ASP.NET MVC Solution Architecture

https://chsakell.com/2015/02/15/asp-net-mvc-solution-architecture-best-practices/

ASP.NET Web API

https://sites.google.com/site/wcfpandu/web-api/token-based-authentication-using-asp-net-web-api-owin-and-identity-with-entity-framework

 

OAuth2 + OpenID Connect + Resource Owner Password Credentials Grant

Token Based Authentication site:red-gate.com

Token Based Authentication site:chsakell.com

Token Based Authentication site:bitoftech.net

Token Based Authentication site:scottbrady91.com

 

Bearer Token Based Authentication

http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/

on 1 Jun 2014

 

ASP.NET Web API 2 external logins with Facebook and Google in AngularJS app

http://bitoftech.net/2014/08/11/asp-net-web-api-2-external-logins-social-logins-facebook-google-angularjs-app/

on 11 Aug 2014

 

Top 10 OWASP

https://www.red-gate.com/simple-talk/dotnet/net-development/securing-web-applications/

 

OWASP Tools:

What's JSON Web Token (JWT)?

Basically, a JWT is an encoded JSON object, which is then signed either with a secret key, or a public/private key pair.

A JWT is composed of three different parts: the header, the payload and the signature.

The header usually consists of two parts: the token’s type (JWT), and the hashing algorithm that is being used (e.g. HMAC SHA256).

The payload contains the ‘claims’ of the token, which represent statements about an entity (e.g. the user). There are three types of claims: registered, public and private. The most important of these are the private claims, which are used to share information between the parties that agreed on using the JWT. These could contain the name of the user or the roles (e.g. admin, publisher).

After the first two parts are encoded using Base64Url, the signature needs to be created. This consists of the header and the payload, which are hashed using the algorithm specified in the header. The purpose of the signature is to validate the identity of the sender and to ensure that the message was not changed.

Authentication Filter

https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/authentication-filters

on 25 Sep 2014

 

Bearer Token Based Authentication

http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/

on 1 Jun 2014

 

ASP.NET Web API 2 external logins with Facebook and Google in AngularJS app

http://bitoftech.net/2014/08/11/asp-net-web-api-2-external-logins-social-logins-facebook-google-angularjs-app/

on 11 Aug 2014

 

Token Based Authentication

https://www.red-gate.com/simple-talk/uncategorized/jwt-authentication-microservices-net/

on 9 Feb 2018

 

Token Based Authentication

https://www.codeproject.com/Articles/1187872/Token-Based-Authentication-for-Web-API-where-Legac

on 21 Apr 2017

 

https://www.codeproject.com/Articles/1005485/RESTful-Day-sharp-Security-in-Web-APIs-Basic

on 2 Mar 2016

 

https://www.codeproject.com/Articles/1183150/Securing-ASP-NET-Web-API-using-Custom-Token-Based

on 23 Sep 2014