Rating: 0 out of 5 stars
0 ratings
Ebook247 pages2 hours
ASP.NET Web API Security Essentials
Rating: 0 out of 5 stars
()
About this ebook
This book is intended for anyone who has previous knowledge of developing ASP.NET Web API applications. A good working knowledge and experience with C# and.NET Framework are prerequisites for this book.
Read more from Gunasundaram Rajesh
Learning Angular for .NET Developers CORS Essentials Rating: 0 out of 5 stars0 ratings
Related to ASP.NET Web API Security Essentials
Related ebooks
ASP.NET Core for Jobseekers: Build Career in Designing Cross-Platform Web Applications Using Razor and Entity Framework Core Rating: 0 out of 5 stars0 ratingsBootstrap for ASP.NET MVC - Second Edition Rating: 5 out of 5 stars5/5AngularJS Deployment Essentials Rating: 0 out of 5 stars0 ratingsDeploying Node.js Rating: 5 out of 5 stars5/5ASP.NET Core 3 and React: Hands-On full stack web development using ASP.NET Core, React, and TypeScript 3 Rating: 0 out of 5 stars0 ratingsAngularJS Web Application Development Blueprints Rating: 0 out of 5 stars0 ratingsHands-On Parallel Programming with C# 8 and .NET Core 3: Build solid enterprise software using task parallelism and multithreading Rating: 0 out of 5 stars0 ratingsExpress Web Application Development Rating: 3 out of 5 stars3/5Learning ASP.NET Core MVC Programming Rating: 5 out of 5 stars5/5RESTful Web API Design with Node.js - Second Edition Rating: 1 out of 5 stars1/5Node Web Development, Second Edition Rating: 0 out of 5 stars0 ratingsNode.js By Example Rating: 2 out of 5 stars2/5WebSocket Essentials – Building Apps with HTML5 WebSockets Rating: 0 out of 5 stars0 ratingsModular Programming with PHP 7 Rating: 0 out of 5 stars0 ratingsBuilding Scalable Apps with Redis and Node.js Rating: 0 out of 5 stars0 ratingsModern JavaScript Applications Rating: 0 out of 5 stars0 ratingsJavaScript Security Rating: 4 out of 5 stars4/5Developing Cloud Native Applications in Azure using .NET Core: A Practitioner’s Guide to Design, Develop and Deploy Apps Rating: 0 out of 5 stars0 ratingsBuilding Microservices with .NET Core Rating: 1 out of 5 stars1/5Mongoose for Application Development Rating: 5 out of 5 stars5/5Entity Framework Core Cookbook - Second Edition Rating: 0 out of 5 stars0 ratingsLearning .NET High-performance Programming Rating: 0 out of 5 stars0 ratingsSoftware Design Patterns for Java Developers: Expert-led Approaches to Build Re-usable Software and Enterprise Applications Rating: 0 out of 5 stars0 ratingsNode.js Design Patterns Rating: 4 out of 5 stars4/5Microservices in .NET, Second Edition Rating: 0 out of 5 stars0 ratingsReact and React Native Rating: 0 out of 5 stars0 ratingsReactive State for Angular with NgRx Rating: 0 out of 5 stars0 ratings
Internet & Web For You
Coding For Dummies Rating: 5 out of 5 stars5/5No Place to Hide: Edward Snowden, the NSA, and the U.S. Surveillance State Rating: 4 out of 5 stars4/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Six Figure Blogging Blueprint Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Coding All-in-One For Dummies Rating: 4 out of 5 stars4/5How to Disappear and Live Off the Grid: A CIA Insider's Guide Rating: 0 out of 5 stars0 ratingsGet Rich or Lie Trying: Ambition and Deceit in the New Influencer Economy Rating: 0 out of 5 stars0 ratingsThe Beginner's Affiliate Marketing Blueprint Rating: 4 out of 5 stars4/5Podcasting For Dummies Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5How To Start A Podcast Rating: 4 out of 5 stars4/5Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Rating: 4 out of 5 stars4/5Grokking Algorithms: An illustrated guide for programmers and other curious people Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Six Figure Blogging In 3 Months Rating: 4 out of 5 stars4/5The Gothic Novel Collection Rating: 5 out of 5 stars5/5The Digital Marketing Handbook: A Step-By-Step Guide to Creating Websites That Sell Rating: 5 out of 5 stars5/5The Internet Is Not What You Think It Is: A History, a Philosophy, a Warning Rating: 4 out of 5 stars4/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsHow To Start A Profitable Blog: Turn Your Blogging Passion Into Profit (Blog Mastermind Booklets) Rating: 4 out of 5 stars4/5More Porn - Faster!: 50 Tips & Tools for Faster and More Efficient Porn Browsing Rating: 3 out of 5 stars3/5How To Make Money Blogging: How I Replaced My Day-Job With My Blog and How You Can Start A Blog Today Rating: 4 out of 5 stars4/5Introduction to Internet Scams and Fraud: Credit Card Theft, Work-At-Home Scams and Lottery Scams Rating: 4 out of 5 stars4/5How To Start A Profitable Authority Blog In Under One Hour Rating: 5 out of 5 stars5/5Stop Asking Questions: How to Lead High-Impact Interviews and Learn Anything from Anyone Rating: 5 out of 5 stars5/5
Related podcast episodes
EP 22: What is OAuth 2? 0% found this document usefulEP 09: Application Contexts, Dependency Injection, and Inversion of Control - OH MY! 0% found this document usefulEP 01: The Best of SpringOne 2021 (ft. Dan Vega) 0% found this document useful#71 - Strategic Monoliths and Microservices - Vaughn Vernon 0% found this document useful2: Pytest vs Unittest vs Nose: Choosing a test framework 0% found this document usefulJSJ 270 The Complete Software Developers Career Guide with John Sonmez 0% found this document usefulC101 86: Powershell 1/4: The Martian, Mutation Testing, and Powershell 0% found this document usefulNode.js with Myles Borins: Myles Borins joins the podcast to share all his knowledge about Node.js! 0% found this document useful
Related articles
Create A RESTful Server In Go Linux FormatArticle
Create A RESTful Server In Go
Oct 19, 2021
8 min readAn Introduction To Rabbitmq Linux FormatArticle
An Introduction To Rabbitmq
Jun 29, 2021
RabbitMQ is a Message Broker, which means that it can safely hold messages generated by applications and make them available to other applications. The main advantages are reliability, support for clustering and high-availability queues, tracing capa
1 min readAccess Your Mac Anywhere MacLifeArticle
Access Your Mac Anywhere
Nov 8, 2022
2 min readBasic Concepts Linux FormatArticle
Basic Concepts
Jul 2, 2019
A messaging system such as Kafka enables you to send messages between processes, applications and servers. Applications connect to Kafka to send or get data. Strictly speaking, a Kafka ‘topic’ is a unit of storage in Kafka: data in Kafka is stored in
1 min readAWS Vs Azure What’s The Difference? PC Pro MagazineArticle
AWS Vs Azure What’s The Difference?
Sep 11, 2022
7 min readKAFKA Build Utilities With The Kafka Server Linux FormatArticle
KAFKA Build Utilities With The Kafka Server
Jul 2, 2019
Nowadays, quite a few data architectures involve both a database and Apache Kafka, which is a distributed streaming platform and the subject of this tutorial. You can also find Kafka described as a publish-subscribe message system, which is a fancy w
7 min readBuild A Dynamic App Security Pipeline Linux FormatArticle
Build A Dynamic App Security Pipeline
Sep 21, 2021
8 min readMetrics & Visuals In Go Linux FormatArticle
Metrics & Visuals In Go
Nov 17, 2020
Mihalis Tsoukalos is a DataOps engineer and a technical writer. He’s the author of Go Systems Programming and Mastering Go, 2nd edition. The subject of this tutorial is two-fold. First, it’s about creating a Go application that exports metrics to P
7 min readBuild A Static Analysis Development Pipeline Linux FormatArticle
Build A Static Analysis Development Pipeline
Jul 27, 2021
9 min readUnderstand And Deploy Security Keys Linux FormatArticle
Understand And Deploy Security Keys
Feb 8, 2022
9 min readBuild A Mac Server MacFormatArticle
Build A Mac Server
Sep 19, 2023
10 min readSmartproxy Linux FormatArticle
Smartproxy
Jan 9, 2024
2 min readSeven Ways To Future-proof Your SEO Strategy MarketingArticle
Seven Ways To Future-proof Your SEO Strategy
Apr 8, 2018
Search engine optimisation (SEO) is always changing. To stay ahead of your competitors you need to be able to shift your SEO strategy. Expect to see mobile devices, artificial intelligence (AI) and voice search dominating the news. But what practical
3 min readPyScript – Bring Python Coding To The Web APCArticle
PyScript – Bring Python Coding To The Web
Aug 8, 2022
4 min readBitwarden Linux FormatArticle
Bitwarden
Sep 19, 2023
2 min readIn Conversation with Surbhi Rathore TechfastlyArticle
In Conversation with Surbhi Rathore
Oct 1, 2021
4 min read“If ‘Show Password’ Is Enabled, The Feature Sends Your Password To Their Third-party Servers” PC Pro MagazineArticle
“If ‘Show Password’ Is Enabled, The Feature Sends Your Password To Their Third-party Servers”
Dec 8, 2022
Like most people who write for a living, I lean heavily on my spoil chicken to get me through the day. Sorry, I mean spell checker. It’s not just professional writers, either: spell checkers have become de rigueur for business users and consumers ali
7 min readFLASK Web Frameworks Linux FormatArticle
FLASK Web Frameworks
Jun 4, 2019
The main focus of Python has always been to get you cracking on with your coding – the language was never made for web programming. However, this has just made it more interesting to extend the language for the web, or to create an interface to web-b
9 min readContributing For Non - Coders Linux FormatArticle
Contributing For Non - Coders
Jan 10, 2023
9 min readArtificial Intelligence Rules Of The Road Linux FormatArticle
Artificial Intelligence Rules Of The Road
Nov 14, 2023
AI FOR ALL! Anyone who works with computers needs to understand that AI will undoubtedly change how work is executed. That said, I don’t think we are anywhere near the much bleated “Everyone will lose their jobs!” IT-related jobs will change but they
2 min readSecure Browsers TechLifeArticle
Secure Browsers
Jun 3, 2019
4 min readHow To Build The Linux Format Server Linux FormatArticle
How To Build The Linux Format Server
Oct 19, 2021
10 min readPassword Managers Linux FormatArticle
Password Managers
Feb 6, 2024
14 min readHow Netflix’s OTT Architecture Functions? TechfastlyArticle
How Netflix’s OTT Architecture Functions?
May 1, 2022
With so many OTT platforms in the market today, Netflix has managed to capture a majority of the audience on a global scale. Netflix has become the go-to source of so much entertainment for consumers in less than 20 years. It can even be said that Ne
4 min readBest Password Managers For Your Android Device Android AdvisorArticle
Best Password Managers For Your Android Device
Jul 5, 2023
7 min readPassword Managers APCArticle
Password Managers
Nov 6, 2023
11 min readNewsdesk Linux FormatArticle
Newsdesk
Dec 13, 2022
OPEN SOURCE FUNDING GitHub, Fastly and Mozilla are all looking for new projects to back, giving a boost to open source development. Small open source projects might be created solely by enthusiasts but most make use of outside developers, often paid
9 min read1password 7 For Mac: Password Manager With Small Improvements That Add Up MacWorldArticle
1password 7 For Mac: Password Manager With Small Improvements That Add Up
Jul 17, 2018
4 min read02 Hang-on! I’m Talking To A What? HWM SingaporeArticle
02 Hang-on! I’m Talking To A What?
Aug 10, 2023
3 min readBitwarden PC Pro MagazineArticle
Bitwarden
Oct 5, 2023
3 min read
Reviews for ASP.NET Web API Security Essentials
Rating: 0 out of 5 stars
0 ratings
0 ratings0 reviews
Book preview
ASP.NET Web API Security Essentials - Gunasundaram Rajesh
Table of Contents
ASP.NET Web API Security Essentials
Credits
About the Author
Acknowledgments
About the Reviewer
www.PacktPub.com
Support files, eBooks, discount offers, and more
Why subscribe?
Free access for Packt account holders
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example code
Errata
Piracy
Questions
1. Setting up a Browser Client
ASP.NET Web API security architecture
Setting up your browser client
Implementing Web API lookup service
Adding a model
Adding a controller
Consuming the Web API using JavaScript and jQuery
Getting a list of contacts
Getting a contact by ID
Running the application
Authentication and authorization
Authentication
Authorization
Implementing authentication in HTTP message handlers
Setting the principal
Using the [Authorize] attribute
Global authorization filter
Controller level authorization filter
Action level authorization filter
Custom authorization filters
Authorization inside a controller action
Summary
2. Enabling SSL for ASP.NET Web API
Enforcing SSL in a Web API controller
Using client certificates in Web API
Creating an SSL Client Certificate
Configuring IIS to accept client certificates
Verifying Client Certificates in Web API
Summary
3. Integrating ASP.NET Identity System with Web API
Creating an Empty Web API Application
Installing the ASP.NET Identity NuGet packages
Setting up ASP.NET Identity 2.1
ASP.NET Identity
Defining Web API Controllers and methods
Testing the application
Summary
4. Securing Web API Using OAuth2
Hosting OWIN in IIS and adding Web API to the OWIN pipeline
Individual User Account authentication flow
Sending an unauthorized request
Get an access token
Send an authenticated request
Summary
5. Enabling Basic Authentication using Authentication Filter in Web API
Basic authentication with IIS
Basic authentication with custom membership
Basic authentication using an authentication filter
Setting an authentication filter
Action-level authentication filter
Controller-level authentication filter
Global-level authentication filter
Implementing a Web API authentication filter
Setting an error result
Combining authentication filters with host-level authentication
Summary
6. Securing a Web API using Forms and Windows Authentication
Working of Forms authentication
Implementing Forms authentication in Web API
What is Integrated Windows Authentication?
Advantages and disadvantages of using the Integrated Windows Authentication mechanism
Configuring Windows Authentication
Difference between Basic Authentication and Windows authentication
Enabling Windows authentication in Katana
Summary
7. Using External Authentication Services with ASP.NET Web API
Using OWIN external authentication services
Creating an ASP.NET MVC Application
Implementing Facebook authentication
Implementing Twitter authentication
Implementing Google authentication
Implementing Microsoft authentication
Discussing authentication
Summary
8. Avoiding Cross-Site Request Forgery Attacks in Web API
What is a CSRF attack?
Anti-forgery tokens using HTML Form or Razor View
How does an Anti-forgery token work?
Anti-forgery tokens using AJAX
Summary
9. Enabling Cross-Origin Resource Sharing (CORS) in ASP.NET Web API
What is CORS?
How CORS works
Setting the allowed origins
Setting the allowed HTTP methods
Setting the allowed request headers
Setting the allowed response headers
Passing credentials in cross-origin requests
Enabling CORS at various scope
Enable at action level
Enable at controller level
Enable CORS globally
Summary
Index
ASP.NET Web API Security Essentials
ASP.NET Web API Security Essentials
Copyright © 2015 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: November 2015
Production reference: 1241115
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78588-221-0
www.packtpub.com
Credits
Author
Rajesh Gunasundaram
Reviewer
Anuraj Parameswaran
Commissioning Editor
Amarabha Banerjee
Acquisition Editor
Prachi Bisht
Content Development Editor
Anish Dhurat
Technical Editor
Danish Shaikh
Copy Editor
Vibha Shukla
Project Coordinator
Harshal Ved
Proofreader
Safis Editing
Indexer
Mariammal Chettiyar
Production Coordinator
Nilesh Mohite
Cover Work
Nilesh Mohite
About the Author
Rajesh Gunasundaram is a software architect, technical writer and blogger. He has over 13 years of experience in the IT industry, with more than 10 years using Microsoft's .NET and 2 years of using BizTalk Server, and a year of iOS application development.
Rajesh is a founder and an editor of technical blogs: www.programmerguide.net and www.ioscorner.com. You can find many of his technical writings on .NET and iOS.
Rajesh holds a master's degree in computer application and began his career as a software engineer in the year 2002. He has worked on client premises located in various countries, such as the UK, Belarus, and Norway. He is also experienced in developing mobile applications for iPhone and iPad.
His technical strengths include Objective-C, C#, ASP.NET MVC, Web API, WCF, .Net Framework 4.5, AngularJS, BizTalk, SQL Server, REST, SOA, design patterns, and software architecture.
Acknowledgments
I am greatly thankful to my beloved and wonderful friend Ahila Dhayalan, who has constantly encouraged and motivated me while writing this book. She put me back on track whenever I deviated from my schedule of submitting the chapters. Without her support and encouragement, this book wouldn't have been possible.
I am also thankful to the entire team at Packt Publishing for providing me the opportunity to author this book.
Thanks to Prachi Bisht for having confidence in me and giving me the opportunity to write this book.
Thanks to Ajinkya Paranjape for having high regard for me and providing invaluable assistance.
Thanks to Anish Dhurat for guiding and helping me to shape the content of the book.
Thanks to Danish Shaikh for verifying the technical content and bringing it to a good shape.
About the Reviewer
Anuraj Parameswaran works as an architect in Orion India Systems Pvt. Ltd., Kochi. He has extensive experience of more than ten years in working on different technologies, mostly in the Microsoft space. He has been working on the .NET platform since its early days. He leads the technology and innovation team at Orion. He is a cofounder of MobiThoughts, a mobile application development company. His focus areas are data analytics, architecture, and Cloud computing.
He writes about technology in his popular blog at http://www.dotnetthoughts.net/. He is a K-MUG Community Council member and an active volunteer in Microsoft Technology Community.
www.PacktPub.com
Support files, eBooks, discount offers, and more
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to
Enjoying the preview?
Page 1 of 1