Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 416
  • Last Modified:

Web Api 2 Basic Authentication & HTTPS?

Q. Is using Basic Authentication and SSL cert really enough security?

Every security methodology I read highly recommend using SSL certs (HTTPS).

Q. This makes me curious why not keep authentication basic?

Q. Why mess with tokens, keys, etc...?
0
WorknHardr
Asked:
WorknHardr
1 Solution
 
David Johnson, CD, MVPOwnerCommented:
With basic authentication you know me (the server and I've verified with my certificate who I am) but I don't know who you are except that a username and password matched.  Other methods allow me (the server) to verify that you really are you and not a shoulder surfer.
0
 
WorknHardrAuthor Commented:
Agreed. Upon further reading I've learned that many web services are app-specific and basic login is adequate. Whereas a social website would use OpenID for a more user friendly experience.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now