I'm a big proponent of delegated authentication. It's no surprise that Broken Authentication is #2 at the OWASP top 10 latest report. It's been #2 for a very long time, which means that developers and enterprises are still getting this wrong. There are so many ways that authentication that can go wrong, that delegated authentication should be the preferred and possibly the default choice for all platforms. There are many different services that can provide this. I've heavily worked with Azure AD and Azure AD B2C but this time I wanted to take Auth0 for a spin. In this post …[read more]
Showing all posts tagged: 'WebApi'
A 6-post collection
ASP.NET WebAPI is a powerful tool for creating APIs quickly and efficiently in .NET. In fact, it takes minimal effort to expose your data through WebAPI though this is both a curse and a blessing. Blessing because it's so easy, curse because you need to be very careful of what you expose. You need to ensure that you're not exposing unwanted information and only provide authenticated access when necessary. Securing WebAPI is a big subject so I'll leave that for another post. Today, I'll show you how to create WebAPI controller methods that take optional parameters. 1. Using default …[read more]
The ASP.NET WebAPI is really versatile and powerful and I like to use it as much as I can when I develop for the web. I know that MVC controller methods can also process ajax requests, but I like the separation of concerns. WebAPI for REST calls and MVC for Views and the ViewModels manipulation. Note: if you still want to use MVC instead of WebAPI for your server implementation, have a read here. Recently, I had to implement a method to upload files to the server from an MVC view. I decided to use ajax and WebAPI. Once …[read more]
WebAPI is awesome. It allows .NET developers to quickly set up a public API for any data with minimal effort. WebAPI has been available for a while and with each iteration, it grows stronger and more versatile. However, there is no point in offering an API that no one can consume it. WebAPI works great straight out of the box for GET requests. However, once you start using it for POST, PUT or DELETE operations, then CORS kicks in and drops requests from hitting the server. CORS stops any cross domain requests so if your api is running at www. …[read more]