I have a uwp application and an ASP Core server application. I want to perform Get and Post requests to the ASP server and I want to perform authorization on the server side.
According to the team, they don’t want you to use Basic authentication nor seems there be a way to perform digest Authentication. I don’t want my client app to show the user any ui: it should be able to perform a secure request by itself.
So: what is the most easy and secure protocol to use to perform api requests from UWP to an ASP Core server?
what is the most easy and secure protocol to use to perform api requests from UWP to an ASP Core server?
I’d like to say this is a open question and I will give some suggestions and hope it can help you. Basic authentication and digest authentication you mentioned are defined in rfc2617. Since you don’t want to use them, besides HTTP Basic/Digest you may have other choices like OAuth, HMAC and Azure API Management.
Since you don’t want the user to input username and password, to request an access token for authentication may meet your requirements. So I recommend you to use OAuth authentication which is popular. More details about OAuth2.0 please reference this. But it requires OAuth server, it may not be a easiest way.
Another way you can apply HMAC authentication to secure Web Api. HMAC authentication uses a secret key for each consumer. For more details about HMAC authentication please reference this thread. For more details about HMAC in uwp please reference MACs, hashes, and signatures.
Answered By – Sunteen Wu
Answer Checked By – Gilberto Lyons (BugsFixing Admin)