Last-mile Security

Download this episode

Download Video

Description

Discover how to implement last-mile security to protect you backend services by using HTTP basic authentication or shared secret authentication.

Tags:

API, Azure

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image
      nandodixtor​sion

      Hi, nice video, one question. If we use both of the methods from our App, the key has to be stored in the assembly, right? And since is in the assembly you can search it with a .Net disasembler. How can we protect against this?

    • User profile image
      MiaoJiang

      @nandodixtorsion:Hi there, appreciate the feedback. The scope of the video is security between API Management proxy and the backend API services. I think your question is about securing the subscription-key used between your mobile app and API Management proxy. In that case, one thing you can do is having your mobile app call your app backend first and having the app backend call the APIs.

      Let me know if you have further questions. You can find me @miaojiang

    • User profile image
      Bhalchandra Kadam

      Does Azure API Management Platform provides any way to implement the OAuth2 authorization service for APIs. Currently my APIs do not have it and we are looking to use the Azure Service for API Management but did not find anything related with OAuth2

    • User profile image
      MiaoJiang

      @Bhalchandra Kadam: This is cooking in our developer's kitchen right now.

    • User profile image
      IlijaInjac

      I have published a basic-auth Web API Sample here: http://code.msdn.microsoft.com/Azure-API-Managment-Web-648a8702

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.