New Pluralsight Course: “Web API v2 Security”

It is finally online! Hope you like it.

http://pluralsight.com/training/Courses/TableOfContents/webapi-v2-security

This entry was posted in ASP.NET, AuthorizationServer, Katana, OAuth, OWIN, WebAPI. Bookmark the permalink.

16 Responses to New Pluralsight Course: “Web API v2 Security”

  1. Chris Simmons says:

    Dominick, excellent course. The HTTPS section alone is worth this month’s Pluralsight subscription fee. Thanks so much for your work on this.

  2. andy says:

    Is it not relevant for ASP.NET MVC5 developers as well? Seems like a WEB.API only course from the abstract?

    • As the title implies – it is about web api ;)

      • Andy says:

        Yes, its a WEB.API course, but I wonder are the security features in WEB.API not more or less the same as in MVC5? I mean 1-1 compatible across WEB.API and MVC? or are there big differences?

      • Besides the Katana underpinnings – Web API and MVC share 0 (zero) code. Also the concepts are different (cookies vs tokens). So yes they are similar – but only on the surface.

  3. Great course. It completely discouraged me to even try to use the Katana middlewares as in their current state. Looking forward to IdSrv3 – looks like the most complete solution. Microsoft should’ve spent more time on their OAuth implementation. Very incomplete. Anything you try to do outside of the basic templates they give you gets very difficult very quickly.

  4. Brad Cathey says:

    Thanks for more great content, Dominick!

  5. Andrew Hart says:

    Great course! I really learned a lot. I wish there was more information on ClaimsTransformation in WebAPI though.. Hopefully soon!

  6. Alex says:

    Did you by any chance cover the topic of JWT token validation in the context of OWIN (using JwtBearerAuthenticationOptions)? It’s not clear from the table of contents on Pluralsight’s site.

    I’m asking because I have a Web API v1 authentication mechanism based on a message handler that internally uses JwtSecurityTokenHandler + (Azure) signing certificates for token validation and I’m puzzled about how to migrate all that to OWIN (i.e. how to plug my existing validation code into JwtBearerAuthenticationOptions)…

    • Yes I use the middleware. The MW is also just a wrapper around the JWT handler.

      • Alex says:

        If I understand correctly, you have chosen to demonstrate some kind of a custom middleware that checks for the JWT token in the OWIN dictionary, validates it using whatever custom logic, and eventually builds a ClaimsPrincipal out of it? Nothing to do with the approach based on wiring up custom code to JwtBearerAuthenticationOptions?

  7. I am using the standard MS middleware – maybe I wrapped it in an easier to use extension method. But that’s it.

  8. Great course. I’ve learned a lot with it, almost everything that I know about security in WebApi.
    Do you have an implementation of a Javascript client for using it with the EmbeddedResourceOwnerFlow demo?

  9. Thanks for the fast response.
    I just did one version, and it is working fine, except when I try to use it in a cross domain call.
    Do you know about any issue with the token endpoint and cross domains calls?
    Any idea about what I have to change in the startup.cs to make the token endpoint able to answer cross domain requests?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s