3

I'm developing a new project with Asp.Net MVC 6. Each controller will act like a isolated SPA where the Index method will render a view and all operations will be done by Web Api calls. This Web Api will also be used for future mobile apps and also for third party systems.

Is it safe from a integration point of view to use Owin basic authentication over ssl? In older projects I used tokens for the web api project, but in this new one the MVC and Web Api will be mixed and I require an alternative authentication method.

Improve this question

1 Answer 1

Reset to default
1

Basic authentication's main problem is that the username and password travel in nearly plaintext (it's actually a base64 encoded string, which is easy to recover plaintext from). Meaning that anyone between the client and server can easily retrieve the username and password.

However, if you only allow basic authentication over SSL, then your traffic is encrypted and you can reasonably sure that it's "safe". Assuming it's a good SSL implementation.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.