I am currently developing and developing a WCF 4 RESTful service that will be used by mobile devices. I specifically chose REST because it is supposedly lightweight, and the JSON output makes parsing easy for mobile clients.
The service takes care of the mobile devices that make up the entire application. But this requires users to be logged in before using the service. Basic HTTP authentication is not an option: it is not secure, and a man-in-the-middle attack can easily intercept user accounts. SSL is an option here, but I have no idea how easy SSL works in the WCF RESTful service and how easy it is to implement on mobile devices.
I looked through Digest Authentication, but I can not find good information on how to implement it. And that also causes: how can I let users add a device to their account with this? Has the username / password combination in the Digest header along with other information?
Can anyone shed some light on this? Because I'm confused. The network has a lot of information on how to implement WCF (RESTful) services, but the moment you need to protect it, the amount of information drops significantly ... Articles are welcome.
source
share