WIF and REST is this a good fit?

Question

WIF and REST is this a good fit?

We have many web applications that are protected by WIF and user database authentication, we are currently in the process of creating a public RESTful API. My question is, can we use an existing WIF implementation to authenticate these new RESTFul requests?

Thanks!

+4

security rest wif

Dan man Feb 14 '11 at 23:35

source share

2 answers

Vincent-philippe lauzon · Answer 1 · 2011-02-14T23:42:43+0000

You can take a look at these two blog entries regarding the use of WIF to protect the OData endpoint (which is REST on steroids):

http://blogs.msdn.com/b/astoriateam/archive/2011/01/20/oauth-2-0-and-odata-protecting-an-odata-service-using-oauth-2-0.aspx

http://blogs.msdn.com/b/astoriateam/archive/2011/01/21/connecting-to-an-oauth-2-0-protected-odata-service.aspx

I will be in the process of integrating WIF with REST and OData endpoints soon, if you have any feedback, I am interested.

Vincent Philippe

Eugenio pace · Answer 2 · 2011-02-15T23:42:50+0000

REST services usually use different formats of tokens from those supported by WIF out of the box (for example, SWT vs SAML). You can extend WIF so that it understands the corresponding token format. There are many examples that show how to do this.

See an example here: http://zamd.net/2011/02/08/using-simple-web-token-swt-with-wif/

WIF and REST is this a good fit?

More articles: