07294nam 2200637 450 991079780590332120170918211902.01-78588-322-4(CKB)3710000000530863(EBL)4191213(SSID)ssj0001634507(PQKBManifestationID)16386571(PQKBTitleCode)TC0001634507(PQKBWorkID)14950534(PQKB)10555394(MiAaPQ)EBC4191213(CaSebORM)9781785882210(PPN)228013313(EXLCZ)99371000000053086320160105d2015 uy| 0engur|n|---|||||txtccrASP.NET Web API security essentials take the security of your ASP.NET Web API to the next level using some of the most amazing security techniques around /Rajesh Gunasundaram1st editionBirmingham :Packt Publishing,2015.1 online resource (152 p.)Community experience distilledIncludes index.1-78588-221-X Cover; Copyright; Credits; About the Author; Acknowledgments; About the Reviewer; www.PacktPub.com; Table of Contents; Preface; Chapter 1: Setting up a Browser Client; ASP.NET Web API security architecture; Setting up your browser client; Implementing Web API lookup service; Adding a model; Adding a controller; Consuming the Web API using JavaScript and jQuery; Getting a list of contacts; Getting a contact by ID; Running the application; Authentication and authorization; Authentication; Authorization; Implementing authentication in HTTP message handlers; Setting the principalUsing the [Authorize] attributeGlobal authorization filter; Controller level authorization filter; Action level authorization filter; Custom authorization filters; Authorization inside a controller action; Summary; Chapter 2: Enabling SSL for ASP.NET Web API; Enforcing SSL in a Web API controller; Using client certificates in Web API; Creating an SSL Client Certificate; Configuring IIS to accept client certificates; Verifying Client Certificates in Web API; Summary; Chapter 3: Integrating ASP.NET Identity System with Web API; Creating an Empty Web API ApplicationInstalling the ASP.NET Identity NuGet packagesSetting up ASP.NET Identity 2.1; ASP.NET Identity; Defining Web API Controllers and methods; Testing the application; Summary; Chapter 4: Securing Web API Using OAuth2; Hosting OWIN in IIS and adding Web API to the OWIN pipeline; Individual User Account authentication flow; Sending an unauthorized request; Get an access token; Send an authenticated request; Summary; Chapter 5: Enabling Basic Authentication using Authentication Filter in Web API; Basic authentication with IIS; Basic authentication with custom membershipBasic authentication using an authentication filterSetting an authentication filter; Action-level authentication filter; Controller-level authentication filter; Global-level authentication filter; Implementing a Web API authentication filter; Setting an error result; Combining authentication filters with host-level authentication; Summary; Chapter 6: Securing a Web API using Forms and Windows Authentication; Working of Forms authentication; Implementing Forms authentication in Web API; What is Integrated Windows Authentication?Advantages and disadvantages of using the Integrated Windows Authentication mechanismConfiguring Windows Authentication; Difference between Basic Authentication and Windows authentication; Enabling Windows authentication in Katana; Summary; Chapter 7: Using External Authentication Services with ASP.NET Web API; Using OWIN external authentication services; Creating an ASP.NET MVC Application; Implementing Facebook authentication ; Implementing Twitter authentication; Implementing Google authentication; Implementing Microsoft authentication; Discussing authentication; SummaryChapter 8: Avoiding Cross-Site Request Forgery Attacks in Web APITake the security of your ASP.NET Web API to the next level using some of the most amazing security techniques around About This Book This book has been completely updated for ASP.NET Web API 2.0 including the new features of ASP.NET Web API such as Cross-Origin Resource Sharing (CORS) and OWIN self-hosting Learn various techniques to secure ASP.NET Web API, including basic authentication using authentication filters, forms, Windows Authentication, external authentication services, and integrating ASP.NET's Identity system An easy-to-follow guide to enable SSL, prevent Cross-Site Request Forgery (CSRF) attacks, and enable CORS in ASP.NET Web API Who This Book Is For This book is intended for anyone who has previous knowledge of developing ASP.NET Web API applications. Good working knowledge and experience with C# and.NET Framework are prerequisites for this book. What You Will Learn Secure your web API by enabling Secured Socket Layer (SSL) Manage your application's user accounts by integrating ASP.NET's Identity system Ensure the security of your web API by implementing basic authentication Implement forms and Windows authentication to secure your web API Use external authentication such as Facebook and Twitter to authenticate a request to a web API Protect your web API from CSRF attacks Enable CORS in your web API to explicitly allow some cross-origin requests while rejecting others Fortify your web API using OAuth2 In Detail This book incorporates the new features of ASP.NET Web API 2 that will help you to secure an ASP.NET Web API and make a well-informed decision when choosing the right security mechanism for your security requirements. We start by showing you how to set up a browser client to utilize ASP.NET Web API services. We then cover ASP.NET Web API's security architecture, authentication, and authorization to help you secure a web API from unauthorized users. Next, you will learn how to use SSL with ASP.NET Web API, including using SSL client certificates, and integrate the ASP.NET Identity system with ASP.NET Web API. We'll show you how to secure a web API using OAuth2 to authenticate against a membership database using OWIN middleware. You will be able to use local logins to send authenticated requests using OAuth2. We also explain how to secure a web API using forms authentication and how users can log in with their Windows credentials using integrated Windows authentication. You will come to understand the need for external au...Community experience distilled.Microsoft .NET FrameworkVisual programming (Computer science)Web site developmentApplication softwareDevelopmentMicrosoft .NET Framework.Visual programming (Computer science)Web site development.Application softwareDevelopment.Gunasundaram Rajesh1556946MiAaPQMiAaPQMiAaPQBOOK9910797805903321ASP.NET Web API security essentials3823018UNINA