The login page described earlier only protects our Markdown content, not our dynamic web services. If you know the resource names of the web services, you can still extract all sensor data and control the actuator output, unauthenticated. To avoid this, we need to add an authentication layer on top of our web services. We can do this by usingĀ JWT (Java Web Tokens). These tokens are simple strings that are cryptographically signed by a server, and that can be easily transported in any type of machine-to-machine communication where you want to avoid sessions and login forms. The server can then validate the token by checking the signature. By adding the Waher.Security.JWT.UWP NuGet package to our SensorHttp and ActuatorHttp projects, we can use JWT to protect our web services.
Protecting our web services
For .NET standard, .NET Core, or traditional .NET Framework projects,...