Pro ASP.NET Web API Security: Securing ASP.NET Web API (Paperback)
暫譯: 專業 ASP.NET Web API 安全性:保護 ASP.NET Web API (平裝本)

Badrinarayanan Lakshmiraghavan

Pro ASP.NET Web API Security: Securing ASP.NET Web API (Paperback)
  • 出版商: Apress
  • 出版日期: 2013-03-29
  • 定價: $2,450
  • 售價: 8.0$1,960
  • 語言: 英文
  • 頁數: 416
  • 裝訂: Paperback
  • ISBN: 1430257822
  • ISBN-13: 9781430257820
  • 相關分類: .NETASP.NET資訊安全

    • 立即出貨 (庫存 < 3)

買這商品的人也買了...

相關主題

商品描述

ASP.NET Web API is a key part of ASP.NET MVC 4 and the platform of choice for building RESTful services that can be accessed by a wide range of devices. Everything from JavaScript libraries to RIA plugins, RFID readers to smart phones can consume your services using platform-agnostic HTTP.

With such wide accessibility, securing your code effectively needs to be a top priority. You will quickly find that the WCF security protocols you’re familiar with from .NET are less suitable than they once were in this new environment, proving themselves cumbersome and limited in terms of the standards they can work with.

Fortunately, ASP.NET Web API provides a simple, robust security solution of its own that fits neatly within the ASP.NET MVC programming model and secures your code without the need for SOAP, meaning that there is no limit to the range of devices that it can work with – if it can understand HTTP, then it can be secured by Web API. These SOAP-less security techniques are the focus of this book.

What you’ll learn

  • Identity management and cryptography
  • HTTP basic and digest authentication and Windows authentication
  • HTTP advanced concepts such as web caching, ETag, and CORS
  • Ownership factors of API keys, client X.509 certificates, and SAML tokens
  • Simple Web Token (SWT) and signed and encrypted JSON Web Token (JWT)
  • OAuth 2.0 from the ground up using JWT as the bearer token
  • OAuth 2.0 authorization codes and implicit grants using DotNetOpenAuth
  • Two-factor authentication using Google Authenticator
  • OWASP Top Ten risks for 2013

Who this book is for

No prior experience of .NET security is needed to read this book. All security related concepts will be introduced from first-principles and developed to the point where you can use them confidently in a professional environment. A good working knowledge of and experience with C# and the .NET framework are the only prerequisites to benefit from this book.

Table of Contents

  1. Welcome to ASP.NET Web API
  2. Building RESTful Services
  3. Extensibility Points
  4. HTTP Anatomy and Security
  5. Identity Management
  6. Encryption and Signing
  7. Custom STS through WIF
  8. Knowledge Factors
  9. Ownership Factors
  10. Web Tokens
  11. OAuth 2.0 Using Live Connect API
  12. OAuth 2.0 From the Ground Up 
  13. OAuth 2.0 Using DotNetOpenAuth
  14. Two-Factor Authentication
  15. Security Vulnerabilities
  16. Appendix: ASP.NET Web API Security Distilled

商品描述(中文翻譯)

ASP.NET Web API 是 ASP.NET MVC 4 的一個關鍵部分,也是構建可被各種設備訪問的 RESTful 服務的首選平台。從 JavaScript 函式庫到 RIA 插件,從 RFID 讀取器到智慧型手機,都可以使用平台無關的 HTTP 來消耗您的服務。

由於這樣的廣泛可訪問性,有效地保護您的代碼需要成為首要任務。您會很快發現,您熟悉的 .NET WCF 安全協議在這個新環境中不再那麼合適,顯得笨重且在可用的標準方面受到限制。

幸運的是,ASP.NET Web API 提供了一個簡單而強大的安全解決方案,完美融入 ASP.NET MVC 編程模型,並在不需要 SOAP 的情況下保護您的代碼,這意味著它可以與任何理解 HTTP 的設備進行安全交互。這些無 SOAP 的安全技術是本書的重點。

您將學到的內容:
- 身份管理和加密技術
- HTTP 基本和摘要認證以及 Windows 認證
- HTTP 進階概念,如網頁快取、ETag 和 CORS
- API 金鑰、客戶端 X.509 證書和 SAML 令牌的擁有權因素
- 簡單網頁令牌 (SWT) 和簽名及加密的 JSON 網頁令牌 (JWT)
- 從基礎開始使用 JWT 作為承載令牌的 OAuth 2.0
- 使用 DotNetOpenAuth 的 OAuth 2.0 授權碼和隱式授權
- 使用 Google Authenticator 的雙因素認證
- 2013 年 OWASP 十大風險

本書適合對象:
閱讀本書不需要先前的 .NET 安全經驗。所有與安全相關的概念將從基本原則開始介紹,並發展到您可以在專業環境中自信使用的程度。對 C# 和 .NET 框架有良好的工作知識和經驗是從本書中受益的唯一前提。

目錄:
1. 歡迎來到 ASP.NET Web API
2. 構建 RESTful 服務
3. 擴展點
4. HTTP 解剖學和安全性
5. 身份管理
6. 加密和簽名
7. 通過 WIF 自定義 STS
8. 知識因素
9. 擁有權因素
10. 網頁令牌
11. 使用 Live Connect API 的 OAuth 2.0
12. 從基礎開始的 OAuth 2.0
13. 使用 DotNetOpenAuth 的 OAuth 2.0
14. 雙因素認證
15. 安全漏洞
16. 附錄:ASP.NET Web API 安全精華

類似商品