ASP.NET Web API Security Essentials

Take the security of your ASP.NET Web API to the next level using some of the most amazing security techniques around

ASP.NET Web API Security Essentials

This ebook is included in a Mapt subscription
Rajesh Gunasundaram

1 customer reviews
Take the security of your ASP.NET Web API to the next level using some of the most amazing security techniques around
$10.00
$34.99
RRP $27.99
RRP $34.99
eBook
Print + eBook
Preview in Mapt

Book Details

ISBN 139781785882210
Paperback152 pages

Book Description

This book incorporates the new features of ASP.NET Web API 2 that will help you to secure an ASP.NET Web API and make a well-informed decision when choosing the right security mechanism for your security requirements.

We start by showing you how to set up a browser client to utilize ASP.NET Web API services. We then cover ASP.NET Web API’s security architecture, authentication, and authorization to help you secure a web API from unauthorized users. Next, you will learn how to use SSL with ASP.NET Web API, including using SSL client certificates, and integrate the ASP.NET Identity system with ASP.NET Web API.

We’ll show you how to secure a web API using OAuth2 to authenticate against a membership database using OWIN middleware. You will be able to use local logins to send authenticated requests using OAuth2. We also explain how to secure a web API using forms authentication and how users can log in with their Windows credentials using integrated Windows authentication. You will come to understand the need for external authentication services to enable OAuth/OpenID and social media authentication. We’ll then help you implement anti-Cross-Site Request Forgery (CSRF) measures in ASP.NET Web API.

Finally, you will discover how to enable Cross-Origin Resource Sharing (CORS) in your web API application.

Table of Contents

Chapter 1: Setting up a Browser Client
ASP.NET Web API security architecture
Setting up your browser client
Authentication and authorization
Implementing authentication in HTTP message handlers
Setting the principal
Using the [Authorize] attribute
Custom authorization filters
Authorization inside a controller action
Summary
Chapter 2: Enabling SSL for ASP.NET Web API
Enforcing SSL in a Web API controller
Using client certificates in Web API
Summary
Chapter 3: Integrating ASP.NET Identity System with Web API
Creating an Empty Web API Application
Installing the ASP.NET Identity NuGet packages
Setting up ASP.NET Identity 2.1
Defining Web API Controllers and methods
Summary
Chapter 4: Securing Web API Using OAuth2
Hosting OWIN in IIS and adding Web API to the OWIN pipeline
Individual User Account authentication flow
Sending an unauthorized request
Get an access token
Send an authenticated request
Summary
Chapter 5: Enabling Basic Authentication using Authentication Filter in Web API
Basic authentication with IIS
Basic authentication with custom membership
Basic authentication using an authentication filter
Setting an authentication filter
Implementing a Web API authentication filter
Setting an error result
Combining authentication filters with host-level authentication
Summary
Chapter 6: Securing a Web API using Forms and Windows Authentication
Working of Forms authentication
Implementing Forms authentication in Web API
What is Integrated Windows Authentication?
Advantages and disadvantages of using the Integrated Windows Authentication mechanism
Configuring Windows Authentication
Difference between Basic Authentication and Windows authentication
Enabling Windows authentication in Katana
Summary
Chapter 7: Using External Authentication Services with ASP.NET Web API
Using OWIN external authentication services
Implementing Facebook authentication
Implementing Twitter authentication
Implementing Google authentication
Implementing Microsoft authentication
Discussing authentication
Summary
Chapter 8: Avoiding Cross-Site Request Forgery Attacks in Web API
What is a CSRF attack?
Anti-forgery tokens using HTML Form or Razor View
Anti-forgery tokens using AJAX
Summary
Chapter 9: Enabling Cross-Origin Resource Sharing (CORS) in ASP.NET Web API
What is CORS?
How CORS works
Setting the allowed origins
Setting the allowed HTTP methods
Setting the allowed request headers
Setting the allowed response headers
Passing credentials in cross-origin requests
Enabling CORS at various scope
Summary

What You Will Learn

  • Secure your web API by enabling Secured Socket Layer (SSL)
  • Manage your application’s user accounts by integrating ASP.NET’s Identity system
  • Ensure the security of your web API by implementing basic authentication
  • Implement forms and Windows authentication to secure your web API
  • Use external authentication such as Facebook and Twitter to authenticate a request to a web API
  • Protect your web API from CSRF attacks
  • Enable CORS in your web API to explicitly allow some cross-origin requests while rejecting others
  • Fortify your web API using OAuth2

Authors

Table of Contents

Chapter 1: Setting up a Browser Client
ASP.NET Web API security architecture
Setting up your browser client
Authentication and authorization
Implementing authentication in HTTP message handlers
Setting the principal
Using the [Authorize] attribute
Custom authorization filters
Authorization inside a controller action
Summary
Chapter 2: Enabling SSL for ASP.NET Web API
Enforcing SSL in a Web API controller
Using client certificates in Web API
Summary
Chapter 3: Integrating ASP.NET Identity System with Web API
Creating an Empty Web API Application
Installing the ASP.NET Identity NuGet packages
Setting up ASP.NET Identity 2.1
Defining Web API Controllers and methods
Summary
Chapter 4: Securing Web API Using OAuth2
Hosting OWIN in IIS and adding Web API to the OWIN pipeline
Individual User Account authentication flow
Sending an unauthorized request
Get an access token
Send an authenticated request
Summary
Chapter 5: Enabling Basic Authentication using Authentication Filter in Web API
Basic authentication with IIS
Basic authentication with custom membership
Basic authentication using an authentication filter
Setting an authentication filter
Implementing a Web API authentication filter
Setting an error result
Combining authentication filters with host-level authentication
Summary
Chapter 6: Securing a Web API using Forms and Windows Authentication
Working of Forms authentication
Implementing Forms authentication in Web API
What is Integrated Windows Authentication?
Advantages and disadvantages of using the Integrated Windows Authentication mechanism
Configuring Windows Authentication
Difference between Basic Authentication and Windows authentication
Enabling Windows authentication in Katana
Summary
Chapter 7: Using External Authentication Services with ASP.NET Web API
Using OWIN external authentication services
Implementing Facebook authentication
Implementing Twitter authentication
Implementing Google authentication
Implementing Microsoft authentication
Discussing authentication
Summary
Chapter 8: Avoiding Cross-Site Request Forgery Attacks in Web API
What is a CSRF attack?
Anti-forgery tokens using HTML Form or Razor View
Anti-forgery tokens using AJAX
Summary
Chapter 9: Enabling Cross-Origin Resource Sharing (CORS) in ASP.NET Web API
What is CORS?
How CORS works
Setting the allowed origins
Setting the allowed HTTP methods
Setting the allowed request headers
Setting the allowed response headers
Passing credentials in cross-origin requests
Enabling CORS at various scope
Summary

Book Details

ISBN 139781785882210
Paperback152 pages
Read More
From 1 reviews

Read More Reviews