New Pluralsight Course: “Web API v2 Security”

It is finally online! Hope you like it.

This entry was posted in ASP.NET, AuthorizationServer, Katana, OAuth, OWIN, WebAPI. Bookmark the permalink.

22 Responses to New Pluralsight Course: “Web API v2 Security”

  1. Chris Simmons says:

    Dominick, excellent course. The HTTPS section alone is worth this month’s Pluralsight subscription fee. Thanks so much for your work on this.

  2. andy says:

    Is it not relevant for ASP.NET MVC5 developers as well? Seems like a WEB.API only course from the abstract?

    • As the title implies – it is about web api ;)

      • Andy says:

        Yes, its a WEB.API course, but I wonder are the security features in WEB.API not more or less the same as in MVC5? I mean 1-1 compatible across WEB.API and MVC? or are there big differences?

      • Besides the Katana underpinnings – Web API and MVC share 0 (zero) code. Also the concepts are different (cookies vs tokens). So yes they are similar – but only on the surface.

  3. Great course. It completely discouraged me to even try to use the Katana middlewares as in their current state. Looking forward to IdSrv3 – looks like the most complete solution. Microsoft should’ve spent more time on their OAuth implementation. Very incomplete. Anything you try to do outside of the basic templates they give you gets very difficult very quickly.

  4. Brad Cathey says:

    Thanks for more great content, Dominick!

  5. Andrew Hart says:

    Great course! I really learned a lot. I wish there was more information on ClaimsTransformation in WebAPI though.. Hopefully soon!

  6. Alex says:

    Did you by any chance cover the topic of JWT token validation in the context of OWIN (using JwtBearerAuthenticationOptions)? It’s not clear from the table of contents on Pluralsight’s site.

    I’m asking because I have a Web API v1 authentication mechanism based on a message handler that internally uses JwtSecurityTokenHandler + (Azure) signing certificates for token validation and I’m puzzled about how to migrate all that to OWIN (i.e. how to plug my existing validation code into JwtBearerAuthenticationOptions)…

    • Yes I use the middleware. The MW is also just a wrapper around the JWT handler.

      • Alex says:

        If I understand correctly, you have chosen to demonstrate some kind of a custom middleware that checks for the JWT token in the OWIN dictionary, validates it using whatever custom logic, and eventually builds a ClaimsPrincipal out of it? Nothing to do with the approach based on wiring up custom code to JwtBearerAuthenticationOptions?

  7. I am using the standard MS middleware – maybe I wrapped it in an easier to use extension method. But that’s it.

  8. Great course. I’ve learned a lot with it, almost everything that I know about security in WebApi.
    Do you have an implementation of a Javascript client for using it with the EmbeddedResourceOwnerFlow demo?

  9. Thanks for the fast response.
    I just did one version, and it is working fine, except when I try to use it in a cross domain call.
    Do you know about any issue with the token endpoint and cross domains calls?
    Any idea about what I have to change in the startup.cs to make the token endpoint able to answer cross domain requests?

  10. scubaboy50 says:

    I’ve spent sometime watching your Web API V2 Security course on pluralsight and have a question regarding identity providers and AuthorizationServer. I understand that AuthorizationServer uses and identity provider to authenticate the client and then AuthorizationServer would handle the authorization. Is it possible to configure AuthorizationServer to use two different identity providers? Reason I ask, I’m working on a application that will be accessed from within a corporate intranet by some clients so for that I plan to use ADFS as the identity provider. However there are some clients that are not part of the company and therefore not in AD but still need to be given access to the application, in this situation would I need to use something like Indentityserver?

  11. Murali says:

    Dominick, excellent course. But I couldn’t get the source code for these modules. Can you provide me where I can get the source code? I didn’t need the source code till I reached module 4, as I was able to construct all the classes myself, but since I am new to C# Dot net, I would appreciate if I get the source code. You mention in the pluralsight course that we will get the source code, but I cant find where to get it from.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s