Microsoft cloud engineer - SharePoint, Office 365, Azure, DotNet, Angular, JavaScript.
Microsoft cloud engineer - SharePoint, Office 365, Azure, DotNet, Angular, JavaScript.

WebAPI

VIDEO – Protect WebAPI data endpoint with ADAL (Azure AD)

Wanted to record brief demo of how to protect WebAPI data endpoint with ADAL (Azure Active Directory) Authentication Library.   Azure Portal enables us to register custom SPA (Single Page Application) for secure API calls to backend REST data sources.   OAuth Bearer HTTP headers are applied to provide security with JWT tokens (JSON Web Token).   Video shows all steps from Azure Portal registration to F12 validation of REST data calls.

Cheers 

shades_smile

Video

Screenshots

image
image
image
image
image
image
image
image

Code


References

VIDEO – PowerShell automated WebDeploy ZIP install

This video will demonstrate how to test, build, publish, and install WebDeploy ZIP packages.   The example walks through a simple WebAPI HTTP endpoint which echoes back the current date and time.   Fiddler is leveraged for HTTP testing.   Once tested succesful, we publish the project to ZIP for install on IIS hosted infrastructure.

PowerShell cmdlet Restore-WDPackage is used to extract ZIP content and create a permanent home for the API endpoint.

By automating with PowerShell we provide a fast consistent admin experience to ensure the API is always installed the same way for a reliable repeatable procedure.  Thanks for watching.

Cheers! 

shades_smile

Video

Code

Add-PSSnapin WDeploySnapin3.0
$package = "C:\temp\Hello\deploy\Hello.zip"
Restore-WDPackage $package -Parameters @{"IIS Web Application Name"="API/Hello"}

Screenshot

image

References

VIDEO – HTTP Header Client Secret protected Web API

Watch the video below to see a demo of protecting WebAPI with HTTP header and a Client Secret.    By default, new Web API projects lack any security mechanism and are open to any anonymous user.    Protecting Dot Net methods with an IF() statement condition provides a simple security mechanism to ensure only users who know the Client Secret are able to run the API and execute the method.

NOTE – Check out https://www.spjeff.com/2017/10/05/video-azure-ad-protected-web-api-in-an-angularjs-spa/ for more complete WebAPI security with Azure AD.

Cheers!

shades_smile

Video

Screenshots

image

Code

public bool keyMatch()
{
	// security HTTP header
	string key = "12345678901234567890123456789012345678901234567890";
	IEnumerable headerValues;
	var keyFilter = string.Empty;
	if (Request.Headers.TryGetValues("key", out headerValues))
	{
		// ALLOW - match key
		keyFilter = headerValues.FirstOrDefault();
	}
	if (keyFilter == key)
	{
		return true;
	}
	else
	{
		return false;
	}
}

References

© Copyright 2016
@ SPJeff

Return to Top ▲Return to Top ▲