I want to implement a REST-api in C#. I found that WCF Webapi can do that. My first question is how I can give only authenticated users access to my api? And the second question is if the client to be authenticated is a Android-device, how do I do the HTTP request to authenticate?
Thanks!
em... We did similar things, we use basic authentication+HTTPS, that means the user name and password will be passed along each request, in the http header.
Thus in your web service, you can authenticate then, if it is from not valid user, then kick them out.
Or alternatively you can generate a GUID for each of your client, ask then to pass the GUID back to the search along with each http request, authenticate the GUID.
on Android device , when you send out the http request , add an http header
Authorization:Basic ****
quite easy , here is a codesnipet on android
String baseUrl = this.getValue(ServiceBaseUrlKey);</i>
DefaultHttpClient client = new ConnectionManager().getHttpClient();//create a httpclient
HttpGet request = new HttpGet();
request.setURI(new URI(baseUrl + "Path"));
//TODO need to wrap up how to apply the basic authentication.
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials("UserName", "****");
request.addHeader(new BasicScheme().authenticate(credentials, request));
request.addHeader("Content-Type","Application/JSON");
HttpResponse response = client.execute(request);
