What is OAuth 2.0 and how its flows can be applied for securing my applications? What does a token do and how it is useful in securing API’s? Is there any way to implement all these nice and easy in ASP.NET Core? In this post I will cover these topics, by first discussing about why token based security is so successful in security scenarios, and the OAuth protocol play in this. We’ll see more closely one of OAuth flows, the client credentials flow and implement it to secure an ASP.NET Web API application.
This post continues from earlier article on Unit testing and code coverage for ASP.NET Web API (1/2).
Much about the topic is inspired from the truly magnificent book “The Clean Coder: A Code of Conduct for Professional Programmers” of Robert C. Martin Series, which of course, I definitely recommend.
Specifying the low level architecture
Professional software developers always test their code. It is part of our daily job, we should be proud and flexible on writing tests. It is a proof that our code actually follows our intent, at least on system’s low level. There are many more tests to be followed, composing a testing strategy, but this post is going to focus solely on one aspect of such strategy, the unit tests.
This is the second post in the series on Web API. Topic is TDD and code coverage, so I am going to demonstrate how to unit test your core code, as well as the API code and in the end, how to measure the code coverage you achieved on testing your code base. First, I am going through the changes needed to take place in the application architecture and then I will go to tests, so this article is divided into two parts.
In this post we are going to talk a little bit about OWIN. What is it, how can we use it with ASP.NET Web API to expose API endpoints, as well as how to secure those endpoints.
The application uses OWIN to self-host the Web API as well as ASP.NET Identity as underlying membership mechanism. Users can fetch public data from /api/people endpoint, as well as secured private data from /api/user endpoint. The latter one is to demonstrate security in Web API.