Authentication in Web API

Question

Dear All, client should provide the following fields inside the body of the request Username Password OrgID Password Generate Mechanism The password validation consists of two steps: 1. Validate the password text if belongs to the provided username. 2. Validate the request time; if it is older than 60 minutes, then it will be rejected. To pass the mentioned validations, the client needs to provide the password field as an object with the following structure: { Password: String (User password as plain text), CurrentDate: DateTime (the request (current) date and time with format “MM/dd/yyyy hh:mm:ss”) } The following process should be applied on the generated password object to be ready for using inside the request: 1. Generate JSON String for password object. 2. Encrypt JSON String using RSA cryptosystem (1024); encryption should be done using the keys mentioned below. 3. Encode the generated String using Base64. Can you please suggest me a solution for this. Thanks

Divyang Desai · Answer

For APIs, it is better to use Token Base Authentication. A client will pass user information to the server, the server will validate username and password, if user is valid, it will issue one token with encrypted information of user and expiry time. Now in order to access any request, a client has to pass issued token. While getting a request from anywhere server will decrypt it and check if it is still not expired. Find more infomation here: https://www.c-sharpcorner.com/UploadFile/736ca4/token-based-authentication-in-web-api-2/