We need to have a Netduino send data to one of our REST services.
In our specific case, it can only do that over HTTP (please don’t go there).
Up until this point all our services were secured by OAuth2 under SSL. But we now need to expose a special service over HTTP only, with no oAuth2 protection. I feel like we are stepping back into the 90’s.
Is there any help in ServiceStack to make it easier for us to implement a secure call?
I saw this post by Demis a while back. Any new advances to help support that in SS, or is that all we have to play with still at this point? I am not asking if SS solves the solution for us, just what we can leverage out of the box.
Clearly, we need to sign and encrypt the data both ways (asymmetric public/private keys), and manage some kind of a handshake to identify not just the device but the user on the device, and prevent replay attacks with nonces etc. All that standard stuff.