From the course: Building and Securing Restful APIs in .NET

Unlock the full course today

Join today to access over 24,800 courses taught by industry experts.

Using proxies for authentication

Using proxies for authentication - .NET Tutorial

From the course: Building and Securing Restful APIs in .NET

Start my 1-month free trial Buy for my team

Using proxies for authentication

- [Instructor] One way you can kind od remove your API from the details of the authentication is to use a proxy. And in this case, the proxy might be responsible for authenticating that client. They're going to look at that token that's provided. It's going to check it against what it knows should be a valid signature. It's going to maybe check against an authentication store for username and password or their certificates. Whatever those credentials are, it can validate those, and you can offload that to this proxy. This is helpful just in terms of compute power and also scaling out or logic. An example of this might be Azure API Management. It provides a front end or a proxy for your APIs and can do this type of offloading of authentication and even SSL termination, meaning you don't have to use security on the transport in the back. So proxies are one of the ways we can offload that work where your API then is focused solely on its business domain. And this goes back to our notion…

Contents