Pro ASP.NET Web API Security: Securing ASP.NET Web API

7h 40m
Badrinarayanan Lakshmiraghavan
Apress
2013

From Channel:

APIs

ASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP.

With such wide accessibility, securing your code effectively needs to be a top priority. You will quickly find that the WCF security protocols you’re familiar with from .NET are less suitable than they once were in this new environment, proving themselves cumbersome and limited in terms of the standards they can work with.

Fortunately, ASP.NET Web API provides a simple, robust security solution of its own that fits neatly within the ASP.NET MVC programming model and secures your code without the need for SOAP, meaning that there is no limit to the range of devices that it can work with – if it can understand HTTP, then it can be secured by Web API. These SOAP-less security techniques are the focus of this book.

What you’ll learn

Identity management and cryptography
HTTP basic and digest authentication and Windows authentication
HTTP advanced concepts such as web caching, ETag, and CORS
Ownership factors of API keys, client X.509 certificates, and SAML tokens
Simple Web Token (SWT) and signed and encrypted JSON Web Token (JWT)
OAuth 2.0 from the ground up using JWT as the bearer token
OAuth 2.0 authorization codes and implicit grants using DotNetOpenAuth
Two-factor authentication using Google Authenticator
OWASP Top Ten risks for 2013

About the Author

Badrinarayanan Lakshmiraghavan has more than fourteen years of information technology experience in all phases of the software development life cycle, including technology consulting and advisory roles in multiple technologies. He has been programming on the Microsoft technology stack from the days of Visual Basic 3.0.

Badri currently is a senior technology architect with Global Technology Consulting - Microsoft Center of Excellence of Cognizant (NASDAQ: CTSH), a Fortune 500 company. He speaks three languages: Tamil, English, and C#.

In this Book

Welcome to ASP.NET Web API
Building RESTful Services
Extensibility Points
HTTP Anatomy and Security
Identity Management
Encryption and Signing
Custom STS through WIF
Knowledge Factors
Ownership Factors
Web Tokens
OAuth 2.0 Using Live Connect API
OAuth 2.0 from the Ground Up
OAuth 2.0 Using DotNetOpenAuth
Two-Factor Authentication
Security Vulnerabilities

FREE ACCESS

Course Microsoft Azure Security Technologies: Implementing Data Security

(3)

Course OWASP Top 10: Web Application Security

(396)

Book Pro ASP.NET Core 7, Tenth Edition

Get Started

Sharpen your skills. Upgrade your career. Find the right learning path for you, based on your role and skills. Take part in hands-on practice, study for a certification, and much more - all personalized for you.

*Not included: Compliance, Leadership Development Program content, and Engineering books

Your content + our content + our platform = a path to learning success

Using our learning experience platform, Percipio, your learners can engage in custom learning paths that can feature curated content from all sources.

Learn More

Aspire to something bigger

Aspire Journeys are guided learning paths that set you in motion for career success.

Browse Aspire Journeys

Explore a world of live learning with Global Knowledge

Choose from convenient delivery formats to get the training you and your team need - where, when and how you want it.

Browse Live Learning

IT Skills & Salary Report

ESG Impact Report

Pro ASP.NET Web API Security: Securing ASP.NET Web API

In this Book

YOU MIGHT ALSO LIKE