Last-mile Security

Sign in to queue

Description

Discover how to implement last-mile security to protect you backend services by using HTTP basic authentication or shared secret authentication.

Tags:

API, Azure

Embed

Download

Download this episode

The Discussion

  • User profile image
    nandodixtor​sion

    Hi, nice video, one question. If we use both of the methods from our App, the key has to be stored in the assembly, right? And since is in the assembly you can search it with a .Net disasembler. How can we protect against this?

  • User profile image
    MiaoJiang

    @nandodixtorsion:Hi there, appreciate the feedback. The scope of the video is security between API Management proxy and the backend API services. I think your question is about securing the subscription-key used between your mobile app and API Management proxy. In that case, one thing you can do is having your mobile app call your app backend first and having the app backend call the APIs.

    Let me know if you have further questions. You can find me @miaojiang

  • User profile image
    Bhalchandra Kadam

    Does Azure API Management Platform provides any way to implement the OAuth2 authorization service for APIs. Currently my APIs do not have it and we are looking to use the Azure Service for API Management but did not find anything related with OAuth2

  • User profile image
    MiaoJiang

    @Bhalchandra Kadam: This is cooking in our developer's kitchen right now.

  • User profile image
    IlijaInjac

    I have published a basic-auth Web API Sample here: https://code.msdn.microsoft.com/Azure-API-Managment-Web-648a8702

Add Your 2 Cents