Buy Me Coffee

Securing ASP.NET Web API using Custom Token Based Authentication

In modern era of development we use web API for various purpose for sharing data, or for binding grid, drop-down list, and other controls, but if we do not secure this API then other people who are going access your web application or service can misuse it in some or other way and also we are into era of client-side framework (JavaScript, Angular js, react js, express js, common js..Etc) if you are using one of these client-side frameworks then you are using web service or web API it is true for getting or posting data to server and been on client side is less secure you need to add extra efforts to secure it.

In this article we are going to learn that extra part, the process of securing Web API begins with registering process in this part we are first going to register a user, after user registration next user who is registered is going to login into application, after login into application User need to register a company which is going to use this service, after company registration the next step we are going to get ClientID and ClientSecert keys.

After getting keys next we are going use these keys for authentication the first request to access API must come with valid ClientID and ClientSecert next it will validate keys and then it is going to provide Token in response, this token you need to use in every request to authenticate that you are valid user and this Token expires in 30 min but if you want to provide custom time according to your need you can do it.

Also, this token is secured using AES 256 encryption algorithm.

Read Entire Article on below link   :-