Web api authentication from ajax cross domain call

    We are exposing some api via web api to third parties. They get data from us using JQuery Call and display in their pages.  The response goes in JSONP. The calls involve cross domain. Web api is hosted in IIS. SSL is enabled

We don't have login page for them. Given this situation how can i authenticate calls for my web api. I need to allow only my known thrid parties and not every body.

Please suggest me a ways of implementing this.
LVL 25
Who is Participating?
COBOLdinosaurConnect With a Mentor Commented:
Well you could try using a cookie which will probably have limited success.

Without a login any real authentication is a joke.  Anything you try will either work negatively by sometimes denying legitimate users access, or will not actually do anything useful.  You absolutely have to authenticate through a login, or forget authentication completely.

You can try looking at other things like IP address, but they can be easily spoofed.

Why would you not want to require a secure login to content that you want to be available to only specific users?  Once they have been logged in you can use persistent cookies and sessions for transparent authentication.

apeterAuthor Commented:
Thanks for the reply. Is any Token based or OAuth is going to be any useful in this scenario? Please clarify.
käµfm³d 👽Connect With a Mentor Commented:
I don't have experience with OAuth or token-based yet, but we have used basic authentication in some of our Web API services. We created new ActionFilter attribute to tag onto our controllers (see this link), but I also see that there's a way to accomplish this by using a custom module, as demonstrated in the following article:
apeterAuthor Commented:
Thanks for the details.  From the article links, the requests are raised from server side and not from client side call(Ajax).

What we are planning to do is expose features via web api. Our clients can call them directly from their html page and process the results which are in JSONP format.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.