Securing an ASP.NET Web API Service
Security in software development, and more importantly in web development, is a sensitive, vast, and complex topic, but in this chapter I’ll try to make sense of some of the most common techniques for securing ASP.NET Web APIs services. I’ll deal with authentication, authorization, and transport security, as well as look into the Web API way of dealing with some of the common .NET concepts, such as IPrincipal.
The chapter does not aim to be an A-Z reference on Web API security. Due to the space constraint that I have here, I’ll obviously only be able scratch the surface of many of the concepts. Hopefully ...