What do you think?
Rate this book
Pro ASP.NET Web API Security: Securing ASP.NET Web API
ASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP With such wide accessibility, securing your code effectively needs to be a top priority. You will quickly find that the WCF security protocols you're familiar with from .NET are less suitable than they once were in this new environment, proving themselves cumbersome and limited in terms of the standards they can work with. What you'll learn Identity management and cryptography HTTP basic and digest authentication and Windows authentication HTTP advanced concepts such as web caching, ETag, and CORS Ownership factors of API keys, client X.509 certificates, and SAML tokens Simple Web Token (SWT) and signed and encrypted JSON Web Token (JWT) OAuth 2.0 from the ground up using JWT as the bearer token OAuth 2.0 authorization codes and implicit grants using DotNetOpenAuth Two-factor authentication using Google Authenticator OWASP Top Ten risks for 2013 Who this book is for
No prior experience of .NET security is needed to read this book. All security related concepts will be introduced from first-principles and developed to the point where you can use them confidently in a professional environment. A good working knowledge of and experience with C# and the .NET framework are the only prerequisites to benefit from this book. Table of Contents Welcome to ASP.NET Web API Building RESTful Services Extensibility Points HTTP Anatomy and Security Identity Management Encryption and Signing Custom STS through WIF Knowledge Factors Ownership Factors Web Tokens OAuth 2.0 Using Live Connect API OAuth 2.0 From the Ground Up OAuth 2.0 Using DotNetOpenAuth Two-Factor Authentication Security Vulnerabilities Appendix: ASP.NET Web API Security Distilled
No prior experience of .NET security is needed to read this book. All security related concepts will be introduced from first-principles and developed to the point where you can use them confidently in a professional environment. A good working knowledge of and experience with C# and the .NET framework are the only prerequisites to benefit from this book. Table of Contents Welcome to ASP.NET Web API Building RESTful Services Extensibility Points HTTP Anatomy and Security Identity Management Encryption and Signing Custom STS through WIF Knowledge Factors Ownership Factors Web Tokens OAuth 2.0 Using Live Connect API OAuth 2.0 From the Ground Up OAuth 2.0 Using DotNetOpenAuth Two-Factor Authentication Security Vulnerabilities Appendix: ASP.NET Web API Security Distilled
- GenresSoftware
420 pages, Paperback
First published February 27, 2013
10 people are currently reading
34 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
December 30, 2017
I was looking more information about OpenId connect but the book is quite old and OpenId connect at the time of writing was not defined well enough so the book contains just a side note. However, I've learnt many useful information about security, differences between barear and holder of key tokens, SAMLs, JWT, SWT tokens, different security scenarios. The language is really simple to understand even if the author walks you through some complicated scenarios. Good read.
December 2, 2015
This is a good, broad, fairly complete reference. I came to this reference for the OAuth material. The language for all the code written in this book is C#, which is what I was looking for. "Chapter 15: Security Vulnerabilities" with its explicit examples of CSRF, XSS is especially illustrative.
Displaying 1 - 2 of 2 reviews