Basic Authentication in ASP.NET Web API
Advantages
Internet standard.
Supported by all major browsers.
Relatively simple protocol.
Disadvantages
User credentials are sent in the request.
Credentials are sent as plaintext.
Credentials are sent with every request.
No way to log out, except by ending the browser session.
Vulnerable to cross-site request forgery (CSRF); requires
anti-CSRF measures.
HMAC: Hash base
Message Authentication Code
Advantages
Data integrity: The data sent by the client is intact and
not tampered.
Request origination: The request comes from a trusted
client.
Not a replay request: The request is not captured by an
intruder and being replayed.
aws: Authenticating Requests Using the REST API
http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-dotnet
aws api gateway
Azure: Secure ASP.NET Web API 2 using Azure Active Directory
var clientCredential = new ClientCredential(clientId,
secret);
var authContext = new
AuthenticationContext("https://login.microsoftonline.com/" +
Maccount, false);
AuthenticationResult
authenticationResult = authContext.AcquireToken(MclientId, clientCredential);