0

After dooing some research i understood there are many ways to implement authentication and authorization in WebAPI 2 ... I'm looking specifically at Token based authentication

  1. implementing a custom OAuth Provider and injecting it to OWING pipline
  2. implementing an "Authentication" controller which will generate the required token sotre it to the DB and use a custom authorization attribute (can understand the advantage or disadvantage of this way from #1) see here http://www.asp.net/web-api/overview/security/authentication-filters
  3. A full custom authentication framework implementing token authentication like described here http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API

What is the best way to go here ? I am very confused ...

Mortalus
  • 10,574
  • 11
  • 67
  • 117

1 Answers1

0

You can use the Microsoft Wilson library which will do the token authentication and validation for you. The latest release of the Wilson library can be found here https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet

It uses the industry protocol OpenId Connect and thus provides a secure way for token authentication in OWIN middleware. It would save you the effort of doing it yourself.

abhishek58g
  • 145
  • 4