Security
In this chapter, you'll learn:
Security issues for Web API.
Authentication and Authorization
By Mike Wasson|
Gives a general overview of authentication and authorization in ASP.NET Web API.
Basic Authentication
By Mike Wasson|
Describes using Basic Authentication in ASP.NET Web API.
Forms Authentication
By Mike Wasson|
Describes using Forms Authentication in ASP.NET Web API.
Integrated Windows Authentication
By Mike Wasson|
Describes using Integrated Windows Authentication in ASP.NET Web API.
OAuth 2.0
By Mike Wasson|
Gives a brief high-level overview of OAuth 2.0 in the context of web APIs.
Preventing Cross-Site Request Forgery (CSRF) Attacks
By Mike Wasson|
Describes the cross-site request forgery (CSRF) attack and how to implement anti-CSRF measures in ASP.NET Web API.
Working with SSL
By Mike Wasson|
Shows how to use SSL with ASP.NET Web API, including using SSL client certificates.
Securing ASP.NET Web APIs
Dominick Baier of thinktecture talks about authentication and authorization in Web API. This talk explores the various options, and puts special focus on technologies like claims, SAML, OAuth2, Simple Web Tokens and delegation.
Web API Books
Microsoft's Jon Galloway recommends these books for learning ASP.NET MVC:
Designing Evolvable Web APIs with ASP.NET
by Glenn Block, Pablo Cibraro, Pedro Felix, Howard Dierking, Darrel Miller
