Solved

Web Api 2 and Formless Client Login?

Posted on 2014-04-18
2
489 Views
Last Modified: 2014-04-24
Q. How does login security work for a client accessing Web Api 2 service without using a login form every time ?

Q. Which authentication works best with SSL?

Q. Which authentication works best without SSL?

I'm working on a AngularJS client which should:
1. Remember the first login
2. Automatically login to the Web Api 2 service
3. Demand login if the password expires.
0
Comment
Question by:WorknHardr
2 Comments
 
LVL 52

Accepted Solution

by:
Scott Fell,  EE MVE earned 500 total points
Comment Utility
I personally prefer the "traditional" log in.  I am turned off when I do this and the app is asking for info/events I don't want to share.  

In any case, each social site will have their own way of doing things.  For google plus you can start here http://googleplusplatform.blogspot.com/2013/02/google-plus-sign-in.html.

Your authentication still needs to be done serverside and not client side.  Otherwise, it is easy to bypass and you are exposing data that you shouldn't be.   I wish I could help you more on the .NET side, I don't work with it.  There are libraries for this in each langauge that can make your life easier. http://msdn.microsoft.com/en-us/magazine/dn198238.aspx
0
 

Author Closing Comment

by:WorknHardr
Comment Utility
Thx
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Article by: DanRollins
This article describes a JavaScript program that creates a maze made of hexagonal cells.  In Part 2 (http://www.experts-exchange.com/Programming/Languages/Scripting/JavaScript/A_7850-Hex-Maze-Part-2.html), we'll extend the program by adding a depth-…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now