforms such as web, windows, mobile, etc. why web api? to consume third party data using mobile devices, tablets, browsers web api is very useful.
For example, in an asp.net core web api that exposes restful endpoints that might be accessed by single page applications (spas), by native clients, or even by other web apis, you typically want to use bearer token authentication instead. This post shows how an asp.net core api can authorize api calls which use different access tokens from different identity providers or different access tokens from the same identity provider but created for different clients and containing different claims. Token based authentication is a process where the client application first sends a request to authentication server with a valid credentials. the authentication server sends an access token to the client as a response. this token contains enough data to identify a particular user and it has an expiry time.
