ASP.NET Web API a new framework for creating HTTP services that can reach a broad range of clients including browsers and mobile devices. ASP.NET Web API is also an ideal platform for building RESTful services.
Slide ObjectiveDescribe security principlesSpeaking notesSimple shared secret securityCan use HTTP or HTTPS to accessUse HTTP for public contentUse HTTPS for secure content (i.e. where using es or Shared Access Signatures)Two 512bit keysKeys used to sign priv requestsTwo keys supports rolling of keysE.g. if one key is compromised can use the second key while first is regeneratedMore on SAS’s soonNotesMore on Security on Day 3http://social.msdn.microsoft.com/Forums/en-US/windowsazure/thread/1e023e8d-0ff9-472e-bcc1-05400a41466c http://blogs.msdn.com/b/usisvde/archive/2010/05/21/best-practices-for-data-storage-security-on-windows-azure.aspx
Use HTTP as an Application Protocol – not a Transport Protocol
One Service, Any device, Any Platform - Web API
Protocols for BuildingServices
WCF to ASP.NET Web API First apear as WCF Web API HTTP related WCF -wider that HTTP (TCP, Named Pipe, WinService, etc)