- ASP.NET Web API Security Essentials
- Rajesh Gunasundaram
- 279字
- 2021-07-30 10:15:53
Authentication and authorization
We have created a simple web API that returns the list of contacts or specific contacts by ID. This web API can be accessed by any client that supports HTTP and is not secured enough. With the help of authentication and authorization mechanisms, we can secure this web API from unauthorized access.
- Authentication mechanism helps in identifying the valid user and authenticating them using the identity of the user. Here, the identity can be a username and password.
- Authorization mechanism helps in restricting unauthorized access to an action. For example, An unauthorized user can get the list of contacts. But he is restricted to create new contact.
Authentication
Authentication is carried out in the host Internet Information Service (IIS) for web API. Internet Information Service uses HTTP modules for authentication. We can also implement custom authentication with our own HTTP module.
The host creates a principal when it authenticates the user. Principal is an IPrincipal
object that represents the security context under which the code is running. You can access the current principal from Thread.CurrentPrincipal
, which is attached by the host. The user information can be accessed from the Identity
object of principal. The Identity.IsAuthenticated
property returns true if the user is authenticated. The Identity.IsAuthenticated
will return false if the user is not authenticated.
Authorization
Authorization happens after successful authentication is provided to the controller. It helps you to grant access to resources when more granular choices are made.
For any unauthorized requests, the authorization filter returns an error response and does not allow the action to be executed. This happens as the authorization filters will be executed first before any statements in the controller action.
- DB2 V9權威指南
- Python語言程序設計
- Mastering Articulate Storyline
- Practical Game Design
- Java項目實戰精編
- WordPress 4.0 Site Blueprints(Second Edition)
- 51單片機C語言開發教程
- CoffeeScript Application Development Cookbook
- Learning Modular Java Programming
- Practical GIS
- jQuery技術內幕:深入解析jQuery架構設計與實現原理
- Mudbox 2013 Cookbook
- Mastering JavaScript
- Three.js權威指南:在網頁上創建3D圖形和動畫的方法與實踐(原書第4版)
- DevOps 精要:業務視角