32,39 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
This book incorporates the new features of ASP.NET Web API 2 that will help you to secure an ASP.NET Web API and make a well-informed decision when choosing the right security mechanism for your security requirements.
We start by showing you how to set up a browser client to utilize ASP.NET Web API services. We then cover ASP.NET Web API’s security architecture, authentication, and authorization to help you secure a web API from unauthorized users. Next, you will learn how to use SSL with ASP.NET Web API, including using SSL client certificates, and integrate the ASP.NET Identity system with ASP.NET Web API.
We’ll show you how to secure a web API using OAuth2 to authenticate against a membership database using OWIN middleware. You will be able to use local logins to send authenticated requests using OAuth2. We also explain how to secure a web API using forms authentication and how users can log in with their Windows credentials using integrated Windows authentication. You will come to understand the need for external authentication services to enable OAuth/OpenID and social media authentication. We’ll then help you implement anti-Cross-Site Request Forgery (CSRF) measures in ASP.NET Web API.
Finally, you will discover how to enable Cross-Origin Resource Sharing (CORS) in your web API application.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 105
Veröffentlichungsjahr: 2015
Ähnliche
Table of Contents
ASP.NET Web API Security Essentials
ASP.NET Web API Security Essentials
Copyright © 2015 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: November 2015
Production reference: 1241115
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-78588-221-0
www.packtpub.com
Credits
Author
Rajesh Gunasundaram
Reviewer
Anuraj Parameswaran
Commissioning Editor
Amarabha Banerjee
Acquisition Editor
Prachi Bisht
Content Development Editor
Anish Dhurat
Technical Editor
Danish Shaikh
Copy Editor
Vibha Shukla
Project Coordinator
Harshal Ved
Proofreader
Safis Editing
Indexer
Mariammal Chettiyar
Production Coordinator
Nilesh Mohite
Cover Work
Nilesh Mohite
About the Author
Rajesh Gunasundaram is a software architect, technical writer and blogger. He has over 13 years of experience in the IT industry, with more than 10 years using Microsoft's .NET and 2 years of using BizTalk Server, and a year of iOS application development.
Rajesh is a founder and an editor of technical blogs: www.programmerguide.net and www.ioscorner.com. You can find many of his technical writings on .NET and iOS.
Rajesh holds a master's degree in computer application and began his career as a software engineer in the year 2002. He has worked on client premises located in various countries, such as the UK, Belarus, and Norway. He is also experienced in developing mobile applications for iPhone and iPad.
His technical strengths include Objective-C, C#, ASP.NET MVC, Web API, WCF, .Net Framework 4.5, AngularJS, BizTalk, SQL Server, REST, SOA, design patterns, and software architecture.
Acknowledgments
I am greatly thankful to my beloved and wonderful friend Ahila Dhayalan, who has constantly encouraged and motivated me while writing this book. She put me back on track whenever I deviated from my schedule of submitting the chapters. Without her support and encouragement, this book wouldn't have been possible.
I am also thankful to the entire team at Packt Publishing for providing me the opportunity to author this book.
Thanks to Prachi Bisht for having confidence in me and giving me the opportunity to write this book.
Thanks to Ajinkya Paranjape for having high regard for me and providing invaluable assistance.
Thanks to Anish Dhurat for guiding and helping me to shape the content of the book.
Thanks to Danish Shaikh for verifying the technical content and bringing it to a good shape.
About the Reviewer
Anuraj Parameswaran works as an architect in Orion India Systems Pvt. Ltd., Kochi. He has extensive experience of more than ten years in working on different technologies, mostly in the Microsoft space. He has been working on the .NET platform since its early days. He leads the technology and innovation team at Orion. He is a cofounder of MobiThoughts, a mobile application development company. His focus areas are data analytics, architecture, and Cloud computing.
He writes about technology in his popular blog at http://www.dotnetthoughts.net/. He is a K-MUG Community Council member and an active volunteer in Microsoft Technology Community.
www.PacktPub.com
Support files, eBooks, discount offers, and more
For support files and downloads related to your book, please visit www.PacktPub.com.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
https://www2.packtpub.com/books/subscription/packtlib
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can search, access, and read Packt's entire library of books.
Why subscribe?
Free access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view 9 entirely free books. Simply use your login credentials for immediate access.
I would like to dedicate this book to my wife, Sairabanu, and my brothers, Magesh and Nithish, as they are my driving factors.
Preface
ASP.NET Web API is a framework that makes it easy to build HTTP services that reach a broad range of clients, including browsers and mobile devices. It is an ideal platform to build RESTful applications on the .NET Framework.
This book provides a practical guide to secure your ASP.NET Web API by various security techniques, such as integrating the ASP.NET Identity system, implementing various authentication mechanisms, enabling Secured Socket Layer (SSL), preventing cross-site request forgery attacks, and enabling cross-origin resource sharing.
What this book covers
Chapter 1, Setting up a Browser Client, helps you to set up a browser client in order to use Web API services. It also covers ASP.NET Web API Security Architecture and authentication, and authorization to secure a web API from unauthorized users.
Chapter 2, Enabling SSL for ASP.NET Web API, explains how to use SSL with ASP.NET Web API, including using SSL client certificates. There are several common authentication schemes that are not secured over plain HTTP in particular Basic authentication and forms authentication, which send unencrypted credentials. In order to be secure, these authentication schemes must use SSL. In addition to this, SSL client certificates can be used to authenticate clients.
Chapter 3, Integrating ASP.NET Identity System with ASP.NET Web API, explains how to integrate the ASP.NET Identity system with ASP.NET Web API. The ASP.NET Identity system is designed to replace the previous ASP.NET Membership and Simple Membership systems. It includes profile support and OAuth integration. It works with OWIN and is included with ASP.NET templates that are shipped with Visual Studio 2013 and later versions.
Chapter 4, Securing a web API using OAuth2, shows you how to secure a web API using OAuth2 to authenticate against a membership database using the OWIN middleware. You will be able to use local logins to send authenticated requests using OAuth2.
Chapter 5, Enabling Basic Authentication using Authentication Filters in Web API, covers how to set an authentication scheme for individual controllers or actions using Authentication filters. This chapter shows an authentication filter that implements the HTTP Basic Access Authentication scheme. It will also cover the advantages and disadvantages of using Basic Authentication.
Chapter 6, Securing a Web API using Forms and Windows Authentication, explains how to secure a web API using Forms Authentication and how users can log in with their Windows credentials using Integrated Windows Authentication. You will also get to learn the advantages and disadvantages of using Forms and Windows Authentication in Web API. Forms authentication uses an HTML form to send the user's credentials to the server. Integrated Windows Authentication enables the users to log in with their Windows credentials, using Kerberos or NTLM. The client sends credentials in the Authorization header. Windows authentication is best suited for an intranet environment.
Chapter 7, Using External Authentication Services with ASP.NET Web API, helps you to understand the need for external authentication services in order to enable OAuth/OpenID and social media authentication. Using external authentication services helps in reducing development time when creating new web applications. Web users typically have several existing accounts for popular web services and social media websites; therefore, when a web application implements the authentication services from an external web service or social media website, it saves the development time that would have been spent while creating an authentication implementation. Using an external authentication service saves the end users from creating another account for the web application and having to remember yet another username and password.
Chapter 8, Preventing Cross-Site Request Forgery (CSRF) Attacks in Web API, helps you to implement anti-CSRF measures in ASP.NET Web API. Using an API key-based authentication, or a more sophisticated mechanism such as OAuth, helps in preventing CSRF attacks. ASP.NET MVC uses anti-forgery tokens, which are also called request verification tokens.
Chapter 9, Enabling Cross-Origin Resource Sharing (CORS) in ASP.NET Web API, explains how to enable CORS in your Web API application. Browser security prevents a web page from making AJAX requests to another domain. This restriction is called the same-origin policy and prevents a malicious site from reading sensitive data from another site. However, sometimes you might want to let other sites call your web API.
What you need for this book
Software requirements for development:
Hardware requirements for development:
