In real-world scenarios, most of the services that are published must be secured, and only authenticated clients should be able to access the services. The use of SSL in achieving transport layer security is, by default, implemented in almost all enterprise scenarios to prevent eavesdropping of the data travelling over the network. In this section, let's focus on the application-level security, by implementing authentication and authorization.

Authentication is the process of establishing that a user is who he claims to be and authorization is verifying whether the authenticated user can perform a particular action or consume a particular resource.