Click here to Skip to main content
15,889,655 members
Search within:


What is the best approach for generating the keys whenever use authenticate request
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
WebAPI
Generally in MVC we are using API key generation in webapi but we have problem with API
key generation that is anyone who makes a request of a service transmits their key, in theory, this key can be picked up just as easy as any network transmission, and if any point in the entire network is insecure, the entire network is exposed. This makes API keys a hard thing to recommend – often misused and fundamentally insecure,

that's why i need best approach for generate the keys whenever use Authinticate request


Please help me,

Thank u.

What I have tried:

anyone who makes a request of a service transmits their key, in theory, this key can be picked up just as easy as any network transmission, and if any point in the entire network is insecure, the entire network is exposed. This makes API keys a hard thing to recommend – often misused and fundamentally insecure,
Posted
Updated 6-Nov-18 2:13am
Add a Solution
Comments
Member 11816204 6-Nov-18 2:05am    
Please help me

1 solution

Use and enforce HTTPS. This will automatically encrypt the traffic between the client and your server.

The only way anyone would be able to intercept the key would be if they had compromised the client, compromised your server, or tricked a rouge Certificate Authority into issuing a false certificate for your site. In any of those scenarios, you'd have bigger problems to worry about.

Assuming your DNS is set up correctly, you don't even need to pay - Let's Encrypt[^] will give you a certificate for free. On Windows, you can use Windows ACME Simple[^] to obtain and renew the certificate automatically.
 
Share this answer
 
Posted
Add a Solution

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month
Related Questions
Best Approach for Incoming Requests
Which is the best approach to handle multiple web requests by using C#?
Authenticate the KEY file in certificate using C#
CORS issue when making OIDC login requests from react frontend to express backend (BFF approach)
Issue with implementing oauth authentication in ASP.NET core
How to show a game object whenever the client or the host presses on a key on a certain object?
What is best approach of generate XML from different parent and child class object in ASP.NET web api and C#
Authentication error: Key cannot be null. Parameter name: key
how to use public key n private key for login authentication
Advice on the best approach to C++ SIGSEGV segmentation error on online server but not in local machine ?

Advertise
Privacy
Cookies
Terms of Use
Last Updated 6 Nov 2018
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web01 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900