Basic Authentication in ASP.NET Web API
Supported by all major browsers.
Relatively simple protocol.
User credentials are sent in the request.
Credentials are sent as plaintext.
Credentials are sent with every request.
No way to log out, except by ending the browser session.
Vulnerable to cross-site request forgery (CSRF); requires anti-CSRF measures.
HMAC: Hash base Message Authentication Code
Data integrity: The data sent by the client is intact and not tampered.
Request origination: The request comes from a trusted client.
Not a replay request: The request is not captured by an intruder and being replayed.
aws: Authenticating Requests Using the REST API
aws api gateway
Azure: Secure ASP.NET Web API 2 using Azure Active Directory
var clientCredential = new ClientCredential(clientId, secret);
var authContext = new AuthenticationContext("https://login.microsoftonline.com/" + Maccount, false);
AuthenticationResult authenticationResult = authContext.AcquireToken(MclientId, clientCredential);