April 7, 2020

VIDEO – Protect WebAPI data endpoint with ADAL (Azure AD)

Wanted to record brief demo of how to protect WebAPI data endpoint with ADAL (Azure Active Directory) Authentication Library. Azure Portal enables us to register custom SPA (Single Page Application) for secure API calls to backend REST data sources. OAuth Bearer HTTP headers are applied to provide security with JWT tokens (JSON Web Token). Video shows all steps from Azure Portal registration to F12 validation of REST data calls.

Cheers

Video

Screenshots

Code

References

September 17, 2019

VIDEO – Protect WebAPI with Azure AD Authentication

Demo of Azure portal Enterprise Application registration including:

* Register new Enterprise App
* Tenant and App GUID
* Download sample ZIP
* Restore NuGet packages
* Install CORS package
* Verify with Chrome and Fiddler

Cheers!

Video

Source Code

https://github.com/spjeff/webapiadd

November 29, 2017

VIDEO – PowerShell automated WebDeploy ZIP install

This video will demonstrate how to test, build, publish, and install WebDeploy ZIP packages. The example walks through a simple WebAPI HTTP endpoint which echoes back the current date and time. Fiddler is leveraged for HTTP testing. Once tested succesful, we publish the project to ZIP for install on IIS hosted infrastructure.

PowerShell cmdlet Restore-WDPackage is used to extract ZIP content and create a permanent home for the API endpoint.

By automating with PowerShell we provide a fast consistent admin experience to ensure the API is always installed the same way for a reliable repeatable procedure. Thanks for watching.

Cheers!

Video

Code

Add-PSSnapin WDeploySnapin3.0
$package = "C:\temp\Hello\deploy\Hello.zip"
Restore-WDPackage $package -Parameters @{"IIS Web Application Name"="API/Hello"}

Screenshot

References

October 19, 2017

VIDEO – HTTP Header Client Secret protected Web API

Watch the video below to see a demo of protecting WebAPI with HTTP header and a Client Secret. By default, new Web API projects lack any security mechanism and are open to any anonymous user. Protecting Dot Net methods with an IF() statement condition provides a simple security mechanism to ensure only users who know the Client Secret are able to run the API and execute the method.

NOTE – Check out https://www.spjeff.com/2017/10/05/video-azure-ad-protected-web-api-in-an-angularjs-spa/ for more complete WebAPI security with Azure AD.

Cheers!

Video

Screenshots

Code

public bool keyMatch()
{
	// security HTTP header
	string key = "12345678901234567890123456789012345678901234567890";
	IEnumerable headerValues;
	var keyFilter = string.Empty;
	if (Request.Headers.TryGetValues("key", out headerValues))
	{
		// ALLOW - match key
		keyFilter = headerValues.FirstOrDefault();
	}
	if (keyFilter == key)
	{
		return true;
	}
	else
	{
		return false;
	}
}

SPBestWarmup	SPLaunch
SPPatchify	SPCrud

spcrud	101 commits
sppatchify	159
spbestwarmup	115
office365	95
insanemove	56
spquery	10
sosgrid	18
HelloTime	18
dbftw	11
todo-karma-coverage	14
sp-peoplepicker	10

spbestwarmup	20,386 downloads
splaunch	133
spupgradehelper	75
infopathdb	1,270
spdash	896
comb	649

WebAPI

VIDEO – Protect WebAPI data endpoint with ADAL (Azure AD)

Video

Screenshots

Code

References

VIDEO – Protect WebAPI with Azure AD Authentication

Video

Source Code

VIDEO – PowerShell automated WebDeploy ZIP install

Video

Code

Screenshot

References

VIDEO – HTTP Header Client Secret protected Web API

Video

Screenshots

Code

References

Cloud Ready

Videos

WebAPI

VIDEO – Protect WebAPI data endpoint with ADAL (Azure AD)

Video

Screenshots

Code

References

VIDEO – Protect WebAPI with Azure AD Authentication

Video

Source Code

VIDEO – PowerShell automated WebDeploy ZIP install

Video

Code

Screenshot

References

VIDEO – HTTP Header Client Secret protected Web API

Video

Screenshots

Code

References

Connect

Tags

Cloud Ready

Videos