Logging in a user to a Web API application

StackOverflow https://stackoverflow.com/questions/23330241

Question

I have coded a C# Web API application and some of the calls require the user to be logged in.

Here is my current code to log the user in:

[InitializeSimpleMembership]
public bool TestLogon(string userName, string password, bool rememberMe)
{
    return WebSecurity.Login(userName, password, persistCookie: rememberMe);
}

My question is this: How secure is the above call? Is the above code secure enough for a commercial application, and if not, how can the code be improved? Do I need to implement any sort of AntiForgeryToken?

Thanks in advance

Was it helpful?

Solution

please see my answers below.

1. How secure is the above call

Because, by default, the credentials are not encrypted, so if there isn't any encryption in place like SSL to protect communication, the data will not be secure. More details from here

2. Is the above code secure enough for a commercial application, and if not, how can the code be improved?

Like the other has suggested, you'de better to use Token-Based security, and enable SSL communication. This link is really useful

3. Do I need to implement any sort of AntiForgeryToken?

Yes, you will have to prevent cross site request forgery attacks.

Hope this help.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top