Chapter 2. Enabling SSL for ASP.NET Web API

In this chapter, we will discuss the implementation of SSL with ASP.NET Web API and authentication of users using SSL client certificates. Authentication schemes over plain HTTP are not secure. For example, basic authentication and forms authentication send plain texts, such as the username and password. So, to protect the plain texts from vulnerability, we use SSL and also authenticate clients using the SSL client certificates.

In this chapter, we will cover the following topics:

• Enforcing SSL in a Web API controller
• Using Client certificates in Web API