November 2008
Intermediate to advanced
308 pages
8h 30m
English
Content preview from RESTful .NETBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Chapter 8. Securing REST Endpoints
Security is always an important consideration when you’re building any kind of system. This is certainly true when you’re building services, perhaps more so because of the nature of exposing endpoints that could be called using a variety of toolkits and protocols. Those who favor SOAP services (specifically the WS-* set of specifications) tend to look down upon the security of RESTful services. In truth, though, enterprises have much more experience managing security for web applications than they do for SOAP service endpoints. Because RESTful services are just HTTP endpoints, all of the security techniques (HTTPS, certificates, etc.) that have been used for years with web applications are the same techniques we use for REST. Although it is certainly true that REST services don’t support end-to-end security over multiple protocols (as the suite of WS-Security-related protocols allows), in the end are you really going to need that?
In this chapter, we’ll look at the out-of-the-box capabilities that WCF 3.5 provides for building secure services with REST. First, we’ll discuss how to authenticate users of your WCF web endpoints, and then I’ll delve into the several ways available to authorize users once they’ve been authenticated.
Authenticating: Self-Hosted Endpoints
The security of an endpoint is set using properties of WebHttpBinding. Before we dive into
the security functionality WebHttpBinding, it’s important to digress for a moment and consider ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.