Web API v2 Security
Implementing Authentication and Authorization in ASP.NET Web API v2.
What you'll learn
The main feature focus of ASP.NET Web API v2 was security. There's a brand new authentication system and support for popular authentication methods, like OAuth2 tokens, that is already built-in. Additionally, it is now much easier to use Web APIs from JavaScript clients and the new security extensibility gives you powerful features to integrate your APIs in arbitrary security systems.
Table of contents
- Overview 1m
- Transport Security 3m
- X.509 Certificates 2m
- SSL Handshake 4m
- Developers and SSL 4m
- Where to get Certificates from? 3m
- Creating Certificates 3m
- Demo: Building an SSL Development Environment 17m
- Demo: Command Line Tools and Self-hosting 7m
- Demo: Fiddler and SSL Tracing 6m
- Validating Certificates using .NET APIs 16m
- Resources 1m
- Overview 2m
- Windows Authentication 5m
- Demo: Windows Authentication 17m
- Basic Authentication 4m
- Excursion: Katana Authentication Middleware 6m
- Demo: Basic Authentication 15m
- X.509 Client Certificates 4m
- Demo: Client Certificates and Combining Authentication Methods 21m
- Demo: Self Hosting 9m
- Summary 1m
- Overview 1m
- Same Origin Policy 3m
- Implicit Browser Authentication 1m
- Cross Site Request Forgery (CSRF) 2m
- CSRF Mitigation 6m
- Demo: Implicit Authentication and CSRF 4m
- Demo: CSRF Mitigation using Anti-Forgery Tokens 6m
- Cross Origin Resource Sharing (CORS) 8m
- Demo: CORS support in Web API 4m
- Summary 2m
- Overview 3m
- Modern Applications 4m
- Requirements and Complexity 6m
- OAuth2 6m
- Authorization Servers 2m
- Demo: Thinktecture AuthorizationServer 5m
- Trusted Applications 9m
- Demo: Resource Owner Credential Flow 5m
- Adding Refresh Tokens 4m
- Demo: Adding Refresh Tokens 6m
- Demo: AuthorizationServer and Resource Owner Flow 4m
- Excursion: JSON Web Tokens 2m
Course FAQ
Basically a Web API is an application programming interface for either a web server or a web browser. It's a framework for building HTTP-based services that are accessible in different apps and on different platforms.
In Web API version 1 security was mainly based on hosting specific features. In Web API v2 there's a completely new hosting infrastructure, new authentication infrastructure, and a lot of options around authorization, including token-based authentication and dual authorization.
This course is for anyone who wants to learn how to use Web API v2 and secure your APIs against attacks with effective authentication and authorization.
This is an intermediate level course, so it assumes some prior experience with ASP.NET and in building and working with APIs. JavaScript and web dev skills will also help speed up the learning curve.
About the author
Dominick works as an associate consultant for the Germany-based company thinktecture (http://www.thinktecture.com). His main area of focus is security in general and identity & access control in particular. He helps customers around the world implementing claims-based identity, single sign-on, authorization and federation in their web applications, services and APIs. Dominick is an international conference speaker and the author of "Developing more-secure ASP.NET Application" and co-author of th... more