Implement security in REST?

Question

Implement security in REST?

I am interested in how to implement security measures, it can be authentication or authorization. How they can be implemented .. if you have any thoughts or links that you can share with WCF REST 4.0 Security, and if you implemented it, so much the better. because ive tried to figure out in this thread all i find is information on how to implement it using versions 3.5 and later, which seem to be different from the samples i see for 4.0 that i tried but did not make sense in its implementation.

thanks

+2

security authentication rest authorization wcf

Ravi 15 sept. '10 at 8:24

source share

3 answers

rook · Answer 1 · 2010-09-15T08:30:31+0000

Since REST has no status, you cannot use the cookie or session identifier. Commonly used are HTTP Basic Authentication and HTTPS for all requests.

Pablo cibraro · Answer 2 · 2010-09-15T17:21:36+0000

You might want to explore this solution for WCF REST, this is an interceptor for implementing basic authentication with a user user database.

http://weblogs.asp.net/cibrax/archive/2009/03/20/custom-basic-authentication-for-restful-services.aspx

This interceptor authenticates the user with a password and initializes the current principal, so you can use it from the service itself to perform authorization or implement IAuthorizationManager if you want this logic to be reused for something for several services.

There are other authentication methods on my blog, such as certificate authentication or OAuth, which are less common.

Thanks Pablo.

David brossard · Answer 3 · 2013-09-24T22:23:45+0000

For authorization you can look at XACML.

Implement security in REST?

More articles: