Securing REST Web API in ASP.NET

The REST Web Api endpoint the customer has developed & deployed to Azure website has anonymous access. The REST end point must be secured. I was investigating the best and easier way to secure the REST endpoint in ASP.NET.

There are multiple ways to secure the REST end point.
1. Open ID (RSA key pair)
2. OAuth

The OAuth will require bit of the work which can be done using Azure AD as the claims provider. However Open ID is very well received in the community and easy to implement by using the RSA key pair. The details of RSA key pairs is discussed in the following blog post.

Making your ASP.NET Web API’s secure -> http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/

I coded a sample REST Web API to test it out. It works.

In Summary,

• Using the RSACryptoServiceProvider class create the public / private key.
• Encrypt the token using RSAClass.Enrypt
• Using Fiddler pass the token “Authorization-Token” in the header.

Please see the following other links for the reference on this topic:
https://stormpath.com/blog/secure-your-rest-api-right-way/
http://msdn.microsoft.com/en-us/library/hh446531.aspx
http://blog.cloudfoundry.org/2012/10/09/securing-restful-web-services-with-oauth2/
http://jamiekurtz.com/2013/01/14/asp-net-web-api-security-basics/
http://www.allenconway.net/2012/05/creating-wcf-restful-service-and-secure.html
http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/
http://leastprivilege.com/2011/11/15/token-based-authentication-for-wcf-httprest-services-authentication/

About Pankaj

I am a Developer and my linked profile is https://www.linkedin.com/in/pankajsurti/
This entry was posted in Azure. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s