Basic Authentication in ASP.NET Web API

Basic authentication is defined in RFC 2617, HTTP Authentication: Basic and Digest Access Authentication.

Disadvantages

  • User credentials are sent in the request.
  • Credentials are sent as plaintext.
  • Credentials are sent with every request.
  • No way to log out, except by ending the browser session.
  • Vulnerable to cross-site request forgery (CSRF); requires anti-CSRF measures.

Advantages

  • Internet standard.
  • Supported by all major browsers.
  • Relatively simple protocol.

 

posted @ 2019-01-31 11:18  ChuckLu  阅读(184)  评论(0编辑  收藏  举报