WP site, ASP.net Web API ApiController -
we building our public facing website on wordpress , on linux server. user logging wordpress site oauth2. our data , api going built on asp.net mvc4 server. have couple of problems need resolve , trying figure out secure way authenticate on iis server. 1. need authenticate wordpress. 2. need associate customer numbers login 1 above. 3. somehow need able use associated customer number , of authentication allow iis server service requested api.
some thoughts store kind of uuid each customer number , store on wp , iis server , when request comes in iis confirm passed uuid matches issued wp server in step 2 above. concern though uuid compromised/forged @ later time , uuid used make calls api on iis server.
what best way implement security on iis server allows customer login on wordpress server?
i'm using custom http authentication module in iis, when need consume web api wp, follow approach: build petition custom authentication rules (example: can use custom http header, o else pass credentials), in web api side, check credentials (using http authentication module, of course), if fine, http authentication module allow requests, if not, deny request.
Comments
Post a Comment