Authenticating ASP.NET Web API

Question

I\'ve created a new ASP.NET Web API and things are working well. I\'m at the point now where I want to secure the API.

I put the [Authorize] attribute above my base con

Answer 1

Basically you'll want to send the username and password encrypted over the net to your server application, then you can let your API generate a random session ID and keep it in a list (serverside) and send the ID back to the client. Now each time your client sends something to the server, include the ID he received in the packets and so the server can check it each time.

On client disconnection or fixed timeout you can remove the ID from the server list and ask the client to re-authenticate.