Client Authentication for WebAPI 2
问题 My company has written an API to expose our application data to our clients. We've completed the endpoints and now want to secure the API. The API will only be used by pre-approved clients so no anonymous access is needed. I've been told that we can use an x.509 certificate that we generate to identify and authenticate each client. By identifying, I mean embedding a client code in the certificate that we issue to each client (is this even possible?). As you can probably tell I have little