Pro ASP.NET Web API Security

Happy to announce that the book I have written for Apress“Pro ASP.NET Web API Security” is published and is available in Amazon.

My heart felt thanks to Dominick Baier, thinktecture for all his help and guidance, including taking time from his busy schedule to write the foreword for this book. Thanks to Ewan Buckingham, lead editor  and Mark Powers, coordinating editor from Apress for all the help in getting this book published. Special thanks to Barbara McGuire, our developmental editor.

Pro ASP.NET Web API Security

Book Description

Publication Date: March 27, 2013 | Paperback: 416 pages | ISBN-10: 1430257822

ASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP.

With such wide accessibility, securingyour code effectively needs to be a top priority. You will quickly find that the WCF security protocols you’re familiar with from .NET (WS-* and similar)are less suitable than they once were in this new environment; proving themselves cumbersome and limited in terms of the standards they can work with.

Fortunately, ASP.NET Web API provides asimple robust security solution of its own that fits neatly within the ASP.NET MVC programming model and secures your code without the need for SOAP meaningthat there is no limit to the range of devices that it can work with – if it can understand HTTP then it can be secured by Web API. These SOAP-less security techniques are the focus of this book.

What you’ll learn

  • Identity management and cryptography
  • HTTP basic and digest authentication and Windows authentication
  • HTTP advanced concepts such as web caching, ETag, and CORS
  • Ownership factors of API keys, client X.509 certificates, and SAML tokens
  • Simple Web Token (SWT) and signed and encrypted JSON Web Token (JWT)
  • OAuth 2.0 from the ground up using JWT as the bearer token
  • OAuth 2.0 authorization codes and implicit grants using DotNetOpenAuth
  • Two-factor authentication using Google Authenticator
  • OWASP Top Ten risks for 2013

Who this book is for

No prior experience of .NET-security is needed to read this book. All security related concepts will be introduced from first-principles and developed to the point where you can use them confidently in a professional environment. A good working knowledge and experience of C# and the .NET framework are the only pre-requisites to benefit from this book.

Table of Contents

  1. Welcome to ASP.NET Web API
  2. Building RESTful Services
  3. Extensibility Points
  4. HTTP Anatomy and Security
  5. Identity Management
  6. Encryption and Signing
  7. Custom STS through WIF
  8. Knowledge Factors
  9. Ownership Factors
  10. Web Tokens
  11. OAuth 2.0 Using Live Connect API
  12. OAuth 2.0 From the Ground Up
  13. OAuth 2.0 Using DotNetOpenAuth
  14. Two-Factor Authentication
  15. Security Vulnerabilities
  16. Appendix: ASP.NET Web API Security Distilled

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.