• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 414
  • Last Modified:

Web Api 2 Basic Authentication & HTTPS?

Q. Is using Basic Authentication and SSL cert really enough security?

Every security methodology I read highly recommend using SSL certs (HTTPS).

Q. This makes me curious why not keep authentication basic?

Q. Why mess with tokens, keys, etc...?
0
WorknHardr
Asked:
WorknHardr
1 Solution
 
David Johnson, CD, MVPOwnerCommented:
With basic authentication you know me (the server and I've verified with my certificate who I am) but I don't know who you are except that a username and password matched.  Other methods allow me (the server) to verify that you really are you and not a shoulder surfer.
0
 
WorknHardrAuthor Commented:
Agreed. Upon further reading I've learned that many web services are app-specific and basic login is adequate. Whereas a social website would use OpenID for a more user friendly experience.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now