Web API Security in .Net6

 What is Web API Security

  • Web API Security is a mechanism to ensure that the APIs are not to be accessed without proper authentication and authorization.
  • This is required to ensure that the APIs are not misused.
  • Authentication is a mechanism to ensure that the user is a valid user and authorization to ensure that the user has all the right permission to access a method.

Adding Authentication at Controller and Action Level

  • We can do this by adding [Authorize] attribute at the controller level. This ensures that all the method of this controller can only be accessed by an authenticated user.
  • If we want to exclude a specific method from Authentication and Authorization process then we need to write [AllowAnonymous] at the action method level.
  • If we do not want to apply Authentication and Authorization to all the methods of a controller and want it to do for any specific method, then we can write [Authorize] attribute on the top of that method instead of writing it at the controller level.
  • We can also do authorization by user name, role or policy

// Restrict by user:

[Authorize(Users="Alice,Bob")]

// Restrict by role:

[Authorize(Roles="Administrators")]


Steps to Implement Security in Web API

  • Create a Web API Project with the name AuthProvider (This will be used to generate token for Multiple Web API Projects)
  • Add a class UserApiModel



  • Install Package System.IdentityModel.Tokens.Jwt
  • Add JWT Issuer, Audience and Secret Key in appsettings.JSON
  • Issuer is Auth server URL , audience in the consumer API URL and token is a unique token
  • Write a method to generate token based on User Claims, Issuer and Audience
  • Create second Web API project with the name WebAPIOne
  • Add the JWT section in appsettings.json file and only mention the app specific Audience and Secret Key

  • Install the package Microsoft.AspNetCore.Authentication.JwtBearer
  • Add the authentication dependency from program.cs file
  • Write [Authorize] attribute on top of the controller and the project is ready to be used using bearer authentication

Git Hub Link for Demo Code

Comments

Post a Comment

Popular posts from this blog

Publish .Net Core Web API to Linux Host

Image
Publish .Net Core Web API to Linux Host In this post below, I am going to detail out the step of publishing a .NET Core Web API to Linux Host SSH the Linux host Open any SSH client like gitbash Go to the location where the .pem file exists ssh -i <pemfilename> -v <username>@<host_IP_Address> use sudo su for super admin access to run further command Create project folder Go to /var/www folder (cd /var/www) create a new folder for the project. For example SampleWebAPI (mkdir SampleWebAPI ) Publish project in release mode Open command prompt as administrator Go to Project folder - cd <foldername> dotnet publish  --configuration release Copy latest publish code to project folder Open file transfer tool like FileZilla Connect to linux host with right credentials Copy the file from local published folder to  /var/www/SampleWebAPI  Change the Nginx configuration file Go to cd /etc/nginx/sites-available/ Edit default config file: vim default...
Read more

Entity Relationship Using EF Core Code First Approach

 In this section, we are going to talk about the different kind of relationship between entities and how to establish that using C# code. Followings are the type of relationship One to Many An employee can have more than 1 education details. To Achieve this, we need to have a property in employee class like the below one. public ICollection<EmployeeEducation> EducationList { get; set; } Once we do this and add the migration, it will add a new column EmployeeID in EmployeeEducations table, but as a nullable attribute. In this case, if we try to add data in EmployeeEducations table, it will set EmployeeID as null To fix this, we need to add a cross reference in the EmployeeEducation Class, to denote that Every education record must have an employee ID. This will ensure that allow null attribute of EmployeeID column in EmployeeEducations  table is set to false. public Employee Employee { get; set; } If we try to insert values in EmployeeEducations table with below code...
Read more

Web API Using EF Core

Image
What is Web API  As the name suggests, is an API over the web which can be accessed using HTTP protocol. We can build Web API using different technologies such as Java, .NET etc.  Web API breaks the limitation of language. For example a web API written in .Net can be utilized by Java and vice verssa, because the request/response format of Web API is JSON which is understood by all language. For example, Twitter's  REST APIs  provide programmatic access to read and write data using which we can integrate twitter's capabilities into our own application. We can use tools like Fiddler, PostMan and Swagger for testing Web API .Net Core Web API -   Is an Ideal platform for building RESTful services. Is built on top of ASP.NET and supports ASP.NET request/response pipeline Maps HTTP verbs to method names. Supports different formats of response data. Built-in support for JSON, XML, BSON format. C...
Read more