SlideShare a Scribd company logo

Web API authentication and authorization

Download as PPTX, PDF
Chalermpon Areepong, profile picture
Chalermpon Areepong

This document summarizes a presentation on securing ASP.NET Web APIs. It discusses various security scenarios like transport layer security with HTTPS, authentication using tokens or two-factor authentication, and authorization using roles or claims. It provides an overview of the ASP.NET Web API architecture and how OWIN and middleware can be used. Examples are given of username/password authentication to obtain a token. The presentation aims to explain security concepts, demonstrate examples, and provide summaries.

Technology
1 of 20
Downloaded 12 times
1
2
Most read
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
CHALERMPON AREEPONG Microsoft MVP ASP.NET MVCRocks.NET Community and https://fb.com/groups/mvcthaidev Founder DevRock #01 Hello New Year 2015
DevRock #01 Hello New Year 2015 CHALERMPON AREEPONG Microsoft MVP – ASP.NET 9 Years
DevRock #01 Hello New Year 2015  ASP.NET Web APIs  The ways to secure your Web APIs.  Web Security Scenarios  Explain each scenarios  demo  How to  Summaries
Basic Understanding ASP.NET WEB APIs DevRock #01 Hello New Year 2015
DevRock #01 Hello New Year 2015  Support HTTP Content-Types  json, xml, plain text, …, custom  Client can use HTTP to access the APIs  HTTP Verbs to access resources  GET, POST, PUT, DELETE, etc….  Response HTTP Status Code  20x, 30x, 40x, 50x  Multiple Host Types  IIS, WAS, Windows Service, Console, ..  Extensible and Customizable
DevRock #01 Hello New Year 2015 DEMO
DevRock #01 Hello New Year 2015  Web  Mobile  Device  Application  Any Client send HTTP Request
Basic Understanding Web Security DevRock #01 Hello New Year 2015
DevRock #01 Hello New Year 2015  Transport Layer Security  HTTPs Protocol Encryption  Untrusted (Anonymous)  Trusted
DevRock #01 Hello New Year 2015  Application Layer Security (1)  Authentication  Token-Based  Two-Factors  Intranet (IIS Windows)  LDAP (Active Directory, OpenLDAP)  OAuth, OpenID  Identity Services ( Azure AD Service)
DevRock #01 Hello New Year 2015  Application Layer Security (2)  Authorization  Role Based  Claims Based  …..
DevRock #01 Hello New Year 2015  Application Layer Security (3)  Data Encryption  Encryption Algorithms
ASP.NET Web APIs architecture DevRock #01 Hello New Year 2015
DevRock #01 Hello New Year 2015 HOST OWIN Web API MessageHandler global/per-route Authentication Filter Authorization Filter Host/Framework Independent concerns, e.g. authentication Web API cross-cutting concerns, e.g. CORS Web API specific Authentication internal app level Authorization
DevRock #01 Hello New Year 2015 Web API with OWIN Adpater OWIN ASP.NET with OWIN Bridge IIS
DevRock #01 Hello New Year 2015 Web API with OWIN Adpater OWIN Process/Host +OWIN Bridge
DevRock #01 Hello New Year 2015 Scalability of servers:  Stateless  Centralize user info Loosely coupling  No dependency Service Mobile Friendly  Just keep token for reuse in Native Mobile app.
DevRock #01 Hello New Year 2015 Username / Password Get token
DevRock #01 Hello New Year 2015 ASP.NET WEB API 2.0  Self Provider  External Provider
Web API authentication and authorization

More Related Content

PDF
Jwt Security
Seid Yassin
 
PDF
OAuth - Open API Authentication
leahculver
 
PDF
Json web token
Mayank Patel
 
PPTX
Pentesting jwt
Jaya Kumar Kondapalli
 
PDF
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
PDF
JSON WEB TOKEN
Knoldus Inc.
 
PPTX
Introduction to REST - API
Chetan Gadodia
 
PPTX
Attacking thru HTTP Host header
Sergey Belov
 
Jwt Security
Seid Yassin
 
OAuth - Open API Authentication
leahculver
 
Json web token
Mayank Patel
 
Pentesting jwt
Jaya Kumar Kondapalli
 
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
JSON WEB TOKEN
Knoldus Inc.
 
Introduction to REST - API
Chetan Gadodia
 
Attacking thru HTTP Host header
Sergey Belov
 

What's hot (20)

PPTX
Rest API Security
Stormpath
 
ODP
OAuth2 - Introduction
Knoldus Inc.
 
PPTX
Token Authentication in ASP.NET Core
Stormpath
 
PPTX
Waf bypassing Techniques
Avinash Thapa
 
PDF
JSON Web Token
Deddy Setyadi
 
PDF
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
 
PPTX
An Introduction to OAuth 2
Aaron Parecki
 
PPTX
Json Web Token - JWT
Prashant Walke
 
PDF
OWASP API Security Top 10 - API World
42Crunch
 
PPTX
Introduction to HTTP protocol
Aviran Mordo
 
PDF
JSON Web Tokens
Ivan Rosolen
 
PPT
Understanding REST
Nitin Pande
 
PDF
Implementing OAuth
leahculver
 
PPTX
Building Secure User Interfaces With JWTs
robertjd
 
PDF
Getting Started with FIDO2
FIDO Alliance
 
PPT
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
PPTX
Introduction to PHP
Collaboration Technologies
 
PPTX
HTTP request and response
Sahil Agarwal
 
PDF
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
PDF
Using JSON Web Tokens for REST Authentication
Mediacurrent
 
Rest API Security
Stormpath
 
OAuth2 - Introduction
Knoldus Inc.
 
Token Authentication in ASP.NET Core
Stormpath
 
Waf bypassing Techniques
Avinash Thapa
 
JSON Web Token
Deddy Setyadi
 
Introduction to JWT and How to integrate with Spring Security
Bruno Henrique Rother
 
An Introduction to OAuth 2
Aaron Parecki
 
Json Web Token - JWT
Prashant Walke
 
OWASP API Security Top 10 - API World
42Crunch
 
Introduction to HTTP protocol
Aviran Mordo
 
JSON Web Tokens
Ivan Rosolen
 
Understanding REST
Nitin Pande
 
Implementing OAuth
leahculver
 
Building Secure User Interfaces With JWTs
robertjd
 
Getting Started with FIDO2
FIDO Alliance
 
OAuth 2.0 and OpenId Connect
Saran Doraiswamy
 
Introduction to PHP
Collaboration Technologies
 
HTTP request and response
Sahil Agarwal
 
Bug Bounty Hunter Methodology - Nullcon 2016
bugcrowd
 
Using JSON Web Tokens for REST Authentication
Mediacurrent
 
Ad

Viewers also liked (20)

PPTX
Authentication, Authorization, and Identity – More than meets the eye…
Scott Hoag
 
PPTX
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
Chalermpon Areepong
 
PPTX
Scalable Resilient Web Services In .Net
Bala Subra
 
PPTX
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .net
Codecamp Romania
 
PPTX
Performance in .net best practices
Codecamp Romania
 
PPTX
Asp.net mvc security
LearningTech
 
PPTX
DDD Melbourne 2014 security in ASP.Net Web API 2
Pratik Khasnabis
 
PPT
Smooth Sort
habib_786
 
PDF
Design & Deploy a data-driven Web API in 2 hours
Restlet
 
PDF
Secure RESTful Web Services for ASP.NET Web API
Rob Daigneau
 
PPTX
End to End Security with MVC and Web API
Michele Leroux Bustamante
 
PPTX
Building Scalable .NET Web Applications
Buu Nguyen
 
PDF
Tips and Tricks For Faster Asp.NET and MVC Applications
Sarvesh Kushwaha
 
PPTX
ASP.NET Core 1.0 Overview: Post-RC2
Shahed Chowdhuri
 
PPTX
Overview of the .Net Collection Framework and Immutable Collections
Yoshifumi Kawai
 
PDF
5. web api 2 aspdotnet-mvc5-slides
MasterCode.vn
 
PPTX
ASP.NET Core MVC + Web API with Overview (Post RC2)
Shahed Chowdhuri
 
PPTX
Scaling asp.net websites to millions of users
oazabir
 
PPTX
10 performance and scalability secrets of ASP.NET websites
oazabir
 
PPTX
ASP.NET Mvc 4 web api
Tiago Knoch
 
Authentication, Authorization, and Identity – More than meets the eye…
Scott Hoag
 
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
Chalermpon Areepong
 
Scalable Resilient Web Services In .Net
Bala Subra
 
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .net
Codecamp Romania
 
Performance in .net best practices
Codecamp Romania
 
Asp.net mvc security
LearningTech
 
DDD Melbourne 2014 security in ASP.Net Web API 2
Pratik Khasnabis
 
Smooth Sort
habib_786
 
Design & Deploy a data-driven Web API in 2 hours
Restlet
 
Secure RESTful Web Services for ASP.NET Web API
Rob Daigneau
 
End to End Security with MVC and Web API
Michele Leroux Bustamante
 
Building Scalable .NET Web Applications
Buu Nguyen
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Sarvesh Kushwaha
 
ASP.NET Core 1.0 Overview: Post-RC2
Shahed Chowdhuri
 
Overview of the .Net Collection Framework and Immutable Collections
Yoshifumi Kawai
 
5. web api 2 aspdotnet-mvc5-slides
MasterCode.vn
 
ASP.NET Core MVC + Web API with Overview (Post RC2)
Shahed Chowdhuri
 
Scaling asp.net websites to millions of users
oazabir
 
10 performance and scalability secrets of ASP.NET websites
oazabir
 
ASP.NET Mvc 4 web api
Tiago Knoch
 
Ad

Similar to Web API authentication and authorization (20)

PDF
Transforming organizations into platforms
Twobo Technologies
 
PDF
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
apidays
 
PDF
Designing Secure APIs
Steven Chen
 
PDF
ASP.NET Web API Interview Questions By Scholarhat
Scholarhat
 
PDF
Unleash the power of HTTP with ASP.NET Web API
Filip W
 
PDF
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Adar Weidman
 
PDF
API, Integration, and SOA Convergence
Kasun Indrasiri
 
PDF
API Security: the full story
42Crunch
 
PPTX
REST and ASP.NET Web API (Tunisia)
Jef Claes
 
PDF
ASP NET Web API 2 Building a REST Service from Start to Finish 2nd Edition Ja...
prienmance8p
 
PPTX
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
PPTX
REST for .NET - Introduction to ASP.NET Web API
Tomas Jansson
 
PPTX
Getting started with dotnet core Web APIs
Knoldus Inc.
 
PDF
RESTful Day 5
Akhil Mittal
 
PPTX
REST API Design & Development
Ashok Pundit
 
PPTX
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
PPTX
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
 
PPTX
Web API or WCF - An Architectural Comparison
Adnan Masood
 
PDF
APIs for your Business + Stages of the API Lifecycle
3scale
 
PPTX
06 web api
Bat Programmer
 
Transforming organizations into platforms
Twobo Technologies
 
APIsecure 2023 - Exploring Advanced API Security Techniques and Technologies,...
apidays
 
Designing Secure APIs
Steven Chen
 
ASP.NET Web API Interview Questions By Scholarhat
Scholarhat
 
Unleash the power of HTTP with ASP.NET Web API
Filip W
 
Checkmarx meetup API Security - API Security top 10 - Erez Yalon
Adar Weidman
 
API, Integration, and SOA Convergence
Kasun Indrasiri
 
API Security: the full story
42Crunch
 
REST and ASP.NET Web API (Tunisia)
Jef Claes
 
ASP NET Web API 2 Building a REST Service from Start to Finish 2nd Edition Ja...
prienmance8p
 
Trust No One: The New Security Model for Web APIs - SecTor talk by Greg Kliew...
CA API Management
 
REST for .NET - Introduction to ASP.NET Web API
Tomas Jansson
 
Getting started with dotnet core Web APIs
Knoldus Inc.
 
RESTful Day 5
Akhil Mittal
 
REST API Design & Development
Ashok Pundit
 
Rest API Security - A quick understanding of Rest API Security
Mohammed Fazuluddin
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
 
Web API or WCF - An Architectural Comparison
Adnan Masood
 
APIs for your Business + Stages of the API Lifecycle
3scale
 
06 web api
Bat Programmer
 

More from Chalermpon Areepong (9)

PPTX
DevRock #02 akka.net intro part
Chalermpon Areepong
 
PDF
Build your website with angularjs and web apis
Chalermpon Areepong
 
PPTX
Java script for web developer
Chalermpon Areepong
 
PPTX
ASP.NET WEB API Training
Chalermpon Areepong
 
PPTX
ZZ BC#7.5 asp.net mvc practice and guideline refresh!
Chalermpon Areepong
 
PPTX
ZZ BC#7 asp.net mvc practice and guideline by NineMvp
Chalermpon Areepong
 
PPTX
Build your web app with asp.net mvc 2 from scratch
Chalermpon Areepong
 
PPTX
Gf vtzz-05--j queryshowcase
Chalermpon Areepong
 
PPTX
J query
Chalermpon Areepong
 
DevRock #02 akka.net intro part
Chalermpon Areepong
 
Build your website with angularjs and web apis
Chalermpon Areepong
 
Java script for web developer
Chalermpon Areepong
 
ASP.NET WEB API Training
Chalermpon Areepong
 
ZZ BC#7.5 asp.net mvc practice and guideline refresh!
Chalermpon Areepong
 
ZZ BC#7 asp.net mvc practice and guideline by NineMvp
Chalermpon Areepong
 
Build your web app with asp.net mvc 2 from scratch
Chalermpon Areepong
 
Gf vtzz-05--j queryshowcase
Chalermpon Areepong
 
J query
Chalermpon Areepong
 

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
A Presentation on Artificial Intelligence
memembruh336
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
NewMind AI Weekly Chronicles - August'25-Week II
NewMind AI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
A Presentation on Artificial Intelligence
memembruh336
 
Spectroscopy.pptx food analysis technology
nawahassan45
 

Web API authentication and authorization

  • 1. CHALERMPON AREEPONG Microsoft MVP ASP.NET MVCRocks.NET Community and https://fb.com/groups/mvcthaidev Founder DevRock #01 Hello New Year 2015
  • 2. DevRock #01 Hello New Year 2015 CHALERMPON AREEPONG Microsoft MVP – ASP.NET 9 Years
  • 3. DevRock #01 Hello New Year 2015  ASP.NET Web APIs  The ways to secure your Web APIs.  Web Security Scenarios  Explain each scenarios  demo  How to  Summaries
  • 4. Basic Understanding ASP.NET WEB APIs DevRock #01 Hello New Year 2015
  • 5. DevRock #01 Hello New Year 2015  Support HTTP Content-Types  json, xml, plain text, …, custom  Client can use HTTP to access the APIs  HTTP Verbs to access resources  GET, POST, PUT, DELETE, etc….  Response HTTP Status Code  20x, 30x, 40x, 50x  Multiple Host Types  IIS, WAS, Windows Service, Console, ..  Extensible and Customizable
  • 6. DevRock #01 Hello New Year 2015 DEMO
  • 7. DevRock #01 Hello New Year 2015  Web  Mobile  Device  Application  Any Client send HTTP Request
  • 8. Basic Understanding Web Security DevRock #01 Hello New Year 2015
  • 9. DevRock #01 Hello New Year 2015  Transport Layer Security  HTTPs Protocol Encryption  Untrusted (Anonymous)  Trusted
  • 10. DevRock #01 Hello New Year 2015  Application Layer Security (1)  Authentication  Token-Based  Two-Factors  Intranet (IIS Windows)  LDAP (Active Directory, OpenLDAP)  OAuth, OpenID  Identity Services ( Azure AD Service)
  • 11. DevRock #01 Hello New Year 2015  Application Layer Security (2)  Authorization  Role Based  Claims Based  …..
  • 12. DevRock #01 Hello New Year 2015  Application Layer Security (3)  Data Encryption  Encryption Algorithms
  • 13. ASP.NET Web APIs architecture DevRock #01 Hello New Year 2015
  • 14. DevRock #01 Hello New Year 2015 HOST OWIN Web API MessageHandler global/per-route Authentication Filter Authorization Filter Host/Framework Independent concerns, e.g. authentication Web API cross-cutting concerns, e.g. CORS Web API specific Authentication internal app level Authorization
  • 15. DevRock #01 Hello New Year 2015 Web API with OWIN Adpater OWIN ASP.NET with OWIN Bridge IIS
  • 16. DevRock #01 Hello New Year 2015 Web API with OWIN Adpater OWIN Process/Host +OWIN Bridge
  • 17. DevRock #01 Hello New Year 2015 Scalability of servers:  Stateless  Centralize user info Loosely coupling  No dependency Service Mobile Friendly  Just keep token for reuse in Native Mobile app.
  • 18. DevRock #01 Hello New Year 2015 Username / Password Get token
  • 19. DevRock #01 Hello New Year 2015 ASP.NET WEB API 2.0  Self Provider  External Provider