One possible way to implement REST security is to authenticate the client with a username and password in the first request.
Then the server returns a security token which should be used in each subsequent REST request for the duration of the session.
Of course, there are different alternatives.
You can look at Facebook, Twitter, etc for examples.
Hope this helps.
Jack Poorte, Sep 05, 2013
@Volkan - that blog post is good. It has good information. In his article he uses an "assembler" to map one object to another. I just call those objects "mappers", but they do the same thing. DTO's in general are not needed everywhere, all the time. In my opinion, they are only needed if you want to flatten your model for presentation purposes. In other words you can make your DTO's contain properties that are only needed for the UI and not necessarily represent your entity. Regarding your Service Layer question, I use a Service Layer WITH my Business Objects, not instead of. I want my Business Objects (sometimes called Domain Objects), to be a clean representation of the data entities. This way they can be easily used by any layer. I hope this answers your questions.
Jun 11, 2012
Hi King, thanks for your answer.I will research automapper, The second answer Service Layer will u use it instead of business layer or do u use it with businesslayer. I found a link Data Transfer Objects with GenericRepositoryPattern like below http://elegantcode.com/2007/12/05/fun-with-generics-from-repository-to-dto/ What is your opinion about the link ? Thanks. Best Regards.
Jun 04, 2012