0

I have a Web Api (C# MVC4 with EF5) and want to provide data information for other applications. I'll use a type of anti relay attack sending a uniquekey as response for every request and expecting the same key when the app sends the next request.

Now, i'm confusing about FormsAuthentication. Can i use FormsAuthentication with web api? Its looks like strange to me and i'm very newbie on security. I dont know the right expressions to search too, and with my native language i didnt found a answer.

I want to learn a little more, so i build a server with iis and my friends develops an angularjs app to put there, while i develop a web api on another server and my friends need to get the data from my api.

Now, i dont know if i need to do a membershipcustomprovider or my friends need to hold the data on the client application.

Can someone give me a help?

Leandro De Mello Fagundes
  • 500
  • 1
  • 8
  • 34
  • `anti relay attack`. What's that and why do you think that using a key in the response/request would work? – jgauffin May 07 '13 at 13:12
  • This question doesn't have an answer but is asking something similar: http://stackoverflow.com/questions/15574486/angular-against-asp-net-webapi-implement-csrf-on-the-server – lucuma May 07 '13 at 13:12
  • @jgauffin here about the relay attack http://stackoverflow.com/questions/11775594/how-to-secure-an-asp-net-web-api I dont know if really worth, i'm a total newbie. I'm reading a lot of stuff trying to understand the best approach to my scenario. – Leandro De Mello Fagundes May 07 '13 at 13:46

1 Answers1

1

For WebApi you do not want to use forms authentication as it's based upon HTTP forms.

The most common approach is to use basic authentication over HTTPS as it's trivial to setup and use.

jgauffin
  • 99,844
  • 45
  • 235
  • 372