Presenter: Jnana Ranjan Swain
Date: 27-6-2014
OAuth And REST Services
Presenter:Jnana Ranjan Swain, Mindfire Solutions
About Me
MCTS-70-515 - Microsoft .NET 4.0, Web App
Development
ASP.NET, W...
Agenda
Presenter:Jnana Ranjan Swain, Mindfire Solutions

Introduction To OAuth

OAuth Security Framework

OAuth .Net AP...
OAuth
Presenter:Jnana Ranjan Swain, Mindfire Solutions
Introduction to OAuth
Presenter:Jnana Ranjan Swain, Mindfire Solutions

The OAuth protocol enables a third-party applicat...
Presenter:Jnana Ranjan Swain, Mindfire Solutions
OAuth Framework
Presenter:Jnana Ranjan Swain, Mindfire Solutions

Resource Owner
- Granting access to a protected resource.

Resource Server
- The server hosting the protected resources...
Access Token

Access tokens are credentials used to access protected
resources. An access token is a string representing ...
Access Token Types

Bearer Token
A Bearer Token is set in the Authorization header of every inline
action HTTP Request.
E...
Refresh Token

Refresh tokens are credentials used to obtain access tokens.

Refresh tokens are issued to the client by ...
Oauth .Net API
- Microsoft.Owin.Security
- API for creating Autherization server
new OAuthAuthorizationServerOptions
{
Tok...

It controls the lifecycle of Authorization Server

Used by Authorization Server to communicate with the web
application...
Introduction to REST

Web services communicate via either SOAP or REST.

Representational state transfer is a way to cre...
Building Rest Service using Asp.net WebAPI
Presenter:Jnana Ranjan Swain, Mindfire Solutions
Securing REST API

SSL

Cross-origin resource sharing (CORS)

OAUTH
Presenter:Jnana Ranjan Swain, Mindfire Solutions
Live Demo
Presenter:Jnana Ranjan Swain, Mindfire Solutions
References
http://oauth.net/
http://tools.ietf.org/
http://www.asp.net
https://developers.google.com
http://blog.rfaisal.c...
Question and Answer
Presenter:Jnana Ranjan Swain, Mindfire Solutions
Thank you
Presenter:Jnana Ranjan Swain, Mindfire Solutions
http://www.linkedin.com/company/mindfire-solutions
http://twitter.com/mindfires
Presenter: Jnana Ranjan Swain, Mindfire So...
Upcoming SlideShare
Loading in …5
×

OAuth and Rest

1,101 views
952 views

Published on

Websites usually communicate via web services — REST API is one such technology that can be used to create a web service. OAuth is an open standard for authorization that provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair). This session would cover introduction to OAuth and securing rest service using OAuth.

Published in: Software, Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,101
On SlideShare
0
From Embeds
0
Number of Embeds
39
Actions
Shares
0
Downloads
19
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

OAuth and Rest

  1. 1. Presenter: Jnana Ranjan Swain Date: 27-6-2014 OAuth And REST Services
  2. 2. Presenter:Jnana Ranjan Swain, Mindfire Solutions About Me MCTS-70-515 - Microsoft .NET 4.0, Web App Development ASP.NET, WCF, SQLServer, Jquery, jQueryUI, WindowsAzure, EntityFramework, MVC Facebook: http://www.facebook.com/jnanaswain LinkedIn: http://www.linkedin.com/in/jnanaswain Twitter: https://twitter.com/jnanaswain Email: jnanas@mindfiresolutions.com Skype: mfsi_jnanas Skills Connect Me Contact Me Certification
  3. 3. Agenda Presenter:Jnana Ranjan Swain, Mindfire Solutions  Introduction To OAuth  OAuth Security Framework  OAuth .Net API  Building Rest Service using Asp.net WebAPI  Securing Rest API  Live Demo
  4. 4. OAuth Presenter:Jnana Ranjan Swain, Mindfire Solutions
  5. 5. Introduction to OAuth Presenter:Jnana Ranjan Swain, Mindfire Solutions  The OAuth protocol enables a third-party application to obtain limited access to a HTTP services, on behalf of a resource owner,without giving credentials.  OAuth 2.0 is the recent version,which is in development phase.  Facebook, Twitter, Google, Microsoft and many more companies are using OAuth.
  6. 6. Presenter:Jnana Ranjan Swain, Mindfire Solutions
  7. 7. OAuth Framework Presenter:Jnana Ranjan Swain, Mindfire Solutions
  8. 8.  Resource Owner - Granting access to a protected resource.  Resource Server - The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.  Client - An application making protected resource requests on behalf of the resource owner and with its authorization.  Authorization Server - The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization. OAuth Roles Presenter:Jnana Ranjan Swain, Mindfire Solutions
  9. 9. Access Token  Access tokens are credentials used to access protected resources. An access token is a string representing an authorization issued to the client  The resource server MUST validate the access token and ensure that it has not expired and that its scope covers the requested resource.  It can have different formats, structures, and methods of utilization (e.g., cryptographic properties) based on the resource server security requirements. GET /plus/v1/people/me HTTP/1.1 Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg Host: googleapis.com Presenter:Jnana Ranjan Swain, Mindfire Solutions
  10. 10. Access Token Types  Bearer Token A Bearer Token is set in the Authorization header of every inline action HTTP Request. Example :- Authorization:Bearer 4qF-UL0BGzu6n0YBJ  Mac Token Message authentication code (MAC) algorithm to provide cryptographic verification of portions of HTTP requests Presenter:Jnana Ranjan Swain, Mindfire Solutions
  11. 11. Refresh Token  Refresh tokens are credentials used to obtain access tokens.  Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires,  If the authorization server issues a refresh token, it is included when issuing an access token. Example :{ "access_token":"1/fFAGRNJru1FTz70BzhT3Zg", "expires_in":3920, "token_type":"Bearer", "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C- 259HOF2aQbI" } Presenter:Jnana Ranjan Swain, Mindfire Solutions
  12. 12. Oauth .Net API - Microsoft.Owin.Security - API for creating Autherization server new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), AllowInsecureHttp = true }; Presenter:Jnana Ranjan Swain, Mindfire Solutions
  13. 13.  It controls the lifecycle of Authorization Server  Used by Authorization Server to communicate with the web application while processing requests.  It enables OAuth bearer token authentication middleware which will receive and validate bearer token from authorization header in the request. • OnValidateClientRedirectUri • OnValidateClientAuthentication • ValidateClientAuthentication • GrantResourceOwnerCredentials • OnGrantClientCredentials OAuthAuthorizationServerProvider Presenter:Jnana Ranjan Swain, Mindfire Solutions
  14. 14. Introduction to REST  Web services communicate via either SOAP or REST.  Representational state transfer is a way to create, read, update or delete information on a server using simple HTTP calls. It is an alternative to more complex mechanisms like SOAP.  Easily created using MVC 5 WebAPI and WCF Presenter:Jnana Ranjan Swain, Mindfire Solutions
  15. 15. Building Rest Service using Asp.net WebAPI Presenter:Jnana Ranjan Swain, Mindfire Solutions
  16. 16. Securing REST API  SSL  Cross-origin resource sharing (CORS)  OAUTH Presenter:Jnana Ranjan Swain, Mindfire Solutions
  17. 17. Live Demo Presenter:Jnana Ranjan Swain, Mindfire Solutions
  18. 18. References http://oauth.net/ http://tools.ietf.org/ http://www.asp.net https://developers.google.com http://blog.rfaisal.com/ Presenter:Jnana Ranjan Swain, Mindfire Solutions
  19. 19. Question and Answer Presenter:Jnana Ranjan Swain, Mindfire Solutions
  20. 20. Thank you Presenter:Jnana Ranjan Swain, Mindfire Solutions
  21. 21. http://www.linkedin.com/company/mindfire-solutions http://twitter.com/mindfires Presenter: Jnana Ranjan Swain, Mindfire Solutions http://www.mindfiresolutions.com https://www.facebook.com/MindfireSolutions

×