- ASP.NET Web API Security Essentials
- Rajesh Gunasundaram
- 320字
- 2021-07-30 10:15:52
ASP.NET Web API security architecture
This section will give you an overview of the Web API security architecture and show you all the various extensibility points that can be used for security related things. The ASP.NET Web API security architecture is composed of three main layers. The hosting layer acts as an interface between the Web API and network stacks. The message handler pipeline layer enables implementing cross-cutting concerns such as authentication and caching. The controller handling layer is where the controllers and actions are executed, parameters are bound and validated, and HTTP response message is created. This layer also contains a filter pipeline, as shown in the following figure:
Fig 1 – This image shows the components involved in securing the Web API
Let's briefly discuss the purpose of each components in the Web API pipeline, as follows:
- Open Web Interface for .NET (OWIN) is the new open standard hosting infrastructure. Microsoft has built its own framework called Katana on top of OWIN and all Web API security techniques such as authentication methods (for example, token-based authentication) and support for social login providers (for example, Google and Facebook) will be happening on the OWIN layer.
- Message Handler is a class that receives an HTTP request and returns an HTTP response. Implementing authentication at message handler level is not recommended. Message handlers are used for Cross-Origin Resource Sharing (CORS).
- Authentication Filters are guaranteed to run before the authorization filter. If you are not interested in operating your authentication logic at the OWIN layer, you can straightaway move to controllers or actions. Authentication filters are really useful to invoke OWIN-based authentication logic.
- Authorization Filters are the places in the pipeline where you can recheck the request before the actual expensive business logic stuff runs in the model binding and validation, and the controller action is invoked.
Now that we are familiar with the security architecture, we will set up the client.
- Qt 5 and OpenCV 4 Computer Vision Projects
- Django+Vue.js商城項(xiàng)目實(shí)戰(zhàn)
- LabVIEW 2018 虛擬儀器程序設(shè)計(jì)
- Kibana Essentials
- Learning PostgreSQL
- Web交互界面設(shè)計(jì)與制作(微課版)
- Java技術(shù)手冊(cè)(原書第7版)
- Data Analysis with IBM SPSS Statistics
- C語言程序設(shè)計(jì)案例精粹
- PLC編程與調(diào)試技術(shù)(松下系列)
- Oracle從入門到精通(第5版)
- 圖數(shù)據(jù)庫實(shí)戰(zhàn)
- Python趣味編程與精彩實(shí)例
- 遠(yuǎn)方:兩位持續(xù)創(chuàng)業(yè)者的點(diǎn)滴思考
- 你好!Java