Pro ASP.NET Web API Security: Securing ASP.NET Web API

by Badrinarayanan Lakshmiraghavan

ASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP.With such wide accessibility, securing your code effectively needs to be a top priority. You will quickly find that the WCF security protocols you’re familiar with from .NET are less suitable than they once were in this new environment, proving themselves cumbersome and limited in terms of the standards they can work with.

Fortunately, ASP.NET Web API provides a simple, robust security solution of its own that fits neatly within the ASP.NET MVC programming model and secures your code without the need for SOAP, meaning that there is no limit to the range of devices that it can work with – if it can understand HTTP, then it can be secured by Web API. These SOAP-less security techniques are the focus of this book.

Genres: Software

890 pages, Kindle Edition

First published February 27, 2013

Reviews

[Tomasz Jaskula · Rating 4 out of 5]

I was looking more information about OpenId connect but the book is quite old and OpenId connect at the time of writing was not defined well enough so the book contains just a side note. However, I've learnt many useful information about security, differences between barear and holder of key tokens, SAMLs, JWT, SWT tokens, different security scenarios. The language is really simple to understand even if the author walks you through some complicated scenarios. Good read.

[Tom Schulte · Rating 4 out of 5]

This is a good, broad, fairly complete reference. I came to this reference for the OAuth material. The language for all the code written in this book is C#, which is what I was looking for. "Chapter 15: Security Vulnerabilities" with its explicit examples of CSRF, XSS is especially illustrative.