Learn how HTTP authentication and the Authorize works to authenticate client requests.
- [Instructor] Before we dig into how to add authentication…and authorization to the API,…it's important to first understand…how authentication works over HTTP.…The terms authentication and authorization are different,…but closely related, and the differences can be confusing.…As you'll see in a moment,…we'll talk about the HTTP authorization header…when we're really referring to authentication,…which certainly doesn't help the confusion.…When I refer to authentication in this chapter,…I mean the process of verifying…that the user is who they say they are.…An example of this would be submitting your username…and password to log in to a website.…
This is different than authorization,…which means checking whether a particular user…or client has the permissions…to do something in the system.…An example in the Landon Hotel API would be…that guests at the hotel have permission…to see their own booking resources,…but they can't see other guests' bookings.…An administrator account, however,…would be authorized to get any booking.…
Author
Nate Barbettini
Released
9/21/2018- What is RESTful design?
- Building a new API with ASP.NET Core
- Using HTTP methods
- Returning JSON
- Creating RESTful routing with templates
- Versioning
- Securing RESTful APIs with HTTPS
- Representing resources
- Representing links
- Representing collections
- Sorting and searching collections
- Building forms
- Adding caching to an ASP.NET Core API
- Configuring user authentication and authorization
Skill Level Advanced
Duration
Views
-
Introduction
-
1. REST API Concepts
-
What is REST?2m 37s
-
REST vs. RPC3m 24s
-
HTTP methods5m 4s
-
Full and partial updates1m 47s
-
Returning JSON2m 4s
-
The Ion hypermedia type1m 25s
-
-
2. Build a Basic API
-
Create a new project1m 20s
-
Configure MVC1m 45s
-
Create a root controller2m 46s
-
Test with Postman1m 13s
-
Introduction to OpenAPI1m 17s
-
Add NSwag to the project2m 28s
-
-
3. Versioning and Errors
-
Approaches to API versioning1m 52s
-
Add versioning support2m 45s
-
Serialize exceptions as JSON4m 11s
-
-
4. Secure the API
-
Require HTTPS3m 11s
-
How CORS works3m 1s
-
Add CORS middleware1m 33s
-
5. Represent Resources
-
Create a resource class2m 19s
-
Load data from configuration1m 35s
-
Set up an in-memory database2m 22s
-
Create data model classes1m 44s
-
Map models automatically3m 47s
-
-
6. Represent Links
-
Create a Link class4m 48s
-
Rewrite Links with a filter9m 47s
-
Rewrite resource HREFs4m 4s
-
-
7. Represent Collections
-
Add pagination7m 37s
-
8. Sorting Collections
-
Add sort attributes4m 28s
-
Validate sort parameters6m 58s
-
Add a default sort term3m 18s
-
9. Searching Collections
-
Add search attributes3m 35s
-
Validate search parameters7m 42s
-
Extend search to other types5m 21s
-
Add comparison operators3m 30s
-
10. Forms and Modifying Data
-
Forms in Ion1m 32s
-
Create a POST action13m 32s
-
Delete a resource3m 25s
-
Serialize the form metadata3m 54s
-
-
11. Caching and Compression
-
Compress responses1m 36s
-
How HTTP caching works4m 20s
-
Support the ETag header5m 7s
-
Add server-side caching3m 48s
-
-
12. Authentication and Authorization
-
Authentication for REST APIs3m 21s
-
Add Identity4m 51s
-
Add a test user3m 21s
-
Create a users collection5m 45s
-
Add OpenIddict4m 12s
-
Add a token endpoint2m 6s
-
Create a UserInfo route5m 28s
-
More about OpenID Connect2m 59s
-
Authorization using policies5m 19s
-
Conclusion
-
Next steps59s
-
Take notes with your new membership!
Type in the entry box, then click Enter to save your note.
Press on any video thumbnail to jump immediately to the timecode shown.
Notes are saved with you account but can also be exported as plain text, MS Word, PDF, Google Doc, or Evernote.
Share this video
Embed this video
Video: How HTTP authentication works