A compact ASP.Net application to learn about securing web applications and apis.
Being a developer for over three decades I have been dealing with with the new keywords, terminology, along with the new and exciting technology, all the time. Being an old-timer, and a strong proponent of KISS (Keep It Simple and Stupid,) I sometimes feel lost. In those situations, I try to simplify stuff for others like me, who perhaps can benefit with my work. This project is along the same lines.
If you are new to this subject, I suggest you to watch a very simple slideshow I prepared on this topic. [https://www.ipcolony.com/#blog-web-security]
Using this project you will learn pretty much how OAUTH works, though the project itself does not use it.
The following items are covered in the project.
- Forcing https for your site
- Password validation against stored hash
- Returning a token after authentication
- Using token for for subsequent conversation
- Maintaining the tokens on the server side using a simple thread safe list
- Securing Api methods
- Adding added authorization to Api methods so that only selected users can use it