A compact ASP.Net application to learn about securing web applications and apis.
Being a developer for over three decades I have been dealing with with the new keywords, terminology, along with the new and exciting technology, all the time. Being an old-timer, and a strong proponent of KISS (Keep It Simple and Stupid,) I sometimes feel lost. In those situations, I try to simplify stuff for others like me, who perhaps can benefit with my work. This project is along the same lines.
If you are new to this subject, I suggest you to watch a very simple slideshow I prepared on this topic. [https://www.ipcolony.com/#blog-web-security]
What you will learn
Using this project you will learn pretty much how OAUTH works, though the project itself does not use it.
The following items are covered in the project.
- Forcing https for your site
- Password validation against stored hash
- Returning a token after authentication
- Using token for for subsequent conversation
- Maintaining the tokens on the server side using a simple thread safe list
- Securing Api methods
- Adding added authorization to Api methods so that only selected users can use it