I am currently rewriting the very outdated .NET 2.0 SOAP web services for my company. So I rewrite them using MVC3 RESTful. This method will simplify the use of our services for our client base (more than 500 clients using our current SOAP services), which are located on several platforms and languages.
I'm looking for a BEST authorization method for RESTful services than the one used by the previous developer for our SOAP.NET 2.0 web services (he basically just passed the client to the GUID as a parameter and matched it with the code at the back).
I looked into oAuth, and I want to use it, HOWEVER, I was told by my superiors that this method is too complicated for the “level” of clients who connect to our services and want me to find another easier way to connect them, but still have authorization. Most of our clients have BASIC, who are not aware of programming (either we helped them get the connection setup, or we hired for this child). This is another reason that superiors need a different method, because we cannot have all 500+ (plus 5-10 new clients per day) asking for help in implementing oAuth.
So, is there any other way to protect MVC3 services other than passing a predefined GUID?
I studied using Windows Authentication on a services site, but is it logical for more than 500 clients?
Is there an easy and secure way to authorize multiple users on multiple platforms to use MVC3 RESTful services, which the end client can implement very easily?
Thank.
source
share