Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying ASP.NET Web API Security Essentials
  • Table Of Contents Toc
  • Feedback & Rating feedback
ASP.NET Web API Security Essentials

ASP.NET Web API Security Essentials

By : Gunasundaram
2.3 (3)
Buy this Book
close
close
ASP.NET Web API Security Essentials

ASP.NET Web API Security Essentials

2.3 (3)
By: Gunasundaram
Buy this Book

Overview of this book

This book incorporates the new features of ASP.NET Web API 2 that will help you to secure an ASP.NET Web API and make a well-informed decision when choosing the right security mechanism for your security requirements. We start by showing you how to set up a browser client to utilize ASP.NET Web API services. We then cover ASP.NET Web API’s security architecture, authentication, and authorization to help you secure a web API from unauthorized users. Next, you will learn how to use SSL with ASP.NET Web API, including using SSL client certificates, and integrate the ASP.NET Identity system with ASP.NET Web API. We’ll show you how to secure a web API using OAuth2 to authenticate against a membership database using OWIN middleware. You will be able to use local logins to send authenticated requests using OAuth2. We also explain how to secure a web API using forms authentication and how users can log in with their Windows credentials using integrated Windows authentication. You will come to understand the need for external authentication services to enable OAuth/OpenID and social media authentication. We’ll then help you implement anti-Cross-Site Request Forgery (CSRF) measures in ASP.NET Web API. Finally, you will discover how to enable Cross-Origin Resource Sharing (CORS) in your web API application.
Table of Contents (11 chapters)
close
close
close
Preface
Icon
Preface
Icon
What this book covers
Icon
What you need for this book
Icon
Who this book is for
Icon
Reader feedback
Icon
Customer support
Lock Free Chapter
1
1. Setting up a Browser Client
chevron up
Icon
1. Setting up a Browser Client
Icon
ASP.NET Web API security architecture
Icon
Setting up your browser client
Icon
Authentication and authorization
Icon
Implementing authentication in HTTP message handlers
Icon
Setting the principal
Icon
Using the [Authorize] attribute
Icon
Custom authorization filters
Icon
Authorization inside a controller action
Icon
Summary
2
2. Enabling SSL for ASP.NET Web API
Icon
2. Enabling SSL for ASP.NET Web API
Icon
Enforcing SSL in a Web API controller
Icon
Using client certificates in Web API
Icon
Summary
3
3. Integrating ASP.NET Identity System with Web API
Icon
3. Integrating ASP.NET Identity System with Web API
Icon
Creating an Empty Web API Application
Icon
Installing the ASP.NET Identity NuGet packages
Icon
Setting up ASP.NET Identity 2.1
Icon
Defining Web API Controllers and methods
Icon
Summary
4
4. Securing Web API Using OAuth2
Icon
4. Securing Web API Using OAuth2
Icon
Hosting OWIN in IIS and adding Web API to the OWIN pipeline
Icon
Individual User Account authentication flow
Icon
Sending an unauthorized request
Icon
Get an access token
Icon
Send an authenticated request
Icon
Summary
5
5. Enabling Basic Authentication using Authentication Filter in Web API
Icon
5. Enabling Basic Authentication using Authentication Filter in Web API
Icon
Basic authentication with IIS
Icon
Basic authentication with custom membership
Icon
Basic authentication using an authentication filter
Icon
Setting an authentication filter
Icon
Implementing a Web API authentication filter
Icon
Setting an error result
Icon
Combining authentication filters with host-level authentication
Icon
Summary
6
6. Securing a Web API using Forms and Windows Authentication
Icon
6. Securing a Web API using Forms and Windows Authentication
Icon
Working of Forms authentication
Icon
Implementing Forms authentication in Web API
Icon
What is Integrated Windows Authentication?
Icon
Advantages and disadvantages of using the Integrated Windows Authentication mechanism
Icon
Configuring Windows Authentication
Icon
Difference between Basic Authentication and Windows authentication
Icon
Enabling Windows authentication in Katana
Icon
Summary
7
7. Using External Authentication Services with ASP.NET Web API
Icon
7. Using External Authentication Services with ASP.NET Web API
Icon
Using OWIN external authentication services
Icon
Implementing Facebook authentication
Icon
Implementing Twitter authentication
Icon
Implementing Google authentication
Icon
Implementing Microsoft authentication
Icon
Discussing authentication
Icon
Summary
8
8. Avoiding Cross-Site Request Forgery Attacks in Web API
Icon
8. Avoiding Cross-Site Request Forgery Attacks in Web API
Icon
What is a CSRF attack?
Icon
Anti-forgery tokens using HTML Form or Razor View
Icon
Anti-forgery tokens using AJAX
Icon
Summary
9
9. Enabling Cross-Origin Resource Sharing (CORS) in ASP.NET Web API
Icon
9. Enabling Cross-Origin Resource Sharing (CORS) in ASP.NET Web API
Icon
What is CORS?
Icon
How CORS works
Icon
Setting the allowed origins
Icon
Setting the allowed HTTP methods
Icon
Setting the allowed request headers
Icon
Setting the allowed response headers
Icon
Passing credentials in cross-origin requests
Icon
Enabling CORS at various scope
Icon
Summary
10
Index
Icon
Index

ASP.NET Web API security architecture

This section will give you an overview of the Web API security architecture and show you all the various extensibility points that can be used for security related things. The ASP.NET Web API security architecture is composed of three main layers. The hosting layer acts as an interface between the Web API and network stacks. The message handler pipeline layer enables implementing cross-cutting concerns such as authentication and caching. The controller handling layer is where the controllers and actions are executed, parameters are bound and validated, and HTTP response message is created. This layer also contains a filter pipeline, as shown in the following figure:

ASP.NET Web API security architecture

Fig 1 – This image shows the components involved in securing the Web API

Let's briefly discuss the purpose of each components in the Web API pipeline, as follows:

  • Open Web Interface for .NET (OWIN) is the new open standard hosting infrastructure. Microsoft has built its own framework called Katana on top of OWIN and all Web API security techniques such as authentication methods (for example, token-based authentication) and support for social login providers (for example, Google and Facebook) will be happening on the OWIN layer.
  • Message Handler is a class that receives an HTTP request and returns an HTTP response. Implementing authentication at message handler level is not recommended. Message handlers are used for Cross-Origin Resource Sharing (CORS).
  • Authentication Filters are guaranteed to run before the authorization filter. If you are not interested in operating your authentication logic at the OWIN layer, you can straightaway move to controllers or actions. Authentication filters are really useful to invoke OWIN-based authentication logic.
  • Authorization Filters are the places in the pipeline where you can recheck the request before the actual expensive business logic stuff runs in the model binding and validation, and the controller action is invoked.

Now that we are familiar with the security architecture, we will set up the client.

Visually different images
CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
ASP.NET Web API Security Essentials
End of Section 1
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon