authentication - How does SSL affect .NET Web Api security? -


i've read authentication , authorization inside of asp.net web api , i've understood must use ssl in order not letting people hold of authentication tokens. , if i'm not misstaken theese authenticantokens sent inside of header? , ssl hides theese headers public not to catch if use tools internet listening? if thats case guess create "custom" authentication not allowing api run unless specific header sent api call? people shouldn't able catch if use ssl?

i realized i've used alot of questionmarks illustrate unclear thoughts are, or input highly appreciated, thanks!

authentication, authorization , securing connection on ssl 3 different parts of web application.

authentication

basically authentication handles who are. example login provide user , password. application knows now, are.

authorization

authorization manages access rights user. says, on what have access. example if you've provided correct credentials, authenticated, maybe not authorized everything.

ssl

ssl securing connection said. can't sniff (with wireshark or fiddler) network traffic if it's on https. setting on iis on web api application running. don't need create "custom" authentication.

i hope helps.


Comments

Popular posts from this blog

Payment information shows nothing in one page checkout page magento -

tcpdump - How to check if server received packet (acknowledged) -