I would like to know how I can apply security to my restful service that returns important customer data.
I have no idea what to do and I am new to this.
I would like to know how I can apply security to my restful service that returns important customer data.
I have no idea what to do and I am new to this.
There are several ways to do it. The most common for microservices are:
Bearer tokens
Basically it is a header Authorization that travels with the token. On the server that Token is read and with it you can obtain which is the authenticated user.
To implement it in .Net you can use (the ones I have used):
JWT: They explain the operation very well on their page. And there are the recommended bookstores. link
OpenID Connect: They allow you to implement the entire creation and update flow of tokens a bit easier (refresh tokens) link
Oauth2
It is an authentication standard that allows authentication and authorization through a series of flows. It is more complex than the previous ones and they are those that use Facebook, Twitter, etc.
Basic Authentication
It is the simplest of all but I do not consider it to be the safest. In this you must send in a header the user information and the password in each request. Here you can see more info
Cookies with Form Authentication
I do not recommend it for an Api mainly if you want to connect to it by other means such as a mobile device or put it on a service bus.
IMPORTANT: Use HTTPS, remember that in most of these options the data of the "session" travels with the request since the idea is that they are stateless. So you will not want to expose them to anyone.