ASP.NET Web API Security Essentials

Summary

Enabling CORS at various scope

Passing credentials in cross-origin requests

Setting the allowed response headers

Setting the allowed request headers

Setting the allowed HTTP methods

Setting the allowed origins

How CORS works

What is CORS?

Chapter 9. Enabling Cross-Origin Resource Sharing (CORS) in ASP.NET Web API

Summary

Anti-forgery tokens using AJAX

Anti-forgery tokens using HTML Form or Razor View

What is a CSRF attack?

Chapter 8. Avoiding Cross-Site Request Forgery Attacks in Web API

Summary

Discussing authentication

Implementing Microsoft authentication

Implementing Google authentication

Implementing Twitter authentication

Implementing Facebook authentication

Using OWIN external authentication services

Chapter 7. Using External Authentication Services with ASP.NET Web API

Summary

Enabling Windows authentication in Katana

Difference between Basic Authentication and Windows authentication

Configuring Windows Authentication

Advantages and disadvantages of using the Integrated Windows Authentication mechanism

What is Integrated Windows Authentication?

Implementing Forms authentication in Web API

Working of Forms authentication

Chapter 6. Securing a Web API using Forms and Windows Authentication

Summary

Combining authentication filters with host-level authentication

Setting an error result

Implementing a Web API authentication filter

Setting an authentication filter

Basic authentication using an authentication filter

Basic authentication with custom membership

Basic authentication with IIS

Chapter 5. Enabling Basic Authentication using Authentication Filter in Web API

Summary

Send an authenticated request

Get an access token

Sending an unauthorized request

Individual User Account authentication flow

Hosting OWIN in IIS and adding Web API to the OWIN pipeline

Chapter 4. Securing Web API Using OAuth2

Summary

Defining Web API Controllers and methods

Setting up ASP.NET Identity 2.1

Installing the ASP.NET Identity NuGet packages

Creating an Empty Web API Application

Chapter 3. Integrating ASP.NET Identity System with Web API

Summary

Using client certificates in Web API

Enforcing SSL in a Web API controller

Chapter 2. Enabling SSL for ASP.NET Web API

Summary

Authorization inside a controller action

Custom authorization filters

Using the [Authorize] attribute

Setting the principal

Implementing authentication in HTTP message handlers

Authentication and authorization

Setting up your browser client

ASP.NET Web API security architecture

Chapter 1. Setting up a Browser Client

Customer support

Reader feedback

Who this book is for

What you need for this book

What this book covers

Preface

Support files eBooks discount offers and more

www.PacktPub.com

About the Reviewer

Acknowledgments

About the Author

Credits

版权页

封面

封面

版权页

Credits

About the Author

Acknowledgments

About the Reviewer

www.PacktPub.com

Support files eBooks discount offers and more

Preface

What this book covers

What you need for this book

Who this book is for

Reader feedback

Customer support

Chapter 1. Setting up a Browser Client

ASP.NET Web API security architecture

Setting up your browser client

Authentication and authorization

Implementing authentication in HTTP message handlers

Setting the principal

Using the [Authorize] attribute

Custom authorization filters

Authorization inside a controller action

Summary

Chapter 2. Enabling SSL for ASP.NET Web API

Enforcing SSL in a Web API controller

Using client certificates in Web API

Summary

Chapter 3. Integrating ASP.NET Identity System with Web API

Creating an Empty Web API Application

Installing the ASP.NET Identity NuGet packages

Setting up ASP.NET Identity 2.1

Defining Web API Controllers and methods

Summary

Chapter 4. Securing Web API Using OAuth2

Hosting OWIN in IIS and adding Web API to the OWIN pipeline

Individual User Account authentication flow

Sending an unauthorized request

Get an access token

Send an authenticated request

Summary

Chapter 5. Enabling Basic Authentication using Authentication Filter in Web API

Basic authentication with IIS

Basic authentication with custom membership

Basic authentication using an authentication filter

Setting an authentication filter

Implementing a Web API authentication filter

Setting an error result

Combining authentication filters with host-level authentication

Summary

Chapter 6. Securing a Web API using Forms and Windows Authentication

Working of Forms authentication

Implementing Forms authentication in Web API

What is Integrated Windows Authentication?

Advantages and disadvantages of using the Integrated Windows Authentication mechanism

Configuring Windows Authentication

Difference between Basic Authentication and Windows authentication

Enabling Windows authentication in Katana

Summary

Chapter 7. Using External Authentication Services with ASP.NET Web API

Using OWIN external authentication services

Implementing Facebook authentication

Implementing Twitter authentication

Implementing Google authentication

Implementing Microsoft authentication

Discussing authentication

Summary

Chapter 8. Avoiding Cross-Site Request Forgery Attacks in Web API

What is a CSRF attack?

Anti-forgery tokens using HTML Form or Razor View

Anti-forgery tokens using AJAX

Summary

Chapter 9. Enabling Cross-Origin Resource Sharing (CORS) in ASP.NET Web API

What is CORS?

How CORS works

Setting the allowed origins

Setting the allowed HTTP methods

Setting the allowed request headers

Setting the allowed response headers

Passing credentials in cross-origin requests

Enabling CORS at various scope

Summary