Pro ASP.NET Web API Security: Securing ASP.NET Web API (Paperback)

Badrinarayanan Lakshmiraghavan

  • 出版商: Apress
  • 出版日期: 2013-03-29
  • 定價: $2,450
  • 售價: 9.0$2,205
  • 語言: 英文
  • 頁數: 416
  • 裝訂: Paperback
  • ISBN: 1430257822
  • ISBN-13: 9781430257820
  • 相關分類: .NETASP.NET資訊安全
  • 立即出貨 (庫存 < 3)

買這商品的人也買了...

商品描述

ASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP.

With such wide accessibility, securing your code effectively needs to be a top priority. You will quickly find that the WCF security protocols you’re familiar with from .NET are less suitable than they once were in this new environment, proving themselves cumbersome and limited in terms of the standards they can work with.

Fortunately, ASP.NET Web API provides a simple, robust security solution of its own that fits neatly within the ASP.NET MVC programming model and secures your code without the need for SOAP, meaning that there is no limit to the range of devices that it can work with – if it can understand HTTP, then it can be secured by Web API. These SOAP-less security techniques are the focus of this book.

What you’ll learn

  • Identity management and cryptography
  • HTTP basic and digest authentication and Windows authentication
  • HTTP advanced concepts such as web caching, ETag, and CORS
  • Ownership factors of API keys, client X.509 certificates, and SAML tokens
  • Simple Web Token (SWT) and signed and encrypted JSON Web Token (JWT)
  • OAuth 2.0 from the ground up using JWT as the bearer token
  • OAuth 2.0 authorization codes and implicit grants using DotNetOpenAuth
  • Two-factor authentication using Google Authenticator
  • OWASP Top Ten risks for 2013

Who this book is for

No prior experience of .NET security is needed to read this book. All security related concepts will be introduced from first-principles and developed to the point where you can use them confidently in a professional environment. A good working knowledge of and experience with C# and the .NET framework are the only prerequisites to benefit from this book.

Table of Contents

  1. Welcome to ASP.NET Web API
  2. Building RESTful Services
  3. Extensibility Points
  4. HTTP Anatomy and Security
  5. Identity Management
  6. Encryption and Signing
  7. Custom STS through WIF
  8. Knowledge Factors
  9. Ownership Factors
  10. Web Tokens
  11. OAuth 2.0 Using Live Connect API
  12. OAuth 2.0 From the Ground Up 
  13. OAuth 2.0 Using DotNetOpenAuth
  14. Two-Factor Authentication
  15. Security Vulnerabilities
  16. Appendix: ASP.NET Web API Security Distilled

商品描述(中文翻譯)

ASP.NET Web API是ASP.NET MVC 4的重要組成部分,也是建立可被各種設備訪問的RESTful服務的首選平台。從JavaScript庫到RIA插件,從RFID讀卡器到智能手機,都可以使用平台無關的HTTP來消費您的服務。

由於這種廣泛的可訪問性,有效地保護您的代碼成為首要任務。您很快會發現,您在.NET中熟悉的WCF安全協議在這個新環境中不再適用,它們證明自己在標準方面的工作能力受到限制且繁瑣。

幸運的是,ASP.NET Web API提供了一個簡單而強大的安全解決方案,它與ASP.NET MVC編程模型完美結合,並且無需使用SOAP即可保護您的代碼,這意味著它可以與各種設備一起使用 - 只要它能理解HTTP,就可以通過Web API進行安全保護。這本書的重點是這些無需SOAP的安全技術。

您將學到以下內容:
- 身份管理和加密
- HTTP基本和摘要驗證以及Windows驗證
- HTTP高級概念,如Web緩存、ETag和CORS
- API密鑰、客戶端X.509憑證和SAML令牌的所有權因素
- 簡單Web令牌(SWT)和簽名和加密的JSON Web令牌(JWT)
- 從頭開始使用JWT作為承載令牌的OAuth 2.0
- 使用DotNetOpenAuth的OAuth 2.0授權碼和隱式授權
- 使用Google Authenticator的雙因素身份驗證
- 2013年OWASP十大風險

本書適合對.NET安全沒有先前經驗的讀者閱讀。所有與安全相關的概念都將從基本原理開始介紹,並發展到您可以在專業環境中自信地使用它們的程度。只需要具備良好的C#和.NET框架的工作知識和經驗,即可從本書中受益。

目錄:
1. 歡迎來到ASP.NET Web API
2. 構建RESTful服務
3. 可擴展點
4. HTTP解剖和安全
5. 身份管理
6. 加密和簽名
7. 通過WIF實現自定義STS
8. 知識因素
9. 所有權因素
10. Web令牌
11. 使用Live Connect API的OAuth 2.0
12. 從頭開始的OAuth 2.0
13. 使用DotNetOpenAuth的OAuth 2.0
14. 雙因素身份驗證
15. 安全漏洞
附錄:ASP.NET Web API安全精要