SlideShare a Scribd company logo

Web API authentication and authorization

Download as PPTX, PDF
Chalermpon Areepong
Chalermpon Areepong

Web API authentication and authorization

Technology
1 of 20
CHALERMPON AREEPONG Microsoft MVP ASP.NET MVCRocks.NET Community and https://fb.com/groups/mvcthaidev Founder DevRock #01 Hello New Year 2015
DevRock #01 Hello New Year 2015 CHALERMPON AREEPONG Microsoft MVP – ASP.NET 9 Years
DevRock #01 Hello New Year 2015  ASP.NET Web APIs  The ways to secure your Web APIs.  Web Security Scenarios  Explain each scenarios  demo  How to  Summaries
Basic Understanding ASP.NET WEB APIs DevRock #01 Hello New Year 2015
DevRock #01 Hello New Year 2015  Support HTTP Content-Types  json, xml, plain text, …, custom  Client can use HTTP to access the APIs  HTTP Verbs to access resources  GET, POST, PUT, DELETE, etc….  Response HTTP Status Code  20x, 30x, 40x, 50x  Multiple Host Types  IIS, WAS, Windows Service, Console, ..  Extensible and Customizable
DevRock #01 Hello New Year 2015 DEMO
DevRock #01 Hello New Year 2015  Web  Mobile  Device  Application  Any Client send HTTP Request
Basic Understanding Web Security DevRock #01 Hello New Year 2015
DevRock #01 Hello New Year 2015  Transport Layer Security  HTTPs Protocol Encryption  Untrusted (Anonymous)  Trusted
DevRock #01 Hello New Year 2015  Application Layer Security (1)  Authentication  Token-Based  Two-Factors  Intranet (IIS Windows)  LDAP (Active Directory, OpenLDAP)  OAuth, OpenID  Identity Services ( Azure AD Service)
DevRock #01 Hello New Year 2015  Application Layer Security (2)  Authorization  Role Based  Claims Based  …..
DevRock #01 Hello New Year 2015  Application Layer Security (3)  Data Encryption  Encryption Algorithms
ASP.NET Web APIs architecture DevRock #01 Hello New Year 2015
DevRock #01 Hello New Year 2015 HOST OWIN Web API MessageHandler global/per-route Authentication Filter Authorization Filter Host/Framework Independent concerns, e.g. authentication Web API cross-cutting concerns, e.g. CORS Web API specific Authentication internal app level Authorization
DevRock #01 Hello New Year 2015 Web API with OWIN Adpater OWIN ASP.NET with OWIN Bridge IIS
DevRock #01 Hello New Year 2015 Web API with OWIN Adpater OWIN Process/Host +OWIN Bridge
DevRock #01 Hello New Year 2015 Scalability of servers:  Stateless  Centralize user info Loosely coupling  No dependency Service Mobile Friendly  Just keep token for reuse in Native Mobile app.
DevRock #01 Hello New Year 2015 Username / Password Get token
DevRock #01 Hello New Year 2015 ASP.NET WEB API 2.0  Self Provider  External Provider
Web API authentication and authorization

Recommended

Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 
API Presentation
API PresentationAPI Presentation
API Presentationnityakulkarni
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJSLuigi Saetta
 
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...Tin Linn Soe
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집Amazon Web Services Korea
 
Postman: An Introduction for Testers
Postman: An Introduction for TestersPostman: An Introduction for Testers
Postman: An Introduction for TestersPostman
 
REST API Authentication Methods.pdf
REST API Authentication Methods.pdfREST API Authentication Methods.pdf
REST API Authentication Methods.pdfRubersy Ramos García
 

Recommended

Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 
API Presentation
API PresentationAPI Presentation
API Presentationnityakulkarni
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJSLuigi Saetta
 
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...
Microservices Platform with Spring Boot, Spring Cloud Config, Spring Cloud Ne...Tin Linn Soe
 
Rest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityRest API Security - A quick understanding of Rest API Security
Rest API Security - A quick understanding of Rest API SecurityMohammed Fazuluddin
 
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집
AWS 네트워크 보안을 위한 계층별 보안 구성 모범 사례 – 조이정, AWS 솔루션즈 아키텍트:: AWS 온라인 이벤트 – 클라우드 보안 특집Amazon Web Services Korea
 
Postman: An Introduction for Testers
Postman: An Introduction for TestersPostman: An Introduction for Testers
Postman: An Introduction for TestersPostman
 
REST API Authentication Methods.pdf
REST API Authentication Methods.pdfREST API Authentication Methods.pdf
REST API Authentication Methods.pdfRubersy Ramos García
 
Selenium
SeleniumSelenium
SeleniumAdam Goucher
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API ManagementApigee | Google Cloud
 
What is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaWhat is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaEdureka!
 
Api testing
Api testingApi testing
Api testingHamzaMajid13
 
Swagger UI
Swagger UISwagger UI
Swagger UIWalaa Hamdy Assy
 
API for Beginners
API for BeginnersAPI for Beginners
API for BeginnersGustavo De Vita
 
Rest assured
Rest assuredRest assured
Rest assuredVarun Deshpande
 
Rest API
Rest APIRest API
Rest APIRohana K Amarakoon
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to SwaggerKnoldus Inc.
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Testing RESTful Webservices using the REST-assured framework
Testing RESTful Webservices using the REST-assured frameworkTesting RESTful Webservices using the REST-assured framework
Testing RESTful Webservices using the REST-assured frameworkMicha Kops
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Postman.ppt
Postman.pptPostman.ppt
Postman.pptParrotBAD
 
Authentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCAuthentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCMindfire Solutions
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUDPrem Sanil
 
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
 
API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0Fabrizio Ferri-Benedetti
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioHYS Enterprise
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authenticationleahculver
 
Opa gatekeeper
Opa gatekeeperOpa gatekeeper
Opa gatekeeperRita Zhang
 
Authentication, Authorization, and Identity – More than meets the eye…
Authentication, Authorization, and Identity – More than meets the eye…Authentication, Authorization, and Identity – More than meets the eye…
Authentication, Authorization, and Identity – More than meets the eye…Scott Hoag
 
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
ZZ BC#8 Hello ASP.NET MVC 4 (dks)ZZ BC#8 Hello ASP.NET MVC 4 (dks)
ZZ BC#8 Hello ASP.NET MVC 4 (dks)Chalermpon Areepong
 

More Related Content

What's hot

What is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaWhat is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaEdureka!
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to SwaggerKnoldus Inc.
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
Testing RESTful Webservices using the REST-assured framework
Testing RESTful Webservices using the REST-assured frameworkTesting RESTful Webservices using the REST-assured framework
Testing RESTful Webservices using the REST-assured frameworkMicha Kops
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & GuidelinesPrabath Siriwardena
 
Authentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCAuthentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCMindfire Solutions
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUDPrem Sanil
 
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021Amazon Web Services Korea
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioHYS Enterprise
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authenticationleahculver
 
Opa gatekeeper
Opa gatekeeperOpa gatekeeper
Opa gatekeeperRita Zhang
 

What's hot (20)

Selenium
SeleniumSelenium
Selenium
 
Deep-Dive: Secure API Management
Deep-Dive: Secure API ManagementDeep-Dive: Secure API Management
Deep-Dive: Secure API Management
 
What is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | EdurekaWhat is REST API? REST API Concepts and Examples | Edureka
What is REST API? REST API Concepts and Examples | Edureka
 
Api testing
Api testingApi testing
Api testing
 
Swagger UI
Swagger UISwagger UI
Swagger UI
 
API for Beginners
API for BeginnersAPI for Beginners
API for Beginners
 
Rest assured
Rest assuredRest assured
Rest assured
 
Rest API
Rest APIRest API
Rest API
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to Swagger
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 
Testing RESTful Webservices using the REST-assured framework
Testing RESTful Webservices using the REST-assured frameworkTesting RESTful Webservices using the REST-assured framework
Testing RESTful Webservices using the REST-assured framework
 
API Security Best Practices & Guidelines
API Security Best Practices & GuidelinesAPI Security Best Practices & Guidelines
API Security Best Practices & Guidelines
 
Postman.ppt
Postman.pptPostman.ppt
Postman.ppt
 
Authentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCAuthentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVC
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUD
 
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
더욱 진화하는 AWS 네트워크 보안 - 신은수 AWS 시큐리티 스페셜리스트 솔루션즈 아키텍트 :: AWS Summit Seoul 2021
 
API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0API Docs with OpenAPI 3.0
API Docs with OpenAPI 3.0
 
Postman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenarioPostman. From simple API test to end to end scenario
Postman. From simple API test to end to end scenario
 
OAuth - Open API Authentication
OAuth - Open API AuthenticationOAuth - Open API Authentication
OAuth - Open API Authentication
 
Opa gatekeeper
Opa gatekeeperOpa gatekeeper
Opa gatekeeper
 

Viewers also liked

Authentication, Authorization, and Identity – More than meets the eye…
Authentication, Authorization, and Identity – More than meets the eye…Authentication, Authorization, and Identity – More than meets the eye…
Authentication, Authorization, and Identity – More than meets the eye…Scott Hoag
 
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
ZZ BC#8 Hello ASP.NET MVC 4 (dks)ZZ BC#8 Hello ASP.NET MVC 4 (dks)
ZZ BC#8 Hello ASP.NET MVC 4 (dks)Chalermpon Areepong
 
Scalable Resilient Web Services In .Net
Scalable Resilient Web Services In .NetScalable Resilient Web Services In .Net
Scalable Resilient Web Services In .NetBala Subra
 
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .net
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .netIasi code camp 12 october 2013 corneliu rimboiu - bridging java and .net
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .netCodecamp Romania
 
Performance in .net best practices
Performance in .net best practicesPerformance in .net best practices
Performance in .net best practicesCodecamp Romania
 
Asp.net mvc security
Asp.net mvc securityAsp.net mvc security
Asp.net mvc securityLearningTech
 
DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2Pratik Khasnabis
 
Design & Deploy a data-driven Web API in 2 hours
Design & Deploy a data-driven Web API in 2 hoursDesign & Deploy a data-driven Web API in 2 hours
Design & Deploy a data-driven Web API in 2 hoursRestlet
 
Secure RESTful Web Services for ASP.NET Web API
Secure RESTful Web Services for ASP.NET Web APISecure RESTful Web Services for ASP.NET Web API
Secure RESTful Web Services for ASP.NET Web APIRob Daigneau
 
Building Scalable .NET Web Applications
Building Scalable .NET Web ApplicationsBuilding Scalable .NET Web Applications
Building Scalable .NET Web ApplicationsBuu Nguyen
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsTips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsSarvesh Kushwaha
 
ASP.NET Core 1.0 Overview: Post-RC2
ASP.NET Core 1.0 Overview: Post-RC2ASP.NET Core 1.0 Overview: Post-RC2
ASP.NET Core 1.0 Overview: Post-RC2Shahed Chowdhuri
 
Overview of the .Net Collection Framework and Immutable Collections
Overview of the .Net Collection Framework and Immutable CollectionsOverview of the .Net Collection Framework and Immutable Collections
Overview of the .Net Collection Framework and Immutable CollectionsYoshifumi Kawai
 
5. web api 2 aspdotnet-mvc5-slides
5. web api 2 aspdotnet-mvc5-slides5. web api 2 aspdotnet-mvc5-slides
5. web api 2 aspdotnet-mvc5-slidesMasterCode.vn
 
ASP.NET Core MVC + Web API with Overview (Post RC2)
ASP.NET Core MVC + Web API with Overview (Post RC2)ASP.NET Core MVC + Web API with Overview (Post RC2)
ASP.NET Core MVC + Web API with Overview (Post RC2)Shahed Chowdhuri
 
Scaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersScaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersoazabir
 
10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websitesoazabir
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiTiago Knoch
 

Viewers also liked (20)

Authentication, Authorization, and Identity – More than meets the eye…
Authentication, Authorization, and Identity – More than meets the eye…Authentication, Authorization, and Identity – More than meets the eye…
Authentication, Authorization, and Identity – More than meets the eye…
 
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
ZZ BC#8 Hello ASP.NET MVC 4 (dks)ZZ BC#8 Hello ASP.NET MVC 4 (dks)
ZZ BC#8 Hello ASP.NET MVC 4 (dks)
 
Scalable Resilient Web Services In .Net
Scalable Resilient Web Services In .NetScalable Resilient Web Services In .Net
Scalable Resilient Web Services In .Net
 
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .net
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .netIasi code camp 12 october 2013 corneliu rimboiu - bridging java and .net
Iasi code camp 12 october 2013 corneliu rimboiu - bridging java and .net
 
Performance in .net best practices
Performance in .net best practicesPerformance in .net best practices
Performance in .net best practices
 
Asp.net mvc security
Asp.net mvc securityAsp.net mvc security
Asp.net mvc security
 
DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2DDD Melbourne 2014 security in ASP.Net Web API 2
DDD Melbourne 2014 security in ASP.Net Web API 2
 
Smooth Sort
Smooth SortSmooth Sort
Smooth Sort
 
Design & Deploy a data-driven Web API in 2 hours
Design & Deploy a data-driven Web API in 2 hoursDesign & Deploy a data-driven Web API in 2 hours
Design & Deploy a data-driven Web API in 2 hours
 
Secure RESTful Web Services for ASP.NET Web API
Secure RESTful Web Services for ASP.NET Web APISecure RESTful Web Services for ASP.NET Web API
Secure RESTful Web Services for ASP.NET Web API
 
End to End Security with MVC and Web API
End to End Security with MVC and Web APIEnd to End Security with MVC and Web API
End to End Security with MVC and Web API
 
Building Scalable .NET Web Applications
Building Scalable .NET Web ApplicationsBuilding Scalable .NET Web Applications
Building Scalable .NET Web Applications
 
Tips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC ApplicationsTips and Tricks For Faster Asp.NET and MVC Applications
Tips and Tricks For Faster Asp.NET and MVC Applications
 
ASP.NET Core 1.0 Overview: Post-RC2
ASP.NET Core 1.0 Overview: Post-RC2ASP.NET Core 1.0 Overview: Post-RC2
ASP.NET Core 1.0 Overview: Post-RC2
 
Overview of the .Net Collection Framework and Immutable Collections
Overview of the .Net Collection Framework and Immutable CollectionsOverview of the .Net Collection Framework and Immutable Collections
Overview of the .Net Collection Framework and Immutable Collections
 
5. web api 2 aspdotnet-mvc5-slides
5. web api 2 aspdotnet-mvc5-slides5. web api 2 aspdotnet-mvc5-slides
5. web api 2 aspdotnet-mvc5-slides
 
ASP.NET Core MVC + Web API with Overview (Post RC2)
ASP.NET Core MVC + Web API with Overview (Post RC2)ASP.NET Core MVC + Web API with Overview (Post RC2)
ASP.NET Core MVC + Web API with Overview (Post RC2)
 
Scaling asp.net websites to millions of users
Scaling asp.net websites to millions of usersScaling asp.net websites to millions of users
Scaling asp.net websites to millions of users
 
10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites10 performance and scalability secrets of ASP.NET websites
10 performance and scalability secrets of ASP.NET websites
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
 

Similar to Web API authentication and authorization

Web Development Presentation
Web Development PresentationWeb Development Presentation
Web Development PresentationTurnToTech
 
Owasp Code Crawler Presentation
Owasp Code Crawler PresentationOwasp Code Crawler Presentation
Owasp Code Crawler Presentationalessiomarziali
 
HP Helion European Webinar Series ,Webinar #3
HP Helion European Webinar Series ,Webinar #3 HP Helion European Webinar Series ,Webinar #3
HP Helion European Webinar Series ,Webinar #3 BeMyApp
 
Introduction To Microsoft Windows Containers
Introduction To Microsoft Windows ContainersIntroduction To Microsoft Windows Containers
Introduction To Microsoft Windows ContainersDavid Strebel
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allupllangit
 
Build Apps Using Dynamic Languages
Build Apps Using Dynamic LanguagesBuild Apps Using Dynamic Languages
Build Apps Using Dynamic LanguagesWes Yanaga
 
Teched India Vijay Interop Track
Teched India Vijay Interop TrackTeched India Vijay Interop Track
Teched India Vijay Interop Trackvijayrvr
 
RichardChauvetShortResume2015
RichardChauvetShortResume2015RichardChauvetShortResume2015
RichardChauvetShortResume2015Richard Chauvet
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxcgt38842
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxjohnpragasam1
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxazida3
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxnmk42194
 
Vijay Mix Presentation
Vijay Mix PresentationVijay Mix Presentation
Vijay Mix Presentationvijayrvr
 
O que é esse tal de OWIN?
O que é esse tal de OWIN?O que é esse tal de OWIN?
O que é esse tal de OWIN?Andre Carlucci
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)Amazon Web Services
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsAxway
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Codit
 

Similar to Web API authentication and authorization (20)

Web Development Presentation
Web Development PresentationWeb Development Presentation
Web Development Presentation
 
Owasp Code Crawler Presentation
Owasp Code Crawler PresentationOwasp Code Crawler Presentation
Owasp Code Crawler Presentation
 
HP Helion European Webinar Series ,Webinar #3
HP Helion European Webinar Series ,Webinar #3 HP Helion European Webinar Series ,Webinar #3
HP Helion European Webinar Series ,Webinar #3
 
Introduction To Microsoft Windows Containers
Introduction To Microsoft Windows ContainersIntroduction To Microsoft Windows Containers
Introduction To Microsoft Windows Containers
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
 
Node.js Workshop
Node.js WorkshopNode.js Workshop
Node.js Workshop
 
Build Apps Using Dynamic Languages
Build Apps Using Dynamic LanguagesBuild Apps Using Dynamic Languages
Build Apps Using Dynamic Languages
 
php
phpphp
php
 
Teched India Vijay Interop Track
Teched India Vijay Interop TrackTeched India Vijay Interop Track
Teched India Vijay Interop Track
 
RichardChauvetShortResume2015
RichardChauvetShortResume2015RichardChauvetShortResume2015
RichardChauvetShortResume2015
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Mahesh_Dimble
Mahesh_DimbleMahesh_Dimble
Mahesh_Dimble
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptx
 
Vijay Mix Presentation
Vijay Mix PresentationVijay Mix Presentation
Vijay Mix Presentation
 
O que é esse tal de OWIN?
O que é esse tal de OWIN?O que é esse tal de OWIN?
O que é esse tal de OWIN?
 
DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)DevSecOps 的規模化實踐 (Level: 300-400)
DevSecOps 的規模化實踐 (Level: 300-400)
 
Content Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortalsContent Strategy and Developer Engagement for DevPortals
Content Strategy and Developer Engagement for DevPortals
 
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
Enable Oauth2.0 with Sentinet API Management (Massimo Crippa @ BTUG Event)
 

More from Chalermpon Areepong

Build your website with angularjs and web apis
Build your website with angularjs and web apisBuild your website with angularjs and web apis
Build your website with angularjs and web apisChalermpon Areepong
 
ZZ BC#7.5 asp.net mvc practice and guideline refresh!
ZZ BC#7.5 asp.net mvc practice and guideline refresh! ZZ BC#7.5 asp.net mvc practice and guideline refresh!
ZZ BC#7.5 asp.net mvc practice and guideline refresh! Chalermpon Areepong
 
ZZ BC#7 asp.net mvc practice and guideline by NineMvp
ZZ BC#7 asp.net mvc practice and guideline by NineMvpZZ BC#7 asp.net mvc practice and guideline by NineMvp
ZZ BC#7 asp.net mvc practice and guideline by NineMvpChalermpon Areepong
 
Build your web app with asp.net mvc 2 from scratch
Build your web app with asp.net mvc 2 from scratchBuild your web app with asp.net mvc 2 from scratch
Build your web app with asp.net mvc 2 from scratchChalermpon Areepong
 

More from Chalermpon Areepong (9)

DevRock #02 akka.net intro part
DevRock #02 akka.net intro partDevRock #02 akka.net intro part
DevRock #02 akka.net intro part
 
Build your website with angularjs and web apis
Build your website with angularjs and web apisBuild your website with angularjs and web apis
Build your website with angularjs and web apis
 
Java script for web developer
Java script for web developerJava script for web developer
Java script for web developer
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
 
ZZ BC#7.5 asp.net mvc practice and guideline refresh!
ZZ BC#7.5 asp.net mvc practice and guideline refresh! ZZ BC#7.5 asp.net mvc practice and guideline refresh!
ZZ BC#7.5 asp.net mvc practice and guideline refresh!
 
ZZ BC#7 asp.net mvc practice and guideline by NineMvp
ZZ BC#7 asp.net mvc practice and guideline by NineMvpZZ BC#7 asp.net mvc practice and guideline by NineMvp
ZZ BC#7 asp.net mvc practice and guideline by NineMvp
 
Build your web app with asp.net mvc 2 from scratch
Build your web app with asp.net mvc 2 from scratchBuild your web app with asp.net mvc 2 from scratch
Build your web app with asp.net mvc 2 from scratch
 
Gf vtzz-05--j queryshowcase
Gf vtzz-05--j queryshowcaseGf vtzz-05--j queryshowcase
Gf vtzz-05--j queryshowcase
 
J query
J queryJ query
J query
 

Recently uploaded

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 

Recently uploaded (20)

Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 

Web API authentication and authorization

  • 1. CHALERMPON AREEPONG Microsoft MVP ASP.NET MVCRocks.NET Community and https://fb.com/groups/mvcthaidev Founder DevRock #01 Hello New Year 2015
  • 2. DevRock #01 Hello New Year 2015 CHALERMPON AREEPONG Microsoft MVP – ASP.NET 9 Years
  • 3. DevRock #01 Hello New Year 2015  ASP.NET Web APIs  The ways to secure your Web APIs.  Web Security Scenarios  Explain each scenarios  demo  How to  Summaries
  • 4. Basic Understanding ASP.NET WEB APIs DevRock #01 Hello New Year 2015
  • 5. DevRock #01 Hello New Year 2015  Support HTTP Content-Types  json, xml, plain text, …, custom  Client can use HTTP to access the APIs  HTTP Verbs to access resources  GET, POST, PUT, DELETE, etc….  Response HTTP Status Code  20x, 30x, 40x, 50x  Multiple Host Types  IIS, WAS, Windows Service, Console, ..  Extensible and Customizable
  • 6. DevRock #01 Hello New Year 2015 DEMO
  • 7. DevRock #01 Hello New Year 2015  Web  Mobile  Device  Application  Any Client send HTTP Request
  • 8. Basic Understanding Web Security DevRock #01 Hello New Year 2015
  • 9. DevRock #01 Hello New Year 2015  Transport Layer Security  HTTPs Protocol Encryption  Untrusted (Anonymous)  Trusted
  • 10. DevRock #01 Hello New Year 2015  Application Layer Security (1)  Authentication  Token-Based  Two-Factors  Intranet (IIS Windows)  LDAP (Active Directory, OpenLDAP)  OAuth, OpenID  Identity Services ( Azure AD Service)
  • 11. DevRock #01 Hello New Year 2015  Application Layer Security (2)  Authorization  Role Based  Claims Based  …..
  • 12. DevRock #01 Hello New Year 2015  Application Layer Security (3)  Data Encryption  Encryption Algorithms
  • 13. ASP.NET Web APIs architecture DevRock #01 Hello New Year 2015
  • 14. DevRock #01 Hello New Year 2015 HOST OWIN Web API MessageHandler global/per-route Authentication Filter Authorization Filter Host/Framework Independent concerns, e.g. authentication Web API cross-cutting concerns, e.g. CORS Web API specific Authentication internal app level Authorization
  • 15. DevRock #01 Hello New Year 2015 Web API with OWIN Adpater OWIN ASP.NET with OWIN Bridge IIS
  • 16. DevRock #01 Hello New Year 2015 Web API with OWIN Adpater OWIN Process/Host +OWIN Bridge
  • 17. DevRock #01 Hello New Year 2015 Scalability of servers:  Stateless  Centralize user info Loosely coupling  No dependency Service Mobile Friendly  Just keep token for reuse in Native Mobile app.
  • 18. DevRock #01 Hello New Year 2015 Username / Password Get token
  • 19. DevRock #01 Hello New Year 2015 ASP.NET WEB API 2.0  Self Provider  External Provider