Authentication and authorization

We have created a simple web API that returns the list of contacts or specific contacts by ID. This web API can be accessed by any client that supports HTTP and is not secured enough. With the help of authentication and authorization mechanisms, we can secure this web API from unauthorized access.

Authentication mechanism helps in identifying the valid user and authenticating them using the identity of the user. Here, the identity can be a username and password.
Authorization mechanism helps in restricting unauthorized access to an action. For example, An unauthorized user can get the list of contacts. But he is restricted to create new contact.

Authentication

Authentication is carried out in the host Internet Information ...

Get ASP.NET Web API Security Essentials now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ASP.NET Web API Security Essentials by Rajesh Gunasundaram

Authentication and authorization

Authentication

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly