none
OAuth2 vs traditional per request authentication RRS feed

  • Question

  • Hi,

    I am about to create a new MVC ASP.net based Web API project that will allow vendors to access my API to request some data. Every request is different and at a different time interval. This API will carry some ePHI too, so it will have data at rest and in motion secured.

    I am little confused on what authentication should I use for this project between OAuth2 vs traditional authentication against every request. I see traditional authentication of having auth details in every post request is going to be simple and helpful as I do not have any requirement of using session or token ID from one request to the next requests. I am in the impression of OAuth2 will always need first request to generate the TokenID and 2nd request for the actual data processing, which is just unnecessary for me. The token is not really required to me as all my API requests are single calls on demands only.

    Can I still go ahead with traditional authentication and be enough secured and no need to worry about OAuth2? What will I gain additionally if I go with OAuth2? Will the OAuth2 only work with token only OR it can also have per request authentication?

    Thanks in advance.

    Traditional authentication (POST request)

    URL - https://testqa.qa.com/userlist
    {"auth":{"appId":"abc","appPassword":"xsad23%^dyasdf","accountId":"testaccount"},"someAttribute":"SomeValue"}

       


    GB




    • Edited by gdhar Friday, October 5, 2018 12:51 PM
    • Moved by CoolDadTx Friday, October 5, 2018 2:09 PM ASP.NET related
    Friday, October 5, 2018 12:47 PM

All replies