Microsoft cloud engineer - SharePoint, Office 365, Azure, DotNet, Angular, JavaScript.
Microsoft cloud engineer - SharePoint, Office 365, Azure, DotNet, Angular, JavaScript.

VIDEO – HTTP Header Client Secret protected Web API

Watch the video below to see a demo of protecting WebAPI with HTTP header and a Client Secret.    By default, new Web API projects lack any security mechanism and are open to any anonymous user.    Protecting Dot Net methods with an IF() statement condition provides a simple security mechanism to ensure only users who know the Client Secret are able to run the API and execute the method.

NOTE – Check out http://www.spjeff.com/2017/10/05/video-azure-ad-protected-web-api-in-an-angularjs-spa/ for more complete WebAPI security with Azure AD.

Cheers!

shades_smile

Video

Screenshots

image

Code

References

© Copyright 2016
@ SPJeff

Return to Top ▲Return to Top ▲