Pro ASP.NET Web API Security: Securing ASP.NET Web API (Expert's Voice in .NET) 1st ed. Edition

This is a fantastic and thorough book, which was exactly what I wanted.Far and away, my favorite part about this book is the depth to which it explains the technologies that underlie both ASP.NET Web API (namely HTTP) and security, for example X.509 certificates, Federation services, hashing, digital signing and encryption. At every step of the way real code is presented to either use the facilities described or to implement the services in question (even though the implementations are sometimes just for illustration, and not full implementations of production quality systems).I would flat-out recommend this book to anyone who needs or would like to learn about web technology security. Although you'll have to put up with a little Web API material you might not be specifically interested in, 90% of the book is relevant to all web programming. And even if you aren't interested much in Web API - read it cover to cover anyway. The essence of RESTful web services is leveraging the power of HTTP - which underlies most web related programming I've encountered. And even though the book doesn't specifically address technologies like JSON, CORS, ETags and Cookies, their role in web programming is illuminated though the context of securing Web API, which should help the reader understand these and other subject from a perspective not always addressed in other sources.Let me stress - much of this book is not specific to Web API. In fact, if you only wanted to secure a web-enabled application of any type, most of this book applies to what you're trying to do. That having been said, if you do need to work on a Web API application, you'll find everything you need right here.I can tell you that before reading this book, I had played with OAuth 2.0 to the point of even getting an application talking to LinkedIn. Now I understand what I was doing.I recommend this book for anyone:- Somewhat experienced with C#. You won't get anything out of the code samples unless you know C# to at least be able to read the syntax. The author explains the code samples extensively, so this isn't an absolute requirement, but it'll help you get the most out of the book.- Interested in learning more in depth about web programming having done some.- Interested in ASP.NET Web API, but willing to learn about the platform itself from other sources.- Interested in computer security in general, or specifically in the securing of web applications (beyond even Web API).- Interested in RESTful web services (although if you hate security, you won't find the bulk of the book to be useful).- Thinking about integrating cloud type software with other software, and how you can go about providing authentication and authorization across the cloud boundaries.I don't recommend this book for someone:- Totally unfamiliar with C#.- Completely new to web programming.- Considering her/himself to be an expert on web security topics, and wants to become an expert Web API application designer. You won't be learning about how to put together a Web API, just how to secure it.Negatives for the book:The index isn't very good, or at least, after I read the book and I wanted to reread about a specific topic, I had to find it myself by context matching with the table of contents. The index never listed the items I wanted to review.There is a lot of code. The author does as good a job as I've seen explaining what each snippet does and how it's important, but still there are a few places where page after page of code is presented. Still, my preference is to only get the really important lines of code so that I can focus on the topic at hand, and not have to mentally trace variables from method listing to method listing. Some folks might prefer it this way, but I think it muddies up an otherwise good read.

This book is a few years old now but very relevant. The chapter toward the end of the book called 'OAuth 2.0 from the ground up' is particularly valuable to me because it explains how to build a simple Authorization Server so that it is no longer a black box. If one can see all the redirect flows and all the POST and GET on the Authorization server side as well as the Exchange method on the client side where an authorization code is exchanged for an access token it all becomes so much clearer. Of course what I am saying here is a simplification of the whole process but this book makes everything so much clearer. Earlier chapters describe the internal structure of what goes into a token and how to encrypt and sign a token.

As many of the Pro Series Books are highly technical and complex, this book is no different. I do recommend this book to anyone working with the MVC WebAPI. Unlike so many of the "other" books, this one dives in deep and sometimes that's exactly what you need. Recommended for Advanced developers. I would include intermediate developers in my recommendation if they want to advanced into the realm of an advanced developer. I found the book a bit pricey but as with so many things, if it saves time then it saves money and this book is no exception.

This book is absolutely amazing and extremely well written and impressive in how much it covers. If you're not too familiar with web security, this book does a great job explaining the concepts and the reasoning behind modern web security from the ground up. Badri maintains a conversation as the book progresses from the basic of HTTP to token-based api security. The code samples are sure classic in many future projects not only because of how digestable they are but also based on the surrounding explanation. There is plenty of great code samples that are easily readable and formattable. The book shows implementations of windows identity foundation as well as TWO methods of implementing an OAuth 2.0 Resource & Authorization Server and how to use the access tokens to implement security in the ASP.NET Web Api.Even if ASP.NET Web Api isn't your method of choice for creating JSON/XML and RESTful services, there is so much to take away from this book. It's an absolute buy and a pleasure to read.

While the title of the book is indeed accurate, you will learn a ton about the inner workings of the Web API and numerous ways to secure your API's. However, what I found astounding is how much further the author takes the subject. The author is able to cover so many complex security topics in such a detailed way as well as how to implement them in the ASP.NET Web API. Hands down one of the best tech books I have read. Rich in content, almost no fluff, very usable examples, and a wonderful enumeration of information on the topic of security. I wish there was more than 5 stars.On a side note, I would like to see a second edition of this book soon to keep up with the changes in the newest version of the Web API i.e. Owin.

I bought this book not expecting much because I wasn't sure what the title meant by Security. Since Security could mean so many things.But I am about two thirds of the way through the book and I am very satisfied with this purchase. This is one of the best computer books I have read in quite some time. Its very well written and covers all the popular authentication scenarios you could run into when developing an application that uses .NET WEB API.Basic Auth, Digest, Windows Auth, WS-Trust, OAuth, and more.It gives a high level of how the interactions work and then goes into coding examples of how to implement each scenario.This book is definitely a keeper and I will probably be referencing it for years to come.

If having 6-star option, I would give it to this amazing book!Planned to finished the reading within few days like other books, but it would not work because the book, each chapter covers so much interesting thing, you have to pause, think all the time.Not yet went through the whole book, only few chapters, I have learned a LOT!Needless to say, go for this guy if you really want to do some web security dev job seriously!

Un très bon livre, bien écrit qui devrait permettre d'apporter pas mal de réponses pour tout ce qui concerne la mise en place de service de sécurité.

A sound body of knowledge brought together in one place! Saved me hours of "ad hoc" google searches. Explains the topic comprehensively in a clear logical progression.

l'argomento è molto interessante ed è trattato in modo esauriente. Il libro non mi sembra organizzato in modo perfetto e anche l'esposizione non è lineare come dovrebbe esserlo per un pubblico tecnico ed internazionale.