Web API v2 Security

Pluralsight

Course Summary

Implementing Authentication and Authorization in ASP.NET Web API v2.

+
Course Description

The main feature focus of ASP.NET Web API v2 was security. There's a brand new authentication system and support for popular authentication methods, like OAuth2 tokens, that is already built-in. Additionally, it is now much easier to use Web APIs from JavaScript clients and the new security extensibility gives you powerful features to integrate your APIs in arbitrary security systems.

Course Description

The main feature focus of ASP.NET Web API v2 was security. There's a brand new authentication system and support for popular authentication methods, like OAuth2 tokens, that is already built-in. Additionally, it is now much easier to use Web APIs from JavaScript clients and the new security extensibility gives you powerful features to integrate your APIs in arbitrary security systems.

+
Course Syllabus

Overview
- 2m 16s

â€”Overview 2m 16s

HTTP Security Primer
- 1h 7m

â€”Overview 0m 39s
â€”Transport Security 2m 54s
â€”X.509 Certificates 2m 6s
â€”SSL Handshake 3m 47s
â€”Developers and SSL 3m 57s
â€”Where to get Certificates from? 3m 20s
â€”Creating Certificates 2m 48s
â€”Demo: Building an SSL Development Environment 17m 29s
â€”Demo: Command Line Tools and Self-hosting 7m 8s
â€”Demo: Fiddler and SSL Tracing 6m 8s
â€”Validating Certificates using .NET APIs 16m 6s
â€”Resources 1m 8s

ASP.NET Web API Security Architecture
- 50m 21s

â€”Overview 0m 58s
â€”The Security Pipeline 5m 55s
â€”OWIN/Katana Hosting 4m 12s
â€”OWIN Middleware 3m 39s
â€”Message Handler 1m 20s
â€”Authentication Filter 1m 57s
â€”Authorization Filter 1m 30s
â€”Accessing Client Identity 3m 3s
â€”Demo: Security Pipeline 18m 15s
â€”Demo: Hosting Options 6m 32s
â€”Summary 2m 24s
â€”Resources 0m 30s

Classic Authentication and Katana Authentication Middleware
- 1h 23m

â€”Overview 2m 19s
â€”Windows Authentication 4m 38s
â€”Demo: Windows Authentication 17m 3s
â€”Basic Authentication 4m 13s
â€”Excursion: Katana Authentication Middleware 5m 38s
â€”Demo: Basic Authentication 14m 36s
â€”X.509 Client Certificates 3m 37s
â€”Demo: Client Certificates and Combining Authentication Methods 20m 57s
â€”Demo: Self Hosting 8m 46s
â€”Summary 1m 26s

JavaScript and Browser-based Clients
- 37m 6s

â€”Overview 1m 16s
â€”Same Origin Policy 2m 42s
â€”Implicit Browser Authentication 1m 29s
â€”Cross Site Request Forgery (CSRF) 2m 8s
â€”CSRF Mitigation 5m 31s
â€”Demo: Implicit Authentication and CSRF 4m 14s
â€”Demo: CSRF Mitigation using Anti-Forgery Tokens 5m 58s
â€”Cross Origin Resource Sharing (CORS) 8m 13s
â€”Demo: CORS support in Web API 3m 35s
â€”Summary 1m 57s

Token-based Authentication - Part 1
- 55m 19s

â€”Overview 2m 36s
â€”Modern Applications 4m 4s
â€”Requirements and Complexity 5m 30s
â€”OAuth2 6m 27s
â€”Authorization Servers 1m 42s
â€”Demo: Thinktecture AuthorizationServer 4m 50s
â€”Trusted Applications 9m 9s
â€”Demo: Resource Owner Credential Flow 4m 53s
â€”Adding Refresh Tokens 4m 24s
â€”Demo: Adding Refresh Tokens 5m 38s
â€”Demo: AuthorizationServer and Resource Owner Flow 4m 16s
â€”Excursion: JSON Web Tokens 1m 44s

Token-based Authentication - Part 2
- 44m 39s

â€”Native or Browser-based Clients 6m 47s
â€”Demo: Implicit Flow 9m 58s
â€”Confidential Clients 3m 20s
â€”Demo: Authorization Code Flow 5m 1s
â€”Federation and Delegation 6m 57s
â€”Demo: Assertion Flow 8m 50s
â€”Summary 2m 8s
â€”Resources 1m 35s

Authorization
- 32m 7s

â€”Overview 1m 24s
â€”Client vs. User Authorization 3m 28s
â€”Authorization Options 2m 33s
â€”AuthorizeAttribute Usage and Internals 5m 20s
â€”Custom Authorization Logic 4m 17s
â€”Imperative Authorization 1m 17s
â€”Demo: Authorization 12m 11s
â€”Summary 1m 33s

Course Fee:

USD 29

Course Type:	Self-Study
Course Status:	Active
Workload:	1 - 4 hours / week

This course is listed under Development & Implementations , Networks & IT Infrastructure and IT Security & Architecture Community

Attended this course? Write a Review

Course Fee:

USD 29

Course Type:	Self-Study
Course Status:	Active
Workload:	1 - 4 hours / week

IT Career Development Platform

Web API v2 Security

Pluralsight

Course Summary

Course Description

Course Description

Course Syllabus

Course Type:

Course Status:

Workload:

Web API

Application Program Interface (API)

Secure Sockets Layer (SSL)

Cross-Site Request Forgery (CSRF)

Middleware

DOT NET (.NET)

Active Server Page (ASP)

ASP DOT NET Web API (ASP.NET Web API)

ASP DOT NET (ASP.NET)

JavaScript

Attended this course? Write a Review

Course Type:

Course Status:

Workload: