Home Page Icon
Home Page
Table of Contents for
Cover
Close
Cover
by Badrinarayanan Lakshmiraghavan
Pro ASP.NET Web API Security: Securing ASP.NET Web API
Title Page
Dedication
Contents at a Glance
Contents
Foreword
About the Author
About the Technical Reviewer
Acknowledgments
Introduction
CHAPTER 1: Welcome to ASP.NET Web API
What Is a Web API, Anyway?
A Primer on RESTful Web API
Hello, ASP.NET Web API!
WCF vs. ASP.NET Web API
Scenarios in Which ASP.NET Web API Shines
A Primer on Security
Summary
CHAPTER 2: Building RESTful Services
What Is a RESTful Service?
Identification of Resources
Manipulation of Resources Through Representations
Self-Descriptive Messages
Hypermedia as the Engine of Application State
Implementing and Consuming an ASP.NET Web API
Our First Attempt in Securing a Web API
Summary
CHAPTER 3: Extensibility Points
The What and Why of Extensibility Points
ASP.NET Web API Life Cycle
Filters
Message Handlers
HTTP Modules
Summary
CHAPTER 4: HTTP Anatomy and Security
HTTP Transaction
HTTP Request
Request Headers
HTTP Methods
Method Overriding
HTTP Response
Status Codes
Response Headers
Response Body
Web Caching
Entity Tag
Cross-Origin Resource Sharing
HTTP Cookies
Proxy Server
HTTPS
Fiddler: A Tool for Web Debugging
Summary
CHAPTER 5: Identity Management
Authentication and Authorization
Role-Based Security
The Curious Case of Thread.CurrentPrincipal
Claims-Based Security
Using Claims-Based Security
Implementing Claims-Based ASP.NET Web API
Security Token
Summary
CHAPTER 6: Encryption and Signing
Cryptography
Encrypting a Message Using Symmetric Keys
Signing a Message Using Symmetric Keys
Encrypting a Message Using Asymmetric Keys
Signing a Message Using Asymmetric Keys
Token Encryption and Signing
Summary
CHAPTER 7: Custom STS through WIF
WS-Trust
Building a Custom STS
Requesting a Token from a Custom STS
Summary
CHAPTER 8: Knowledge Factors
Basic Authentication
Digest Authentication
Windows Authentication
Summary
CHAPTER 9: Ownership Factors
Preshared Key
X.509 Client Certificate
SAML Tokens
Summary
CHAPTER 10: Web Tokens
Simple Web Token
JSON Web Token
JWT Handler
Summary
CHAPTER 11: OAuth 2.0 Using Live Connect API
Use Case for OAuth: App-to-App Data Sharing
OAuth 2.0 Roles
OAuth 2.0 Client Types
OAuth 2.0 Client Profiles
OAuth 2.0 Authorization Grant Types
Access Token
Refresh Token
Using Live Connect APIs
Summary
CHAPTER 12: OAuth 2.0 from the Ground Up
Scenario: Sharing Contact Information
Design
HTTP Transactions
Building the Contacts Manager Application
Building the Promotion Manager Application
Building the Authorization Server
Building the Resource Server
Security Considerations
Summary
CHAPTER 13: OAuth 2.0 Using DotNetOpenAuth
Design
HTTP Transactions
Implementation Ground Work
Building the Client Application
Building the Authorization Server
Building the Resource Server
Implicit Grant
Summary
CHAPTER 14: Two-Factor Authentication
Two Ways to Implement TFA
Implementing Blanket TFA with ASP.NET Web API
Google Authenticator
Implementing Constant Per-Request TFA
Implementing On-Demand Per-Request TFA
Two-Factor Security through Mobile Phones
Summary
CHAPTER 15: Security Vulnerabilities
OWASP Application Security Risks
Security = Hardware + Software + Process
Logging, Auditing, and Tracing
Input Validation
Summary
APPENDIX: ASP.NET Web API Security Distilled
Index
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Title Page
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset