Chapter 1. Setting up a Browser Client

If you are reading this book, it is because you understand the importance of securing your web API. ASP.NET Web API is a framework that helps in building HTTP services that can be utilized by a wide range of clients. So it is very important to secure your Web API.

ASP.NET Web API 1.0 doesn't have any security features so the security is provided by the host such as Internet Information Server. In ASP.NET Web API 2, security features such as Katana were introduced. To secure Web API, let's understand various techniques that are involved and choose the right approach.

In this chapter, we will cover the following topics:

• ASP.NET Web API security architecture
• Setting up your browser client
• Authentication and authorization
• Implementing authentication in HTTP message handlers
• Setting the principal
• Using the [Authorize] Attribute
• Custom authorization filters
• Authorization inside a controller action