authentication - How does SSL affect .NET Web Api security? -
i've read authentication , authorization inside of asp.net web api , i've understood must use ssl in order not letting people hold of authentication tokens. , if i'm not misstaken theese authenticantokens sent inside of header? , ssl hides theese headers public not to catch if use tools internet listening? if thats case guess create "custom" authentication not allowing api run unless specific header sent api call? people shouldn't able catch if use ssl?
i realized i've used alot of questionmarks illustrate unclear thoughts are, or input highly appreciated, thanks!
authentication, authorization , securing connection on ssl 3 different parts of web application.
authentication
basically authentication handles who
are. example login provide user , password. application knows now, are.
authorization
authorization manages access rights user. says, on what
have access. example if you've provided correct credentials, authenticated
, maybe not authorized
everything.
ssl
ssl securing connection said. can't sniff (with wireshark or fiddler) network traffic if it's on https
. setting on iis on web api application running. don't need create "custom" authentication.
i hope helps.
Comments
Post a Comment