Skip to Main Content
Designing Evolvable Web APIs with ASP.NET
book

Designing Evolvable Web APIs with ASP.NET

by Glenn Block, Pablo Cibraro, Pedro Felix, Howard Dierking, Darrel Miller
March 2014
Intermediate to advanced content levelIntermediate to advanced
538 pages
13h 19m
English
O'Reilly Media, Inc.
Content preview from Designing Evolvable Web APIs with ASP.NET

Chapter 15. Security

The cowl does not make the monk.

In the broadest sense, the security of computer systems encompasses many subjects and techniques, ranging from encryption schemes to availability and disaster recovery systems. However, it is not the goal of this chapter to discuss such a wide range of themes. Instead, we’ll focus our attention on the security aspects that are more specific to Web APIs—in particular, transport security, authentication, and authorization. So, in the following sections we will be addressing these subjects, from both theoretical and practical viewpoints, using ASP.NET Web API as the supporting technology.

This chapter is complemented by the following chapter, which will focus solely on the OAuth 2.0 Framework: a set of protocols and patterns addressing access control in HTTP-based APIs.

Transport Security

The confidentiality and integrity of transferred information are important security requirements that must be addressed when you are designing and implementing distributed systems. Unfortunately, the HTTP protocol provides little support in this area. For this reason, the common practice among developers is to address these requirements by using HTTP on top of a secure transport layer, as defined by RFC 1818, “HTTP Over TLS,” resulting in what is informally known as HTTPS. Briefly, this specification states that when a client performs an HTTP request to a URI with the https scheme (e.g., https://www.example.net), then the HTTP protocol is layered on ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Mastering ASP.NET Web API

Mastering ASP.NET Web API

Mithun Pattankar, Malendra Hurbuns
Enterprise Application Development with C# 9 and .NET 5

Enterprise Application Development with C# 9 and .NET 5

Ravindra Akella, Rishabh Verma, Arun Kumar Tamirisa, Suneel Kumar Kunani, Bhupesh Guptha Muthiyalu

Publisher Resources

ISBN: 9781449337919Errata Page