Pro ASP.NET Web API Security: Securing ASP.NET Web APIASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP. With such wide accessibility, securing your code effectively needs to be a top priority. You will quickly find that the WCF security protocols you’re familiar with from .NET are less suitable than they once were in this new environment, proving themselves cumbersome and limited in terms of the standards they can work with. Fortunately, ASP.NET Web API provides a simple, robust security solution of its own that fits neatly within the ASP.NET MVC programming model and secures your code without the need for SOAP, meaning that there is no limit to the range of devices that it can work with – if it can understand HTTP, then it can be secured by Web API. These SOAP-less security techniques are the focus of this book. |
Contents
| 1 | |
| 13 | |
CHAPTER 3 Extensibility Points | 29 |
CHAPTER 4 HTTP Anatomy and Security | 41 |
CHAPTER 5 Identity Management | 81 |
CHAPTER 6 Encryption and Signing | 103 |
CHAPTER 7 Custom STS through WIF | 119 |
CHAPTER 8 Knowledge Factors | 133 |
CHAPTER 10 Web Tokens | 191 |
CHAPTER 11 OAuth 20 Using Live Connect API | 227 |
CHAPTER 12 OAuth 20 from the Ground Up | 251 |
CHAPTER 13 OAuth 20 Using DotNetOpenAuth | 283 |
CHAPTER 14 TwoFactor Authentication | 319 |
CHAPTER 15 Security Vulnerabilities | 345 |
APPENDIX ASPNET Web API Security Distilled | 375 |
| 381 | |
Other editions - View all
Pro ASP.NET Web API Security: Securing ASP.NET Web API Badrinarayanan Lakshmiraghavan Limited preview - 2013 |
Pro ASP.NET Web API Security: Securing ASP.NET Web API Badrinarayanan Lakshmiraghavan No preview available - 2013 |
Common terms and phrases
access token algorithm ApiController ASP.NET MVC ASP.NET Web API authorization code grant authorization header authorization server basic authentication browser byte cache cancellationToken Chapter claims claims-based client application client certificate client secret configuration contacts cookie create credentials decrypt digest authentication DNOA employee encoding endpoint ETag forms authentication Framework Google Authenticator hash HMAC HomeController HOTP identity implement input Internet Explorer issued issuer JavaScript JQuery JSON JsonWebToken Live Connect login message handler NET Framework nonce NTLM OAuth OpenID ownership factor password pipeline private key Promotion Manager proof key public class public key public static public string redirect refresh token relying party request header resource server response header SAML token scenario security token shown in Listing signature specification status code symmetric key Thread.CurrentPrincipal TOTP user ID valid Visual Studio web application Web.config Windows authentication WS-Trust WWW-Authenticate X.509 certificate