How to manage security of these self hosted web apis, to ensure that the request coming for accessing data is authenticated?
- by Husrat Mehmood
Let's pretend I am going to work on an enterprise application. Say I have 11 modules in the application and I would have to develop Dashboards for every role in the organization for whom I are going to develop application.
We Decided to use Asp.Net Web Api and return json data from our apis.
We are going to include 11 Self hosted web apis projects in our application (one self hosted web api) for every module.
All 11 modules are connected to one Sql server 2012 Database.
Then once api is ready we would have to create Business Dashboards (Based upon roles in Organization).
So Now my web api client is Asp.Net Mvc application.Asp.Net mvc will consume those web apis.
Here is the part for whom all explanation is done.
How should I manage Security of all 11 self hosted web apis?
How should I only authenticated request is coming?
If I authenticate user by login and password and then redirect user to appropriate Dashboard designed for the role that user have and load data by consuming web apis. How should I ensure that the request coming for accessing data is authenticated?
