Securing the ASP.NET Web API
Multiple extension points in the ASP.NET Web API enable developers to implement a feature in different ways. Some features can be provided by the hosting platform while some are available as part of the ASP.NET Web API framework. In this section, we discuss options available for Web API authentication and authorization and delve into the details of some of the features provided by the ASP.NET Web API framework.
The following table lists the various options that can be used to secure an ASP.NET Web API:
|
Option |
Description |
|---|---|
|
Authentication filters |
These provide a clean and granular way of implementing authentication for Web API controllers and actions. For example, they allow us to enable multiple authentication schemes for each controller or even for a particular action. We discuss authentication filters later in this section. |
|
Authorization filters |
These are used to determine access to a resource based on incoming user credentials. We discuss authorization... |
