SlideShare a Scribd company logo

Web API 2 Token Based Authentication

Download as PPTX, PDF
J
jeremysbrown

My Raleigh Code Camp 2014 Presentation

Software
1 of 10
ASP.NET Web API 2 Token Based Authentication Jeremy Brown jeremy@jeremysbrown.com @JeremySBrown ht tps : / /gi thub.com/ JeremySBrown/AuthTokenPresentat ion
What this talk is about… • Basic Concepts of Token Based Authentication • Benefits of Token Authentication • Quick Overview of OAuth 2.0 (really quick) • How to use it in an ASP.NET Web API 2 Project
What is Token Authentication? I t is the process when a Resource Owner or Cl ient i s granted a token by providing thei r credent ials to an Author izat ion Server. The obtained access token can then be presented to a Resource Server to access a protected resource.
Benefits of Token Authentication • Allows access between applications without sharing credentials • Supports Cross-Domain / CORS • Stateless • Decoupling • Mobile Ready • CSRF/XSRF is not an issue
Access Tokens: The Heart of OAuth Quick Guide to OAuth 2.0 • Roles • Client Types • Client Profiles • Authorization Grant Types
OAuth 2.0 Roles • Resource Owner: End User • Resource Server: Host that accepts access tokens • Client: An application that needs access to a protected Resource • Authorization Server: Issues token to authenticated owner Note: Typically ASP.NET Web API projects functions as both the Authorization Server and Resource Server
OAuth 2.0 Client Types & Profiles • Confidential Clients • Web Applications (Server Side Only) • Public Clients • User Agent Based Applications (JQuery, SPAs, Silverlight, Flash) • Native Applications (Mobile, Desktop Applications)
OAuth 2.0 Authorization Grant Types • Resource Owner Password • Client Credentials • Authorization Code • Implicit • Refresh Token
Development Options • OWIN – Open Web Interface for .NET • Middleware components for OAuth and CORS • http://owin.org • DotNetOpenAuth • C# implementation of the OpenID, OAuth and InfoCard protocols • http://dotnetopenauth.net
Contact Information • jeremy@jeremysbrown.com • https://github.com/JeremySBrown/AuthTokenPresentation • @JeremySBrown

Recommended

Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014JWORKS powered by Ordina
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to SwaggerKnoldus Inc.
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Swagger
SwaggerSwagger
SwaggerNexThoughts Technologies
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUDPrem Sanil
 
What is Swagger?
What is Swagger?What is Swagger?
What is Swagger?Philip Senger
 
Swagger UI
Swagger UISwagger UI
Swagger UIWalaa Hamdy Assy
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 

Recommended

Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014Documenting your REST API with Swagger - JOIN 2014
Documenting your REST API with Swagger - JOIN 2014JWORKS powered by Ordina
 
Introduction to Swagger
Introduction to SwaggerIntroduction to Swagger
Introduction to SwaggerKnoldus Inc.
 
OpenID Connect: An Overview
OpenID Connect: An OverviewOpenID Connect: An Overview
OpenID Connect: An OverviewPat Patterson
 
Swagger
SwaggerSwagger
SwaggerNexThoughts Technologies
 
REST API and CRUD
REST API and CRUDREST API and CRUD
REST API and CRUDPrem Sanil
 
What is Swagger?
What is Swagger?What is Swagger?
What is Swagger?Philip Senger
 
Swagger UI
Swagger UISwagger UI
Swagger UIWalaa Hamdy Assy
 
Token Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreToken Authentication in ASP.NET Core
Token Authentication in ASP.NET CoreStormpath
 
An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
What is an API?
What is an API?What is an API?
What is an API?Muhammad Zuhdi
 
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE
 
Web api
Web apiWeb api
Web apiSudhakar Sharma
 
What is an API
What is an APIWhat is an API
What is an APIElliott Richmond
 
Swagger With REST APIs.pptx.pdf
Swagger With REST APIs.pptx.pdfSwagger With REST APIs.pptx.pdf
Swagger With REST APIs.pptx.pdfKnoldus Inc.
 
Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015johannes_fiala
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJSLuigi Saetta
 
Rest API
Rest APIRest API
Rest APIRohana K Amarakoon
 
REST API
REST APIREST API
REST APITofazzal Ahmed
 
Logging with log4j v1.2
Logging with log4j v1.2Logging with log4j v1.2
Logging with log4j v1.2Kamal Mettananda
 
OAuth 2
OAuth 2OAuth 2
OAuth 2ChrisWood262
 
Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.Artem Korchevyi
 
Netflix API - Separation of Concerns
Netflix API - Separation of ConcernsNetflix API - Separation of Concerns
Netflix API - Separation of ConcernsDaniel Jacobson
 
Api presentation
Api presentationApi presentation
Api presentationTiago Cardoso
 
REST API Basics
REST API BasicsREST API Basics
REST API BasicsTharindu Weerasinghe
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsTessa Mero
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Getting started with Spring Security
Getting started with Spring SecurityGetting started with Spring Security
Getting started with Spring SecurityKnoldus Inc.
 
Building RESTfull Data Services with WebAPI
Building RESTfull Data Services with WebAPIBuilding RESTfull Data Services with WebAPI
Building RESTfull Data Services with WebAPIGert Drapers
 
Mapping example
Mapping exampleMapping example
Mapping exampleSamir Sabry
 

More Related Content

What's hot

An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2Aaron Parecki
 
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE
 
Swagger With REST APIs.pptx.pdf
Swagger With REST APIs.pptx.pdfSwagger With REST APIs.pptx.pdf
Swagger With REST APIs.pptx.pdfKnoldus Inc.
 
Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015johannes_fiala
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJSLuigi Saetta
 
Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.Artem Korchevyi
 
Netflix API - Separation of Concerns
Netflix API - Separation of ConcernsNetflix API - Separation of Concerns
Netflix API - Separation of ConcernsDaniel Jacobson
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsTessa Mero
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & DevelopmentAshok Pundit
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectSaran Doraiswamy
 
Getting started with Spring Security
Getting started with Spring SecurityGetting started with Spring Security
Getting started with Spring SecurityKnoldus Inc.
 

What's hot (20)

An Introduction to OAuth2
An Introduction to OAuth2An Introduction to OAuth2
An Introduction to OAuth2
 
What is an API?
What is an API?What is an API?
What is an API?
 
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE ArchitecturesFIWARE Wednesday Webinars - How to Secure FIWARE Architectures
FIWARE Wednesday Webinars - How to Secure FIWARE Architectures
 
Web api
Web apiWeb api
Web api
 
What is an API
What is an APIWhat is an API
What is an API
 
Swagger With REST APIs.pptx.pdf
Swagger With REST APIs.pptx.pdfSwagger With REST APIs.pptx.pdf
Swagger With REST APIs.pptx.pdf
 
Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015Document your rest api using swagger - Devoxx 2015
Document your rest api using swagger - Devoxx 2015
 
Rest API with Swagger and NodeJS
Rest API with Swagger and NodeJSRest API with Swagger and NodeJS
Rest API with Swagger and NodeJS
 
Rest API
Rest APIRest API
Rest API
 
REST API
REST APIREST API
REST API
 
Logging with log4j v1.2
Logging with log4j v1.2Logging with log4j v1.2
Logging with log4j v1.2
 
OAuth 2
OAuth 2OAuth 2
OAuth 2
 
Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.Test in Rest. API testing with the help of Rest Assured.
Test in Rest. API testing with the help of Rest Assured.
 
Netflix API - Separation of Concerns
Netflix API - Separation of ConcernsNetflix API - Separation of Concerns
Netflix API - Separation of Concerns
 
Api presentation
Api presentationApi presentation
Api presentation
 
REST API Basics
REST API BasicsREST API Basics
REST API Basics
 
Understanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple StepsUnderstanding REST APIs in 5 Simple Steps
Understanding REST APIs in 5 Simple Steps
 
REST API Design & Development
REST API Design & DevelopmentREST API Design & Development
REST API Design & Development
 
OAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId ConnectOAuth 2.0 and OpenId Connect
OAuth 2.0 and OpenId Connect
 
Getting started with Spring Security
Getting started with Spring SecurityGetting started with Spring Security
Getting started with Spring Security
 

Viewers also liked

Building RESTfull Data Services with WebAPI
Building RESTfull Data Services with WebAPIBuilding RESTfull Data Services with WebAPI
Building RESTfull Data Services with WebAPIGert Drapers
 
Stateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsStateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsAlvaro Sanchez-Mariscal
 
淺談RESTful API認證 Token機制使用經驗分享
淺談RESTful API認證 Token機制使用經驗分享淺談RESTful API認證 Token機制使用經驗分享
淺談RESTful API認證 Token機制使用經驗分享Tun-Yu Chang
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Alvaro Sanchez-Mariscal
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring SecurityOrest Ivasiv
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesTwobo Technologies
 
Rest API Security
Rest API SecurityRest API Security
Rest API SecurityStormpath
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsStormpath
 

Viewers also liked (11)

Building RESTfull Data Services with WebAPI
Building RESTfull Data Services with WebAPIBuilding RESTfull Data Services with WebAPI
Building RESTfull Data Services with WebAPI
 
Mapping example
Mapping exampleMapping example
Mapping example
 
Data mapping tutorial
Data mapping tutorialData mapping tutorial
Data mapping tutorial
 
Stateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applicationsStateless token-based authentication for pure front-end applications
Stateless token-based authentication for pure front-end applications
 
淺談RESTful API認證 Token機制使用經驗分享
淺談RESTful API認證 Token機制使用經驗分享淺談RESTful API認證 Token機制使用經驗分享
淺談RESTful API認證 Token機制使用經驗分享
 
Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015Stateless authentication for microservices - Spring I/O 2015
Stateless authentication for microservices - Spring I/O 2015
 
OAuth2 and Spring Security
OAuth2 and Spring SecurityOAuth2 and Spring Security
OAuth2 and Spring Security
 
OAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for MicroservicesOAuth and OpenID Connect for Microservices
OAuth and OpenID Connect for Microservices
 
Rest API Security
Rest API SecurityRest API Security
Rest API Security
 
Effect of erp system
Effect of erp system Effect of erp system
Effect of erp system
 
Design Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIsDesign Beautiful REST + JSON APIs
Design Beautiful REST + JSON APIs
 

Similar to Web API 2 Token Based Authentication

ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2Rodrigo Cândido da Silva
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2Rodrigo Cândido da Silva
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppFIWARE
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your appÁlvaro Alonso González
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...Vladimir Bychkov
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE
 
GSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleGSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleMayank Sharma
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19aminmesbahi
 
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET CoreVladimir Bychkov
 
Ritou idcon7
Ritou idcon7Ritou idcon7
Ritou idcon7Ryo Ito
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...Brian Campbell
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthKashif Imran
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2axykim00
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsPieter Ennes
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Ubisecure
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2Sang Shin
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Aaron Ralls
 

Similar to Web API 2 Token Based Authentication (20)

ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2ConFoo 2015 - Securing RESTful resources with OAuth2
ConFoo 2015 - Securing RESTful resources with OAuth2
 
JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2JavaOne 2014 - Securing RESTful Resources with OAuth2
JavaOne 2014 - Securing RESTful Resources with OAuth2
 
Adding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your AppAdding Identity Management and Access Control to your App
Adding Identity Management and Access Control to your App
 
Adding identity management and access control to your app
Adding identity management and access control to your appAdding identity management and access control to your app
Adding identity management and access control to your app
 
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
2019 - Tech Talk DC - Token-based security for web applications using OAuth2 ...
 
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
FIWARE Tech Summit - Complete Framework for Identity, Access Control and API ...
 
GSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 ModuleGSoC Mideterm-OAuth2 Module
GSoC Mideterm-OAuth2 Module
 
.NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19 .NET Core, ASP.NET Core Course, Session 19
.NET Core, ASP.NET Core Course, Session 19
 
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
2019 - Nova Code Camp - AuthZ fundamentals with ASP.NET Core
 
Ritou idcon7
Ritou idcon7Ritou idcon7
Ritou idcon7
 
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
OAuth 2.0 and Mobile Devices: Is that a token in your phone in your pocket or...
 
Api security
Api security Api security
Api security
 
Oauth2.0
Oauth2.0Oauth2.0
Oauth2.0
 
OAuth
OAuthOAuth
OAuth
 
Securing SharePoint Apps with OAuth
Securing SharePoint Apps with OAuthSecuring SharePoint Apps with OAuth
Securing SharePoint Apps with OAuth
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
Mobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patternsMobile Authentication - Onboarding, best practices & anti-patterns
Mobile Authentication - Onboarding, best practices & anti-patterns
 
Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0Protecting your APIs with OAuth 2.0
Protecting your APIs with OAuth 2.0
 
Spring4 security oauth2
Spring4 security oauth2Spring4 security oauth2
Spring4 security oauth2
 
Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4Authorization and Authentication using IdentityServer4
Authorization and Authentication using IdentityServer4
 

Recently uploaded

Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsJheuzeDellosa
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 

Recently uploaded (20)

Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
What is Binary Language? Computer Number Systems
What is Binary Language? Computer Number SystemsWhat is Binary Language? Computer Number Systems
What is Binary Language? Computer Number Systems
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 

Web API 2 Token Based Authentication

  • 1. ASP.NET Web API 2 Token Based Authentication Jeremy Brown jeremy@jeremysbrown.com @JeremySBrown ht tps : / /gi thub.com/ JeremySBrown/AuthTokenPresentat ion
  • 2. What this talk is about… • Basic Concepts of Token Based Authentication • Benefits of Token Authentication • Quick Overview of OAuth 2.0 (really quick) • How to use it in an ASP.NET Web API 2 Project
  • 3. What is Token Authentication? I t is the process when a Resource Owner or Cl ient i s granted a token by providing thei r credent ials to an Author izat ion Server. The obtained access token can then be presented to a Resource Server to access a protected resource.
  • 4. Benefits of Token Authentication • Allows access between applications without sharing credentials • Supports Cross-Domain / CORS • Stateless • Decoupling • Mobile Ready • CSRF/XSRF is not an issue
  • 5. Access Tokens: The Heart of OAuth Quick Guide to OAuth 2.0 • Roles • Client Types • Client Profiles • Authorization Grant Types
  • 6. OAuth 2.0 Roles • Resource Owner: End User • Resource Server: Host that accepts access tokens • Client: An application that needs access to a protected Resource • Authorization Server: Issues token to authenticated owner Note: Typically ASP.NET Web API projects functions as both the Authorization Server and Resource Server
  • 7. OAuth 2.0 Client Types & Profiles • Confidential Clients • Web Applications (Server Side Only) • Public Clients • User Agent Based Applications (JQuery, SPAs, Silverlight, Flash) • Native Applications (Mobile, Desktop Applications)
  • 8. OAuth 2.0 Authorization Grant Types • Resource Owner Password • Client Credentials • Authorization Code • Implicit • Refresh Token
  • 9. Development Options • OWIN – Open Web Interface for .NET • Middleware components for OAuth and CORS • http://owin.org • DotNetOpenAuth • C# implementation of the OpenID, OAuth and InfoCard protocols • http://dotnetopenauth.net
  • 10. Contact Information • jeremy@jeremysbrown.com • https://github.com/JeremySBrown/AuthTokenPresentation • @JeremySBrown

Editor's Notes

  1. Not about Identity Management
  2. CORS: Cross Origin Resource Sharing Limited browser: http://caniuse.com/cors
  3. OAuth 2.0 is a specification that defines how a client: Request access tokens from authorization servers Present tokens to resource servers to access protected resources
  4. The first four are the primary. OAuth built in extensibility to define other grant types.
  5. OWIN defines a standard interface between .NET web servers and web applications. The goal of the OWIN interface is to decouple server and application, encourage the development of simple modules for .NET web development, and, by being an open standard, stimulate the open source ecosystem of .NET web development tools.