SlideShare une entreprise Scribd logo

OAuth and Rest

Télécharger en tant que PPT, PDF
Mindfire Solutions
Mindfire Solutions

Websites usually communicate via web services — REST API is one such technology that can be used to create a web service. OAuth is an open standard for authorization that provides a process for end-users to authorize third-party access to their server resources without sharing their credentials (typically, a username and password pair). This session would cover introduction to OAuth and securing rest service using OAuth.

LogicielsTechnologie
1  sur  21
Presenter: Jnana Ranjan Swain Date: 27-6-2014 OAuth And REST Services
Presenter:Jnana Ranjan Swain, Mindfire Solutions About Me MCTS-70-515 - Microsoft .NET 4.0, Web App Development ASP.NET, WCF, SQLServer, Jquery, jQueryUI, WindowsAzure, EntityFramework, MVC Facebook: http://www.facebook.com/jnanaswain LinkedIn: http://www.linkedin.com/in/jnanaswain Twitter: https://twitter.com/jnanaswain Email: jnanas@mindfiresolutions.com Skype: mfsi_jnanas Skills Connect Me Contact Me Certification
Agenda Presenter:Jnana Ranjan Swain, Mindfire Solutions  Introduction To OAuth  OAuth Security Framework  OAuth .Net API  Building Rest Service using Asp.net WebAPI  Securing Rest API  Live Demo
OAuth Presenter:Jnana Ranjan Swain, Mindfire Solutions
Introduction to OAuth Presenter:Jnana Ranjan Swain, Mindfire Solutions  The OAuth protocol enables a third-party application to obtain limited access to a HTTP services, on behalf of a resource owner,without giving credentials.  OAuth 2.0 is the recent version,which is in development phase.  Facebook, Twitter, Google, Microsoft and many more companies are using OAuth.
Presenter:Jnana Ranjan Swain, Mindfire Solutions
OAuth Framework Presenter:Jnana Ranjan Swain, Mindfire Solutions
 Resource Owner - Granting access to a protected resource.  Resource Server - The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.  Client - An application making protected resource requests on behalf of the resource owner and with its authorization.  Authorization Server - The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization. OAuth Roles Presenter:Jnana Ranjan Swain, Mindfire Solutions
Access Token  Access tokens are credentials used to access protected resources. An access token is a string representing an authorization issued to the client  The resource server MUST validate the access token and ensure that it has not expired and that its scope covers the requested resource.  It can have different formats, structures, and methods of utilization (e.g., cryptographic properties) based on the resource server security requirements. GET /plus/v1/people/me HTTP/1.1 Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg Host: googleapis.com Presenter:Jnana Ranjan Swain, Mindfire Solutions
Access Token Types  Bearer Token A Bearer Token is set in the Authorization header of every inline action HTTP Request. Example :- Authorization:Bearer 4qF-UL0BGzu6n0YBJ  Mac Token Message authentication code (MAC) algorithm to provide cryptographic verification of portions of HTTP requests Presenter:Jnana Ranjan Swain, Mindfire Solutions
Refresh Token  Refresh tokens are credentials used to obtain access tokens.  Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires,  If the authorization server issues a refresh token, it is included when issuing an access token. Example :{ "access_token":"1/fFAGRNJru1FTz70BzhT3Zg", "expires_in":3920, "token_type":"Bearer", "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C- 259HOF2aQbI" } Presenter:Jnana Ranjan Swain, Mindfire Solutions
Oauth .Net API - Microsoft.Owin.Security - API for creating Autherization server new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), AllowInsecureHttp = true }; Presenter:Jnana Ranjan Swain, Mindfire Solutions
 It controls the lifecycle of Authorization Server  Used by Authorization Server to communicate with the web application while processing requests.  It enables OAuth bearer token authentication middleware which will receive and validate bearer token from authorization header in the request. • OnValidateClientRedirectUri • OnValidateClientAuthentication • ValidateClientAuthentication • GrantResourceOwnerCredentials • OnGrantClientCredentials OAuthAuthorizationServerProvider Presenter:Jnana Ranjan Swain, Mindfire Solutions
Introduction to REST  Web services communicate via either SOAP or REST.  Representational state transfer is a way to create, read, update or delete information on a server using simple HTTP calls. It is an alternative to more complex mechanisms like SOAP.  Easily created using MVC 5 WebAPI and WCF Presenter:Jnana Ranjan Swain, Mindfire Solutions
Building Rest Service using Asp.net WebAPI Presenter:Jnana Ranjan Swain, Mindfire Solutions
Securing REST API  SSL  Cross-origin resource sharing (CORS)  OAUTH Presenter:Jnana Ranjan Swain, Mindfire Solutions
Live Demo Presenter:Jnana Ranjan Swain, Mindfire Solutions
References http://oauth.net/ http://tools.ietf.org/ http://www.asp.net https://developers.google.com http://blog.rfaisal.com/ Presenter:Jnana Ranjan Swain, Mindfire Solutions
Question and Answer Presenter:Jnana Ranjan Swain, Mindfire Solutions
Thank you Presenter:Jnana Ranjan Swain, Mindfire Solutions
http://www.linkedin.com/company/mindfire-solutions http://twitter.com/mindfires Presenter: Jnana Ranjan Swain, Mindfire Solutions http://www.mindfiresolutions.com https://www.facebook.com/MindfireSolutions

Recommandé

The Django Book Chapter 9 - Django Workshop - Taipei.py
The Django Book Chapter 9 - Django Workshop - Taipei.pyThe Django Book Chapter 9 - Django Workshop - Taipei.py
The Django Book Chapter 9 - Django Workshop - Taipei.pyTzu-ping Chung
 
Html5 History-API
Html5 History-APIHtml5 History-API
Html5 History-APIMindfire Solutions
 
라이트닝 토크 2015 파이콘
라이트닝 토크 2015 파이콘라이트닝 토크 2015 파이콘
라이트닝 토크 2015 파이콘Jiho Lee
 
Digesting jQuery
Digesting jQueryDigesting jQuery
Digesting jQueryMindfire Solutions
 
2 × 3 = 6
2 × 3 = 62 × 3 = 6
2 × 3 = 6Tzu-ping Chung
 
Django-Queryset
Django-QuerysetDjango-Queryset
Django-QuerysetMindfire Solutions
 
2007 - 应用系统脆弱性概论
2007 - 应用系统脆弱性概论 2007 - 应用系统脆弱性概论
2007 - 应用系统脆弱性概论 Na Lee
 
Bottle - Python Web Microframework
Bottle - Python Web MicroframeworkBottle - Python Web Microframework
Bottle - Python Web MicroframeworkMarkus Zapke-Gründemann
 

Recommandé

The Django Book Chapter 9 - Django Workshop - Taipei.py
The Django Book Chapter 9 - Django Workshop - Taipei.pyThe Django Book Chapter 9 - Django Workshop - Taipei.py
The Django Book Chapter 9 - Django Workshop - Taipei.pyTzu-ping Chung
 
Html5 History-API
Html5 History-APIHtml5 History-API
Html5 History-APIMindfire Solutions
 
라이트닝 토크 2015 파이콘
라이트닝 토크 2015 파이콘라이트닝 토크 2015 파이콘
라이트닝 토크 2015 파이콘Jiho Lee
 
Digesting jQuery
Digesting jQueryDigesting jQuery
Digesting jQueryMindfire Solutions
 
2 × 3 = 6
2 × 3 = 62 × 3 = 6
2 × 3 = 6Tzu-ping Chung
 
Django-Queryset
Django-QuerysetDjango-Queryset
Django-QuerysetMindfire Solutions
 
2007 - 应用系统脆弱性概论
2007 - 应用系统脆弱性概论 2007 - 应用系统脆弱性概论
2007 - 应用系统脆弱性概论 Na Lee
 
Bottle - Python Web Microframework
Bottle - Python Web MicroframeworkBottle - Python Web Microframework
Bottle - Python Web MicroframeworkMarkus Zapke-Gründemann
 
EuroDjangoCon 2009 - Ein Rückblick
EuroDjangoCon 2009 - Ein RückblickEuroDjangoCon 2009 - Ein Rückblick
EuroDjangoCon 2009 - Ein RückblickMarkus Zapke-Gründemann
 
Vim for Mere Mortals
Vim for Mere MortalsVim for Mere Mortals
Vim for Mere MortalsClayton Parker
 
NoSql Day - Apertura
NoSql Day - AperturaNoSql Day - Apertura
NoSql Day - AperturaWEBdeBS
 
PyClab.__init__(self)
PyClab.__init__(self)PyClab.__init__(self)
PyClab.__init__(self)Tzu-ping Chung
 
NoSql Day - Chiusura
NoSql Day - ChiusuraNoSql Day - Chiusura
NoSql Day - ChiusuraWEBdeBS
 
Website optimization
Website optimizationWebsite optimization
Website optimizationMindfire Solutions
 
2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to python2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to pythonJiho Lee
 
Load testing
Load testingLoad testing
Load testingMindfire Solutions
 
Django mongodb -djangoday_
Django mongodb -djangoday_Django mongodb -djangoday_
Django mongodb -djangoday_WEBdeBS
 
Super Advanced Python –act1
Super Advanced Python –act1Super Advanced Python –act1
Super Advanced Python –act1Ke Wei Louis
 
Rabbitmq & Postgresql
Rabbitmq & PostgresqlRabbitmq & Postgresql
Rabbitmq & PostgresqlLucio Grenzi
 
Authentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCAuthentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCMindfire Solutions
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesMarkus Zapke-Gründemann
 
Overview of Testing Talks at Pycon
Overview of Testing Talks at PyconOverview of Testing Talks at Pycon
Overview of Testing Talks at PyconJacqueline Kazil
 
Django e il Rap Elia Contini
Django e il Rap Elia ContiniDjango e il Rap Elia Contini
Django e il Rap Elia ContiniWEBdeBS
 
The Django Book, Chapter 16: django.contrib
The Django Book, Chapter 16: django.contribThe Django Book, Chapter 16: django.contrib
The Django Book, Chapter 16: django.contribTzu-ping Chung
 
User-centered open source
User-centered open sourceUser-centered open source
User-centered open sourceJacqueline Kazil
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesMarkus Zapke-Gründemann
 
PythonBrasil[8] closing
PythonBrasil[8] closingPythonBrasil[8] closing
PythonBrasil[8] closingTatiana Al-Chueyr
 
Physician Search and Review
Physician Search and ReviewPhysician Search and Review
Physician Search and ReviewMindfire Solutions
 
diet management app
diet management appdiet management app
diet management appMindfire Solutions
 
Business Technology Solution
Business Technology SolutionBusiness Technology Solution
Business Technology SolutionMindfire Solutions
 

Contenu connexe

En vedette

NoSql Day - Apertura
NoSql Day - AperturaNoSql Day - Apertura
NoSql Day - AperturaWEBdeBS
 
NoSql Day - Chiusura
NoSql Day - ChiusuraNoSql Day - Chiusura
NoSql Day - ChiusuraWEBdeBS
 
2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to python2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to pythonJiho Lee
 
Django mongodb -djangoday_
Django mongodb -djangoday_Django mongodb -djangoday_
Django mongodb -djangoday_WEBdeBS
 
Super Advanced Python –act1
Super Advanced Python –act1Super Advanced Python –act1
Super Advanced Python –act1Ke Wei Louis
 
Rabbitmq & Postgresql
Rabbitmq & PostgresqlRabbitmq & Postgresql
Rabbitmq & PostgresqlLucio Grenzi
 
Authentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCAuthentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCMindfire Solutions
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesMarkus Zapke-Gründemann
 
Overview of Testing Talks at Pycon
Overview of Testing Talks at PyconOverview of Testing Talks at Pycon
Overview of Testing Talks at PyconJacqueline Kazil
 
Django e il Rap Elia Contini
Django e il Rap Elia ContiniDjango e il Rap Elia Contini
Django e il Rap Elia ContiniWEBdeBS
 
The Django Book, Chapter 16: django.contrib
The Django Book, Chapter 16: django.contribThe Django Book, Chapter 16: django.contrib
The Django Book, Chapter 16: django.contribTzu-ping Chung
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesMarkus Zapke-Gründemann
 

En vedette (19)

EuroDjangoCon 2009 - Ein Rückblick
EuroDjangoCon 2009 - Ein RückblickEuroDjangoCon 2009 - Ein Rückblick
EuroDjangoCon 2009 - Ein Rückblick
 
Vim for Mere Mortals
Vim for Mere MortalsVim for Mere Mortals
Vim for Mere Mortals
 
NoSql Day - Apertura
NoSql Day - AperturaNoSql Day - Apertura
NoSql Day - Apertura
 
PyClab.__init__(self)
PyClab.__init__(self)PyClab.__init__(self)
PyClab.__init__(self)
 
NoSql Day - Chiusura
NoSql Day - ChiusuraNoSql Day - Chiusura
NoSql Day - Chiusura
 
Website optimization
Website optimizationWebsite optimization
Website optimization
 
2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to python2016 py con2016_lightingtalk_php to python
2016 py con2016_lightingtalk_php to python
 
Load testing
Load testingLoad testing
Load testing
 
Django mongodb -djangoday_
Django mongodb -djangoday_Django mongodb -djangoday_
Django mongodb -djangoday_
 
Super Advanced Python –act1
Super Advanced Python –act1Super Advanced Python –act1
Super Advanced Python –act1
 
Rabbitmq & Postgresql
Rabbitmq & PostgresqlRabbitmq & Postgresql
Rabbitmq & Postgresql
 
Authentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVCAuthentication & Authorization in ASPdotNet MVC
Authentication & Authorization in ASPdotNet MVC
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlines
 
Overview of Testing Talks at Pycon
Overview of Testing Talks at PyconOverview of Testing Talks at Pycon
Overview of Testing Talks at Pycon
 
Django e il Rap Elia Contini
Django e il Rap Elia ContiniDjango e il Rap Elia Contini
Django e il Rap Elia Contini
 
The Django Book, Chapter 16: django.contrib
The Django Book, Chapter 16: django.contribThe Django Book, Chapter 16: django.contrib
The Django Book, Chapter 16: django.contrib
 
User-centered open source
User-centered open sourceUser-centered open source
User-centered open source
 
Django - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlinesDjango - The Web framework for perfectionists with deadlines
Django - The Web framework for perfectionists with deadlines
 
PythonBrasil[8] closing
PythonBrasil[8] closingPythonBrasil[8] closing
PythonBrasil[8] closing
 

Plus de Mindfire Solutions

High Availability of Azure Applications
High Availability of Azure ApplicationsHigh Availability of Azure Applications
High Availability of Azure ApplicationsMindfire Solutions
 
Oracle Sql Developer-Getting Started
Oracle Sql Developer-Getting StartedOracle Sql Developer-Getting Started
Oracle Sql Developer-Getting StartedMindfire Solutions
 
Introduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/MacIntroduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/MacMindfire Solutions
 
Get started with watch kit development
Get started with watch kit developmentGet started with watch kit development
Get started with watch kit developmentMindfire Solutions
 

Plus de Mindfire Solutions (20)

Physician Search and Review
Physician Search and ReviewPhysician Search and Review
Physician Search and Review
 
diet management app
diet management appdiet management app
diet management app
 
Business Technology Solution
Business Technology SolutionBusiness Technology Solution
Business Technology Solution
 
Remote Health Monitoring
Remote Health MonitoringRemote Health Monitoring
Remote Health Monitoring
 
Influencer Marketing Solution
Influencer Marketing SolutionInfluencer Marketing Solution
Influencer Marketing Solution
 
ELMAH
ELMAHELMAH
ELMAH
 
High Availability of Azure Applications
High Availability of Azure ApplicationsHigh Availability of Azure Applications
High Availability of Azure Applications
 
IOT Hands On
IOT Hands OnIOT Hands On
IOT Hands On
 
Glimpse of Loops Vs Set
Glimpse of Loops Vs SetGlimpse of Loops Vs Set
Glimpse of Loops Vs Set
 
Oracle Sql Developer-Getting Started
Oracle Sql Developer-Getting StartedOracle Sql Developer-Getting Started
Oracle Sql Developer-Getting Started
 
Adaptive Layout In iOS 8
Adaptive Layout In iOS 8Adaptive Layout In iOS 8
Adaptive Layout In iOS 8
 
Introduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/MacIntroduction to Auto-layout : iOS/Mac
Introduction to Auto-layout : iOS/Mac
 
LINQPad - utility Tool
LINQPad - utility ToolLINQPad - utility Tool
LINQPad - utility Tool
 
Get started with watch kit development
Get started with watch kit developmentGet started with watch kit development
Get started with watch kit development
 
Swift vs Objective-C
Swift vs Objective-CSwift vs Objective-C
Swift vs Objective-C
 
Material Design in Android
Material Design in AndroidMaterial Design in Android
Material Design in Android
 
Introduction to OData
Introduction to ODataIntroduction to OData
Introduction to OData
 
Ext js Part 2- MVC
Ext js Part 2- MVCExt js Part 2- MVC
Ext js Part 2- MVC
 
ExtJs Basic Part-1
ExtJs Basic Part-1ExtJs Basic Part-1
ExtJs Basic Part-1
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
 

Dernier

Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxRTS corp
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLionel Briand
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identityteam-WIBU
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZABSYZ Inc
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxRTS corp
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...OnePlan Solutions
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesKrzysztofKkol1
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shardsChristopher Curtin
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfRTS corp
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsJean Silva
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITmanoharjgpsolutions
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Cizo Technology Services
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?Alexandre Beguel
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesVictoriaMetrics
 

Dernier (20)

Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptxReal-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
Real-time Tracking and Monitoring with Cargo Cloud Solutions.pptx
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
Large Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and RepairLarge Language Models for Test Case Evolution and Repair
Large Language Models for Test Case Evolution and Repair
 
Post Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on IdentityPost Quantum Cryptography – The Impact on Identity
Post Quantum Cryptography – The Impact on Identity
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Salesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZSalesforce Implementation Services PPT By ABSYZ
Salesforce Implementation Services PPT By ABSYZ
 
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptxThe Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
The Role of IoT and Sensor Technology in Cargo Cloud Solutions.pptx
 
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
Tech Tuesday - Mastering Time Management Unlock the Power of OnePlan's Timesh...
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilitiesAmazon Bedrock in Action - presentation of the Bedrock's capabilities
Amazon Bedrock in Action - presentation of the Bedrock's capabilities
 
2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards2024 DevNexus Patterns for Resiliency: Shuffle shards
2024 DevNexus Patterns for Resiliency: Shuffle shards
 
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdfEnhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
Enhancing Supply Chain Visibility with Cargo Cloud Solutions.pdf
 
VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024VictoriaMetrics Anomaly Detection Updates: Q1 2024
VictoriaMetrics Anomaly Detection Updates: Q1 2024
 
Strategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero resultsStrategies for using alternative queries to mitigate zero results
Strategies for using alternative queries to mitigate zero results
 
Best Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh ITBest Angular 17 Classroom & Online training - Naresh IT
Best Angular 17 Classroom & Online training - Naresh IT
 
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
Global Identity Enrolment and Verification Pro Solution - Cizo Technology Ser...
 
SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?SAM Training Session - How to use EXCEL ?
SAM Training Session - How to use EXCEL ?
 
What’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 UpdatesWhat’s New in VictoriaMetrics: Q1 2024 Updates
What’s New in VictoriaMetrics: Q1 2024 Updates
 

OAuth and Rest

  • 1. Presenter: Jnana Ranjan Swain Date: 27-6-2014 OAuth And REST Services
  • 2. Presenter:Jnana Ranjan Swain, Mindfire Solutions About Me MCTS-70-515 - Microsoft .NET 4.0, Web App Development ASP.NET, WCF, SQLServer, Jquery, jQueryUI, WindowsAzure, EntityFramework, MVC Facebook: http://www.facebook.com/jnanaswain LinkedIn: http://www.linkedin.com/in/jnanaswain Twitter: https://twitter.com/jnanaswain Email: jnanas@mindfiresolutions.com Skype: mfsi_jnanas Skills Connect Me Contact Me Certification
  • 3. Agenda Presenter:Jnana Ranjan Swain, Mindfire Solutions  Introduction To OAuth  OAuth Security Framework  OAuth .Net API  Building Rest Service using Asp.net WebAPI  Securing Rest API  Live Demo
  • 5. Introduction to OAuth Presenter:Jnana Ranjan Swain, Mindfire Solutions  The OAuth protocol enables a third-party application to obtain limited access to a HTTP services, on behalf of a resource owner,without giving credentials.  OAuth 2.0 is the recent version,which is in development phase.  Facebook, Twitter, Google, Microsoft and many more companies are using OAuth.
  • 6. Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 7. OAuth Framework Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 8.  Resource Owner - Granting access to a protected resource.  Resource Server - The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens.  Client - An application making protected resource requests on behalf of the resource owner and with its authorization.  Authorization Server - The server issuing access tokens to the client after successfully authenticating the resource owner and obtaining authorization. OAuth Roles Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 9. Access Token  Access tokens are credentials used to access protected resources. An access token is a string representing an authorization issued to the client  The resource server MUST validate the access token and ensure that it has not expired and that its scope covers the requested resource.  It can have different formats, structures, and methods of utilization (e.g., cryptographic properties) based on the resource server security requirements. GET /plus/v1/people/me HTTP/1.1 Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg Host: googleapis.com Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 10. Access Token Types  Bearer Token A Bearer Token is set in the Authorization header of every inline action HTTP Request. Example :- Authorization:Bearer 4qF-UL0BGzu6n0YBJ  Mac Token Message authentication code (MAC) algorithm to provide cryptographic verification of portions of HTTP requests Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 11. Refresh Token  Refresh tokens are credentials used to obtain access tokens.  Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires,  If the authorization server issues a refresh token, it is included when issuing an access token. Example :{ "access_token":"1/fFAGRNJru1FTz70BzhT3Zg", "expires_in":3920, "token_type":"Bearer", "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C- 259HOF2aQbI" } Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 12. Oauth .Net API - Microsoft.Owin.Security - API for creating Autherization server new OAuthAuthorizationServerOptions { TokenEndpointPath = new PathString("/Token"), Provider = new ApplicationOAuthProvider(PublicClientId, UserManagerFactory), AuthorizeEndpointPath = new PathString("/api/Account/ExternalLogin"), AccessTokenExpireTimeSpan = TimeSpan.FromDays(14), AllowInsecureHttp = true }; Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 13.  It controls the lifecycle of Authorization Server  Used by Authorization Server to communicate with the web application while processing requests.  It enables OAuth bearer token authentication middleware which will receive and validate bearer token from authorization header in the request. • OnValidateClientRedirectUri • OnValidateClientAuthentication • ValidateClientAuthentication • GrantResourceOwnerCredentials • OnGrantClientCredentials OAuthAuthorizationServerProvider Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 14. Introduction to REST  Web services communicate via either SOAP or REST.  Representational state transfer is a way to create, read, update or delete information on a server using simple HTTP calls. It is an alternative to more complex mechanisms like SOAP.  Easily created using MVC 5 WebAPI and WCF Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 15. Building Rest Service using Asp.net WebAPI Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 16. Securing REST API  SSL  Cross-origin resource sharing (CORS)  OAUTH Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 17. Live Demo Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 19. Question and Answer Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 20. Thank you Presenter:Jnana Ranjan Swain, Mindfire Solutions
  • 21. http://www.linkedin.com/company/mindfire-solutions http://twitter.com/mindfires Presenter: Jnana Ranjan Swain, Mindfire Solutions http://www.mindfiresolutions.com https://www.facebook.com/MindfireSolutions