wep app sec

A compact ASP.Net application to learn about securing web applications and apis.

Being a developer for over three decades I have been dealing with with the new keywords, terminology, along with the new and exciting technology, all the time. Being an old-timer, and a strong proponent of KISS (Keep It Simple and Stupid,) I sometimes feel lost. In those situations, I try to simplify stuff for others like me, who perhaps can benefit with my work. This project is along the same lines.

If you are new to this subject, I suggest you to watch a very simple slideshow I prepared on this topic. [https://www.ipcolony.com/#blog-web-security]

Using this project you will learn pretty much how OAUTH works, though the project itself does not use it.

The following items are covered in the project.

• Forcing https for your site
• Password validation against stored hash
• Returning a token after authentication
• Using token for for subsequent conversation
• Maintaining the tokens on the server side using a simple thread safe list
• Securing Api methods
• Adding added authorization to Api methods so that only selected users can use it