Pro ASP.NET Web API Security securing ASP.NET Web API
ASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP. With such...
| Main Author: | |
|---|---|
| Format: | eBook |
| Language: | Inglés |
| Published: |
[Berkeley, Calif.] :
Apress
c2013.
|
| Edition: | 1st ed. 2013. |
| Series: | Expert's voice in .NET.
|
| Subjects: | |
| See on Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009628170206719 |
Table of Contents:
- Cover; Title Page; Copyright Page; Dedication Page; Contents at a Glance; Table of Contents; Foreword; About the Author; About the Technical Reviewer; Acknowledgments; Introduction; What You'll Learn; How This Book Is Organized; Chapter 1: Welcome to ASP.NET Web API; Chapter 2: Building RESTful Services; Chapter 3: Extensibility Points; Chapter 4: HTTP Anatomy and Security; Chapter 5: Identity Management; Chapter 6: Encryption and Signing; Chapter 7: Custom STS through WIF; Chapter 8: Knowledge Factors; Chapter 9: Ownership Factors; Chapter 10: Web Tokens
- Chapter 11: OAuth 2.0 Using Live Connect APIChapter 12: OAuth 2.0 from the Ground Up; Chapter 13: OAuth 2.0 Using DotNetOpenAuth; Chapter 14: Two-Factor Authentication; Chapter 15: Security Vulnerabilities; Appendix: ASP.NET Web API Security Distilled; What You Need to Use This Book; Who This Book Is For; CHAPTER 1 Welcome to ASP.NET Web API; What Is a Web API, Anyway?; A Primer on RESTful Web API; Hello, ASP.NET Web API!; WCF vs. ASP.NET Web API; Programming Model Differences; Scenarios in Which ASP.NET Web API Shines; A Primer on Security; Summary; CHAPTER 2 Building RESTful Services
- What Is a RESTful Service?Identification of Resources; Manipulation of Resources Through Representations; Self-Descriptive Messages; Scenario 1: JSON Representation; Scenario 2: No Content Type; Scenario 3: XML Representation; Scenario 4: Mix and Match; Hypermedia as the Engine of Application State; Implementing and Consuming an ASP.NET Web API; Our First Attempt in Securing a Web API; Forms Authentication; Summary; CHAPTER 3 Extensibility Points; The What and Why of Extensibility Points; ASP.NET Web API Life Cycle; Filters; Authorize Filter; Subclassed Authorize Filter; ActionFilter
- Message HandlersHTTP Modules; Summary; CHAPTER 4 HTTP Anatomy and Security; HTTP Transaction; HTTP Request; Request Headers; HTTP Methods; Method Overriding; HTTP Response; Status Codes; The Curious Case of an Unhandled Exception; Response Headers; Response Body; Web Caching; Entity Tag; Implementing ETag in ASP.NET Web API; ETag ActionFilter; Testing ETag ActionFilter; ETags for Managing Concurrency; Cross-Origin Resource Sharing; Simple CORS; Simple CORS; Preflighted Request; Preflighted Request; Implementing Preflighted CORS in ASP.NET Web API
- Implementing Preflighted CORS in ASP.NET Web APIHTTP Cookies; Cookies and ASP.NET Web API; HttpOnly Cookies; Proxy Server; HTTPS; Configuring HTTPS for ASP.NET Web API Hosted in IIS; Fiddler: A Tool for Web Debugging; Capturing and Decrypting HTTPS Traffic; Fiddler as Man-in-the-Middle; Summary; CHAPTER 5 Identity Management; Authentication and Authorization; Role-Based Security; Identity and Principal; Using Generic Identity in a WinForms Application; Using Windows Identity in a Console Application; The Curious Case of Thread.CurrentPrincipal; Claims-Based Security; Real-World Analogy
- Claims-Based Access Control vs. Role-Based Access Control
