I'm a big proponent of delegated authentication. It's no surprise that [Broken Authentication](https://www.owasp.org/index.php/Top_10-2017_A2-Broken_Authentication" target="_blank) is #2 at the OWASP top 10 latest report. It's been #2 for a very long time, which means that developers and enterprises are still getting this wrong. There are so many ways that authentication that can go wrong, that delegated authentication should be the preferred and possibly the default choice for all platforms. There are many different services that can provide this. I've heavily worked with Azure AD and Azure AD B2C …[read more]
Showing all posts tagged: 'WebApi'
A 6-post collection
[ASP.NET WebAPI](http://www.asp.net/web-api "target="_blank) is a powerful tool for creating APIs quickly and efficiently in .NET. In fact, it takes minimal effort to expose your data through WebAPI though this is both a curse and a blessing. Blessing because it's so easy, curse because you need to be very careful of what you expose. You need to ensure that you're not exposing unwanted information and only provide authenticated access when necessary. Securing WebAPI is a big subject so I'll leave that for another post. Today, I'll show you how to create WebAPI …[read more]
The ASP.NET WebAPI is really versatile and powerful and I like to use it as much as I can when I develop for the web. I know that MVC controller methods can also process ajax requests, but I like the separation of concerns. WebAPI for REST calls and MVC for Views and the ViewModels manipulation. Note: if you still want to use MVC instead of WebAPI for your server implementation, have a read here. Recently, I had to implement a method to upload files to the server from an MVC view. I decided to use ajax and WebAPI. Once …[read more]
WebAPI is awesome. It allows .NET developers to quickly set up a public API for any data with minimal effort. WebAPI has been available for a while and with each iteration, it grows stronger and more versatile. However, there is no point in offering an API that no one can consume it. WebAPI works great straight out of the box for GET requests. However, once you start using it for POST, PUT or DELETE operations, then CORS kicks in and drops requests from hitting the server. CORS stops any cross domain requests so if your api is running at www. …[read more]
Today I've run across an issue where I had to create a WebAPI GET action that could accept, among other things, a parameter with comma-separated values. If you ever need to implement this, then that's one way to do it: Create an action filter### The action filter will be used to intercept the action call and process the comma-separated parameter. Then, you simply assing the action filter to the controller action and you can carry on with the next task at hand. A practical example### First, let's create the action filter. Create a new class and name it something like …[read more]