Cross platform authentication using ASP.NET Web API

Question

How do I even begin coding authentication using ASP.NET Web API so it is cross-platform to support desktop, mobile and web? I\'d read of some methods of doing RESTful authen

Answer 1

I use a very simple approach:

1. define an access profile with its unique accessId and accessKey (e.g. MD5 hashed GUID value)
2. store such access profile in database
3. every request (GET/POST/etc.) must supply accessId, queryHash (MD5 hash value represents the query) and signature (MD5 hash value of queryHash + accessKey). Of course the client needs keep the accessKey in a secure place!!!
4. server gets the request will check the accessId and the signature using the same calculation algorithm to reject or grant the access (authenticate)
5. further authorization can be done on request type basis utilizing the access profile

the service with this approach using the new ASP.NET MVC web API can serve whatever type of client: browser/javascript and native(desktop or mobile) etc.