book

ASP.NET Web API Security Essentials

Name: ASP.NET Web API Security Essentials
Author: Rajesh Gunasundaram
ISBN: 9781785882210

by Rajesh Gunasundaram

November 2015

Intermediate to advanced

152 pages

2h 46m

English

Packt Publishing

Read now

Unlock full access

ASP.NET Web API Security Essentials
Table of Contents
ASP.NET Web API Security Essentials
Credits
About the Author
Acknowledgments
About the Reviewer
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
Preface
What this book covers
What you need for this book

Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example codeErrataPiracyQuestions
1. Setting up a Browser Client
ASP.NET Web API security architecture
Setting up your browser client
Implementing Web API lookup serviceAdding a modelAdding a controllerConsuming the Web API using JavaScript and jQueryGetting a list of contactsGetting a contact by IDRunning the application
Authentication and authorization
AuthenticationAuthorization
Implementing authentication in HTTP message handlers
Setting the principal
Using the [Authorize] attribute
Global authorization filterController level authorization filterAction level authorization filter
Custom authorization filters
Authorization inside a controller action
Summary
2. Enabling SSL for ASP.NET Web API
Enforcing SSL in a Web API controller
Using client certificates in Web API
Creating an SSL Client CertificateConfiguring IIS to accept client certificatesVerifying Client Certificates in Web API
Summary
3. Integrating ASP.NET Identity System with Web API
Creating an Empty Web API Application
Installing the ASP.NET Identity NuGet packages
Setting up ASP.NET Identity 2.1
ASP.NET Identity
Defining Web API Controllers and methods
Testing the application
Summary
4. Securing Web API Using OAuth2
Hosting OWIN in IIS and adding Web API to the OWIN pipeline
Individual User Account authentication flow
Sending an unauthorized request
Get an access token
Send an authenticated request
Summary
5. Enabling Basic Authentication using Authentication Filter in Web API
Basic authentication with IIS
Basic authentication with custom membership
Basic authentication using an authentication filter
Setting an authentication filter
Action-level authentication filterController-level authentication filterGlobal-level authentication filter
Implementing a Web API authentication filter
Setting an error result
Combining authentication filters with host-level authentication
Summary
6. Securing a Web API using Forms and Windows Authentication
Working of Forms authentication
Implementing Forms authentication in Web API
What is Integrated Windows Authentication?
Advantages and disadvantages of using the Integrated Windows Authentication mechanism
Configuring Windows Authentication
Difference between Basic Authentication and Windows authentication
Enabling Windows authentication in Katana
Summary
7. Using External Authentication Services with ASP.NET Web API
Using OWIN external authentication servicesCreating an ASP.NET MVC Application
Implementing Facebook authentication
Implementing Twitter authentication
Implementing Google authentication
Implementing Microsoft authentication
Discussing authentication
Summary
8. Avoiding Cross-Site Request Forgery Attacks in Web API
What is a CSRF attack?
Anti-forgery tokens using HTML Form or Razor View
How does an Anti-forgery token work?
Anti-forgery tokens using AJAX
Summary
9. Enabling Cross-Origin Resource Sharing (CORS) in ASP.NET Web API
What is CORS?
How CORS works
Setting the allowed origins
Setting the allowed HTTP methods
Setting the allowed request headers
Setting the allowed response headers
Passing credentials in cross-origin requests
Enabling CORS at various scope
Enable at action levelEnable at controller levelEnable CORS globally
Summary
Index

Overview

ASP.NET Web API Security Essentials provides practical, hands-on guidance for securing your ASP.NET Web API projects. With this book, you will learn how to apply robust security techniques, such as SSL, authentication filters, and CSRF prevention, ensuring your APIs are secure and reliable for production use.

What this Book will help me do

Implement SSL to encrypt communication with your Web API.
Integrate ASP.NET Identity to manage user authentication and roles.
Secure Web APIs using OAuth2 and external authentication providers.
Prevent security threats such as CSRF in your Web API.
Enable Cross-Origin Resource Sharing (CORS) securely for your applications.

Author(s)

None Gunasundaram, the author, is an experienced developer and security expert specializing in the ASP.NET ecosystem. They have extensive experience in implementing secure API solutions and have a knack for explaining technical concepts in an easy-to-understand and practical manner. Their passion lies in making software development more secure and accessible to developers of all skill levels.

Who is it for?

This book is ideal for ASP.NET developers familiar with building Web APIs who are looking to deepen their understanding of security principles and practices in API development. Readers should have experience with C# and the .NET framework. This book targets professionals aiming to secure their applications against common web threats and integrate advanced authentication methods.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Pro ASP.NET Web API Security: Securing ASP.NET Web API

Publisher Resources

ISBN: 9781785882210

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills