This article talk s about securing ASP.net Restful web services, this is the first article of the series “Securing asp.net web applications”. This article talks about implementing Bearer Token-based Authentication and Authorization.

Authentication

Is the process of identifying the user and validating their credentials. If we map the Authentication to the example in this article, the process of validating user credentials and generating an access token is called Authorization.

Authorization

Is the process of determining if the user can access the requested resource. If we map the Authentication to the example in this article, the process of reading given Authorization token and determining if the user has access to requested Web API controller/ action is called Authorization.

Whats wrong with cookies? Why do we need token based authorization?

There is nothing wrong with cookies. Cookies are only usable in browser-based web applications. The RESTful web services (Web API) can be used on every platform that has an internet connection. Cookies might not be the right fit for those platforms (e.g. mobile applications). Embedding information in an interchangeable data format is far better than using Cookies to store user information.

Step 1. Create an Asp.Net Web API application

Read More