WIF and REST is it a good fit?

We have bunch of web applications which are secured using WIF and custom database authentication, currently we are in the pro开发者_如何学运维cess of building a RESTful public API. My question is whether we can use the existing WIF implementation to authenticate these new RESTFul service requesuts?

Thanks!

You can take a look at those two blog posts relating how to use WIF to secure an OData endpoint (which is REST on steroids):

http://blogs.msdn.com/b/astoriateam/archive/2011/01/20/oauth-2-0-and-odata-protecting-an-odata-service-using-oauth-2-0.aspx

http://blogs.msdn.com/b/astoriateam/archive/2011/01/21/connecting-to-an-oauth-2-0-protected-odata-service.aspx

I'll be in the process of integrating WIF with classic-REST and OData endpoints shortly, if you have any feedbacks, I'm interested.

Vincent-Philippe

REST services typically use different token formats from those supported by WIF out of the box (e.g. SWT vs SAML). You can extend WIF so it understands the appropriate token format. There are many examples that show how to do that.

See here for an example: http://zamd.net/2011/02/08/using-simple-web-token-swt-with-wif/