One easy and secure way to communicate between your web application and your Restful backend services in a micro-service driven architecture is to use a dynamic API-KEY via Time-Based One Time algorithm instead of a constant API Key or JSON Token. each time that the web application sends a request to any of the Restful backend servers, it will include a new API Key which has been generated by the Easy TOTP library. On the service side, by using the same Easy TOTP library the same API-Key can be generated to be compared with the generated API_Key by the web application in order to authenticate the request.
Easy-TOTP 's Benefits
- Easy to implement and use
- Lightweight
- Secure
- Flexible
The API-Keys generated by Easy TOTP are valid in short time span which will be given to the library on the initialization as "Time Step".
Prerequisite
Resources
Usage
string Key = "12345678901234567890123456789012"; //32 chars
var totp = new Totp()
.Secret(Key)
.Length(8)
.ValidFor(TimeSpan.FromSeconds(5));
var output = totp.Compute();
//output = 12345678
Usage With Encryption
string Key = "12345678901234567890123456789012"; //32 chars
string _aesKey = "12345678901234567890123456789012"; //32 chars
string _aesIv = "1234567890123456"; //16 chars
var totp = new Totp()
.Secret(Key)
.Length(8)
.ValidFor(TimeSpan.FromSeconds(5))
.UseDefaultEncryptor(_aesKey,_aesIv);
var output = Convert.ToBase64String(totp.ComputeEncrypted());
//output = DV/tzyq8YG+BRZGSpOVNZQ==
Happy coding :)
Top comments (2)
Great article because you saved me from a problem that my Blazer Server website cannot receive/send secure cookies out of the box. It seems to be possible by creating a claims principal but the examples I found were way too complicated.
Because Blazer runs server side I can use your solution.
very glad to hear that :)