DPS907 notes – Tue Nov 4

Security topics. Make progress on Assignment 1.

.

Security topics

From Mike Wasson’s article (on asp.net/web-api):

In Visual Studio 2013, the Web API project template gives you three options for authentication:

  1. Individual accounts. The app uses a membership database.
  2. Organizational accounts. Users sign in with their Azure Active Directory, Office 365, or on-premise Active Directory credentials.
  3. Windows authentication. This option is intended for Intranet applications, and uses the Windows Authentication IIS module.

Individual accounts provide two ways for a user to log in, Local login, and Social login.

With Local login, the user registers at the site, entering a username and password. The app stores the password hash in the membership database. When the user logs in, the ASP.NET Identity system verifies the password.

For both local and social login, Web API uses OAuth2 to authenticate requests.

In this article, I’ll demonstrate a simple app that lets the user log in and send authenticated AJAX calls to a web API. You can download the sample code here. The readme describes how to create the sample from scratch in Visual Studio.

.

In this course’s GitHub repository, you will also find a project named SecurityBaseMicrosoft. It was created with “File > New > Project”, as an ASP.NET MVC app, with Individual User accounts.

Briefly study the code components, to learn about the components that this project type adds to the code base.

Will you use this for your project?

No.

Instead, you will use a separate project, an “Authorization Server”. You will learn more about that soon.

.

Assignment 1

Discuss, and problem solve.

Ask questions please.

For Thursday’s class/session, prepare a list of use cases.

Then, from that list, prepare a list of controllers, and methods. Remember the command pattern – raise the level of abstraction when appropriate (and make your controller method and repository method do more work).

.

.

.

.

.

.

.

.

.

.

.

.

.

.

.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: