12. September 2015
You might have gone through various articles on Web API security levels and options. This article is intend to give you a straight & short overview on it rather holding you for much times.
Well, Web API can be secured by implementing security inside
Action-Filters / Message handlers. Thus, we have following places to
write/implement our security-
Apart from these internal implementations, we can also take
the benefit of-
Web API pipeline is a great mechanism which lets developers
to extend the behaviour. A request is
get processed by actual method only after crossing certain level of predefined stages.
ex. – Handlers & Filters. It enables us to implement our security at
granular level (at any level, even at method level : ).
Below image illustrate the same-
(pic: Web API 2.0 Security Levels)
Thus, we have many options to implement the security at many levels. We can set globally as well as upto method/function level.
Let’s explore hosting level security options. Earlier we had only IIS host but now a days
technology has evolve much and giving us more options to host our applications. OWIN
host is one of the leading approach to break down the IIS barrier. Below are the approaches for security
implementations in these duos (IIS & Owin)-
OWIN Middleware –
if using OWIN hosting
Http Modules – if using IIS hosting
Simplifying the things give us the following picture to know
these security options-
You may also refer this article - Understanding Web API