Web API v2 Security

Implementing Authentication and Authorization in ASP.NET Web API v2.
Course info
Rating
(927)
Level
Intermediate
Updated
Apr 12, 2014
Duration
6h 13m
Table of contents
Overview
HTTP Security Primer
ASP.NET Web API Security Architecture
Classic Authentication and Katana Authentication Middleware
JavaScript and Browser-based Clients
Token-based Authentication - Part 1
Token-based Authentication - Part 2
Authorization
Description
Course info
Rating
(927)
Level
Intermediate
Updated
Apr 12, 2014
Duration
6h 13m
Description

The main feature focus of ASP.NET Web API v2 was security. There's a brand new authentication system and support for popular authentication methods, like OAuth2 tokens, that is already built-in. Additionally, it is now much easier to use Web APIs from JavaScript clients and the new security extensibility gives you powerful features to integrate your APIs in arbitrary security systems.

About the author
About the author

Dominick works as an associate consultant for the Germany-based company thinktecture. His main area of focus is security in general and identity & access control in particular.

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Overview
Hi, and welcome to Securing ASP. NET Web API v2. In this course, I want to give you all the information you need to successfully implement authentication and authorization in your Web APIs. Now in Web API v2 there are a lot of new things to discover. Many things have changed from version 1 where in version security was mainly based on hosting specific features, in version 2 there's a completely new hosting infrastructure, completely new authentication infrastructure, and a lot of options around authorization. Now there are two paths you can take through this course. First, there's module #2, which deals with all the basics around HTTP, transport security, SSL, the HTTP authentication framework, how to set up your development environment to use transport security from day 1 in all these things. So that is recommended to have a look because SSL, or transport security in general, is really, really important when building HTTP-based applications. And then, when you're, like, on a greenfield scenario, the fast track is basically module #3, 6, and 7 where we basically talk through the main design goals and changes in Web API v2, which is about the new security architecture, token-based authentication and dual authorization based on claims. If you want to know more on how the inner workings of this new security architecture works, then there are two additional modules. One is module #4 where we talk about the thing called the Katana Authentication middleware and we build two middlewares to implement features that are not part of the standard Web API v2 box. And module #5 talks about specific things that you need to know if your clients that talk to your Web APIs are browser-based or JavaScript-based clients and many of the conclusions of the problems you have in that browser-based world, again, lead to module #6 where token-based authentication fixes many of the problems. Also in module #5, you'll learn about CORS, which is a new feature in the Web API v2, that allows to do cross-domain communication from JavaScript.