|
ASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP.
With such wide accessibility, securing your code effectively needs to be a top priority. You will quickly find that the WCF security protocols you’re familiar with from .NET are less suitable than they once were in this new environment, proving themselves cumbersome and limited in terms of the standards they can work with.
Fortunately, ASP.NET Web API provides a simple, robust security solution of its own that fits neatly within the ASP.NET MVC programming model and secures your code without the need for SOAP, meaning that there is no limit to the range of devices that it can work with – if it can understand HTTP, then it can be secured by Web API. These SOAP-less security techniques are the focus of this book.
What you’ll learn
-
Identity management and cryptography
-
HTTP basic and digest authentication and Windows authentication
-
HTTP advanced concepts such as web caching, ETag, and CORS
-
Ownership factors of API keys, client X.509 certificates, and SAML tokens
-
Simple Web Token (SWT) and signed and encrypted JSON Web Token (JWT)
-
OAuth 2.0 from the ground up using JWT as the bearer token
-
OAuth 2.0 authorization codes and implicit grants using DotNetOpenAuth
-
Two-factor authentication using Google Authenticator
-
OWASP Top Ten risks for 2013
Who this book is for
No prior experience of .NET security is needed to read this book. All security related concepts will be introduced from first-principles and developed to the point where you can use them confidently in a professional environment. A good working knowledge of and experience with C# and the .NET framework are the only prerequisites to benefit from this book.
Table of Contents
-
Welcome to ASP.NET Web API
-
Building RESTful Services
-
Extensibility Points
-
HTTP Anatomy and Security
-
Identity Management
-
Encryption and Signing
-
Custom STS through WIF
-
Knowledge Factors
-
Ownership Factors
-
Web Tokens
-
OAuth 2.0 Using Live Connect API
-
OAuth 2.0 From the Ground Up
-
OAuth 2.0 Using DotNetOpenAuth
-
Two-Factor Authentication
-
Security Vulnerabilities
-
Appendix: ASP.NET Web API Security Distilled
|
|
|
 Neonatal Cranial Ultrasonography
An exhaustive treatment of a phenomenon that causes family tragedy worldwide, this book fills a major gap in the current literature. Despite advances in neonatal care, neonatal cerebral injury remains a major cause of morbidity, mortality and disabilities. Cranial ultrasonography provides information on brain maturation in the (preterm)... | | Prince 2, Second Edition: A Practical Handbook (Computer Weekly Professional)PRINCE 2 is a flexible project management method, suitable for use on any type of project. It has been derived from professional Project Managers' experiences and refined over years of use in a wide variety of contexts.
Assessed as conformant with the concepts of PRINCE Version 2 by the PRINCE User Group Ltd
Fully updated... | | MORE Electronic Gadgets for the Evil Genius: 40 NEW Build-it-Yourself ProjectsThis much anticipated follow-up to the wildly popular cultclassic Electronic Gadgets for the Evil Genius gives basement experimenters 40 all-new projects to tinker with. Following the tried-and-true Evil Genius Series format, each project includes a detailed list of materials, sources for parts, schematics, documentation, and lots of clear,... |
Techniques and Applications of Digital Watermarking and Content ProtectionWhether you need to quickly come up to speed on the state of the art in digital watermarking or want to explore the latest research in this area, such as 3-D geometry watermarking, this timely reference gives you the hands-on knowledge you need for your work. This book covers the full range of media -- still images, audio data, video, 3-D geometry... | | | | |
|
