The REST Web Api endpoint the customer has developed & deployed to Azure website has anonymous access. The REST end point must be secured. I was investigating the best and easier way to secure the REST endpoint in ASP.NET.
There are multiple ways to secure the REST end point.
1. Open ID (RSA key pair)
2. OAuth
The OAuth will require bit of the work which can be done using Azure AD as the claims provider. However Open ID is very well received in the community and easy to implement by using the RSA key pair. The details of RSA key pairs is discussed in the following blog post.
Making your ASP.NET Web API’s secure -> http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/
I coded a sample REST Web API to test it out. It works.
In Summary,
• Using the RSACryptoServiceProvider class create the public / private key.
• Encrypt the token using RSAClass.Enrypt
• Using Fiddler pass the token “Authorization-Token” in the header.
Please see the following other links for the reference on this topic:
https://stormpath.com/blog/secure-your-rest-api-right-way/
http://msdn.microsoft.com/en-us/library/hh446531.aspx
http://blog.cloudfoundry.org/2012/10/09/securing-restful-web-services-with-oauth2/
http://jamiekurtz.com/2013/01/14/asp-net-web-api-security-basics/
http://www.allenconway.net/2012/05/creating-wcf-restful-service-and-secure.html
http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/
http://leastprivilege.com/2011/11/15/token-based-authentication-for-wcf-httprest-services-authentication/
Pankaj Surti's Blog 