Language

Security issues for Web API.

  1. ASP.NET Identity

    The ASP.NET Identity system is designed to replace the previous ASP.NET Membership and Simple Membership systems. It includes profile support, OAuth integration, works with OWIN, and is included with the ASP.NET templates shipped with Visual Studio 2013.

  2. Authentication and Authorization

    By Mike Wasson|

    Gives a general overview of authentication and authorization in ASP.NET Web API.

  3. Individual Accounts in Web API

    By Mike Wasson|

    With Visual Studio 2013, Web API now supports individual accounts, using OAuth2 bearer tokens for authorization.

  4. External Authentication Services

    By Robert McMurray|

    Learn how to use External Authentication Services with Web API and Single Page Applications.

  5. Basic Authentication

    By Mike Wasson|

    Describes using Basic Authentication in ASP.NET Web API.

  6. Forms Authentication

    By Mike Wasson|

    Describes using Forms Authentication in ASP.NET Web API.

  7. Integrated Windows Authentication

    By Mike Wasson|

    Describes using Integrated Windows Authentication in ASP.NET Web API.

  8. Enabling Cross-Origin Requests in Web API

    By Mike Wasson|

    Shows how to support Cross-Origin Resource Sharing (CORS) in ASP.NET Web API 2.

  9. Preventing Cross-Site Request Forgery (CSRF) Attacks

    By Mike Wasson|

    Describes the cross-site request forgery (CSRF) attack and how to implement anti-CSRF measures in ASP.NET Web API.

  10. Working with SSL

    By Mike Wasson|

    Shows how to use SSL with ASP.NET Web API, including using SSL client certificates.

  11. OWIN and Katana

    Katana is a flexible set of components for building and hosting Open Web Interface for .NET (OWIN)-based web applications. The Katana/OWIN documentation includes tutorials that show how to handle authentication and authorization scenarios.

  12. Securing ASP.NET Web APIs

    Dominick Baier of thinktecture talks about authentication and authorization in Web API. This talk explores the various options, and puts special focus on technologies like claims, SAML, OAuth2, Simple Web Tokens and delegation.

Essential Videos

Pluralsight

Microsoft has made it possible for you to enjoy this Pluralsight training free of charge. In addition, you can watch more videos free of charge from Microsoft.

1. Introduction

54 mins

2. Uniform Interface

46 mins

3. HttpClient

33 mins

4. Hosting

25 mins

5. Security

10 mins

6.Extensbility

27 mins

Sponsored By: Pluralsight

Get unlimited access to hundreds of Pluralsight online courses like this one.

Starting at $29/mo.

Free Trial! Free Subscribe Now!

Web API Books

Microsoft's Jon Galloway recommends these books for learning ASP.NET MVC:

Pro ASP.NET Web API

Pro ASP.NET Web API

by Tugberk Ugurlu, Alexander Zeitler

Designing Evolvable Web APIs with ASP.NET

Designing Evolvable Web APIs with ASP.NET

by Glenn Block, Pablo Cibraro, Pedro Felix, Howard Dierking, Darrel Miller

ASP.NET MVC 4 and the Web API: Building a REST Service from Start to Finish

ASP.NET MVC 4 and the Web API: Building a REST Service from Start to Finish

by Jamie Kurtz