Friday, 6 May 2016

My notes on security

Basic Authentication in ASP.NET Web API

Internet standard.
Supported by all major browsers.
Relatively simple protocol.
User credentials are sent in the request.
Credentials are sent as plaintext.
Credentials are sent with every request.
No way to log out, except by ending the browser session.
Vulnerable to cross-site request forgery (CSRF); requires anti-CSRF measures.

HMAC: Hash base Message Authentication Code

Data integrity: The data sent by the client is intact and not tampered.
Request origination: The request comes from a trusted client.
Not a replay request: The request is not captured by an intruder and being replayed.

aws: Authenticating Requests Using the REST API

aws api gateway

Azure: Secure ASP.NET Web API 2 using Azure Active Directory

var clientCredential = new ClientCredential(clientId, secret);
 var authContext = new AuthenticationContext("" + Maccount, false);

 AuthenticationResult authenticationResult = authContext.AcquireToken(MclientId, clientCredential);