OData

Create and consume RESTful APIs in a simple and standard way

Authentication - OData

Connecting to an OAuth 2.0 protected OData Service

January 21, 2011 Jan 21, 2011 01/21/11
DB Blogs
This post creates a Windows Phone 7 client application for the OAuth 2.0 protected OData service we created in the last post. Prerequisites: To run this code you will need: An AppFabric Access Control Services (ACS) instance & OData Service configured as described in the previous blog post. Windows Phone 7 Developer Tools Data Services ...

OData and OAuth – protecting an OData Service using OAuth 2.0

January 20, 2011 Jan 20, 2011 01/20/11
DB Blogs
In this post you will learn how to create an OData service that is protected using OAuth 2.0, which is the OData team’s official recommendation in these scenarios: Delegation: In a delegation scenario a third party (generally an application) is granted access to a user’s resources without the user disclosing their credentials (...

OData and Authentication – Part 7 – Forms Authentication

July 21, 2010 Jul 21, 2010 07/21/10
DB Blogs
Our goal in this post is to re-use the Forms Authentication already in a website to secure a new Data Service. To bootstrap this we need a website that uses Forms Auth. Turns out the MVC Music Store Sample is perfect for our purposes because: It uses Forms Authentication. For example when you purchase an album. It has a Entity ...

OData and Authentication – Part 6 – Custom Basic Authentication

July 21, 2010 Jul 21, 2010 07/21/10
DB Blogs
You might remember, from Part 5, that Basic Authentication is built-in to IIS. So why do we need ‘Custom’ Basic Authentication? Well if you are happy using windows users and passwords you don’t. That’s because the built-in Basic Authentication, uses the Basic Authentication protocol, to authenticate against the windows ...

OData and Authentication – Part 5 – Custom HttpModules

July 19, 2010 Jul 19, 2010 07/19/10
DB Blogs
In the last post we saw how to add custom authentication inside your Data Service using the ProcessingRequest event. Unfortunately that approach means authentication is not integrated or shared with the rest of your website. Which means for all but the simplest scenarios a better approach is needed: HttpModules. HttpModules can do all sort of ...

OData and Authentication – Part 4 – Server Side Hooks

July 19, 2010 Jul 19, 2010 07/19/10
DB Blogs
If you secure an OData Service using Windows authentication – see Part 2 to learn how – everything works as expected out of the box. What however if you need a different authentication scheme? Well the answer as always depends upon your scenario. Broadly speaking what you need to do depends upon how your Data Service is hosted. ...

OData and Authentication – Part 2 – Windows Authentication

May 10, 2010 May 10, 2010 05/10/10
DB Blogs
Imagine you have an OData Service installed on your domain somewhere, probably using the .NET Data Services producer libraries, and you want to authenticate clients against your corporate active directory. How do you do this? On the Serverside First on the IIS box hosting your Data Service you need to turn on integrated security, and you ...

OData and Authentication – Part 1

May 10, 2010 May 10, 2010 05/10/10
DB Blogs
Here on the Data Services team we hear many people ask about authentication. Questions like: How do you ‘tunnel’ authentication over the OData protocol? What hooks should I use in the WCF Data Services client and server libraries? The answer to these questions, depends a lot upon scenario, in fact each authentication scenario ...