Friday, 6 May 2016

My notes on security

Basic Authentication in ASP.NET Web API


Advantages       
Internet standard.
Supported by all major browsers.
Relatively simple protocol.
Disadvantages
User credentials are sent in the request.
Credentials are sent as plaintext.
Credentials are sent with every request.
No way to log out, except by ending the browser session.
Vulnerable to cross-site request forgery (CSRF); requires anti-CSRF measures.

HMAC: Hash base Message Authentication Code

Advantages
Data integrity: The data sent by the client is intact and not tampered.
Request origination: The request comes from a trusted client.
Not a replay request: The request is not captured by an intruder and being replayed.






aws: Authenticating Requests Using the REST API


aws api gateway




Azure: Secure ASP.NET Web API 2 using Azure Active Directory


var clientCredential = new ClientCredential(clientId, secret);
 var authContext = new AuthenticationContext("https://login.microsoftonline.com/" + Maccount, false);

 AuthenticationResult authenticationResult = authContext.AcquireToken(MclientId, clientCredential);