Recently I was working on securing ASP.NET Web API HTTP service that will be consumed by a large number of terminal devices installed securely in different physical locations, the main requirement was to authenticate calls originating from … [Continue reading]
In my previous post Secure ASP.NET Web API 2 using Azure Active Directory I've covered how to protect Web API end points using bearer tokens issued by Azure Active Directory, and how to build a desktop application which acts as a Client. This Client … [Continue reading]
One of the main new features of ASP.NET 5 is unifying the programming model and combining MVC, Web API, and Web Pages in single framework called MVC 6. In previous versions of ASP.NET (MVC 4, and MVC 5) there were overlapping in the features between … [Continue reading]
In the previous post Decouple OWIN Authorization Server from Resource Server we saw how we can separate the Authorization Server and the Resource Server by unifying the "decryptionKey" and "validationKey" key values in machineKey node in … [Continue reading]
Last week I was looking on how to enable Two Factor Authentication in a RESTful ASP.NET Web API service using Soft Tokens not SMS. Most of the examples out there show how to implement this in MVC application where there will be some cookies … [Continue reading]
Recently I've received lot of comments and emails asking how we can decouple the OWIN Authorization Server we've built in the previous posts from the resources we are protecting. If you are following the posts mentioned below you will notice that … [Continue reading]
Recently I've been asked by many blog readers on how to secure ASP.NET Web API 2 using Azure Active Directory, in other words we want to outsource the authentication part from the Web API to Microsoft Azure Active Directory (AD). We have already seen … [Continue reading]
Recently I was working on designing and implementing a large scale RESTful API using ASP.NET Web API, this RESTful API contains large number of endpoints with different data models used in the request/response payloads. Proper documentation and … [Continue reading]
Ok so it is time to enable ASP.NET Web API 2 external logins such as Facebook & Google then consume this in our AngularJS application. In this post we'll add support to login using Facebook and Google+ external providers, then we'll associate … [Continue reading]
After my previous Token Based Authentication post I've received many requests to add OAuth Refresh Tokens to the OAuth Resource Owner Password Credentials flow which I'm currently using in the previous tutorial. To be honest adding support for … [Continue reading]