Pedro Felix pmhsfelix

Wednesday
- 10:20 - "ASP.NET Web API 2: HTTP Services for the Modern Web and Mobile Applications", Dan Roth
- 11:40 - "Scripting your web API development using scriptcs", Glenn Block
- 13:40 - "The missing link – hypermedia in Web API.", Darrel Miller
- 15:00 - "API Client library V2", Darrel Miller
- 16:20 - "ASP.NET and OWIN - Better Together", Dan Roth
Thursday
- 9:00 - "A deep dive into the ASP.NET Web API runtime architecture", Pedro Felix
- 10:20 - "Pragmatic ASP.NET Web API Solutions - beyond ValuesController", Christian Weyer
- 11:40 - "Securing ASP.NET Web API (v2)", Dominick Baier

Use an OAuth 2.0 Authorization Server (AS) to issue access tokens containing (or refering to) the required information, typically the user's identity (i.e. resource owner identity), the client app identity and the authorization scope.
The Web API (i.e. the Resource Server) will only accept access tokens from the AS. Namely, the Web API will not have to deal with tokens from the external identity providers.
The AS will delegate the user's authentication process to an external identity provider, therefore also acting as an Federation Gateway.
If account linking is necessary (e.g. linking two different external accounts to one internal account), then this can be done at the AS level. Otherwise, the AS will only forward the external identity claims into the Web API.
IdentityServer 3 can be used to implement both the AS and the Federation Gateway functionality. There is OWIN Middleware available to process access tokens issued by IdentityServer 3.
If the Web API is OWIN based (or supports OWIN middlewa

	----
	HTTP/1.1 401 Unauthorized
	...
	WWW-Authenticate: Basic realm="Web API Book"
	...
	----


	----
	GET /resource HTTP/1.1

	public class ParentChildController : ApiController
	{
	public string Get(int pid, int cid)
	{
	return string.Format("{0}:{1}",pid,cid);
	}
	}

	class ParentChildRoutingTranslator : DelegatingHandler
	{

	var config = new HttpConfiguration();
	var builder = new ContainerBuilder();
	foreach (var type in config.Services
	.GetHttpControllerSelector()
	.GetControllerMapping().Select(p => p.Value.ControllerType))
	{
	builder.RegisterType(type);
	}

	using System;
	using System.Collections.Generic;
	using System.Linq;
	using System.Net;
	using System.Net.Http;
	using System.Web.Http;
	using System.Web.Http.Routing;

	namespace Drum.Example.Controllers
	{

	// based on http://www.asp.net/web-api/overview/formats-and-model-binding/parameter-binding-in-aspnet-web-api
	// and http://blogs.msdn.com/b/jmstall/archive/2012/04/20/how-to-bind-to-custom-objects-in-action-signatures-in-mvc-webapi.aspx
	public class Can_use_TypeConverter_to_handle_simple_values
	{
	[TypeConverter(typeof(LocationTypeConverter))]
	public class Location
	{
	public double Latitude { get; set; }
	public double Longitude { get; set; }

	using System;
	using System.Net;
	using System.Net.Security;
	using System.Security.Cryptography.X509Certificates;
	using Xunit;

	namespace CertificateValidationAndConnections
	{
	public class CertificateValidationAndConnectionsFacts
	{

	// definition
	public static class IdentityServerServiceFactoryExtensions
	{
	public static void Wrap<T>(this IdentityServerServiceFactory fact,
	Func<T, T> wrapper,
	Func<IdentityServerServiceFactory,Registration<T>> getter,
	Action<IdentityServerServiceFactory,Registration<T>> setter)
	where T: class
	{
	fact.Register(new HelperRegistration<T>(getter(fact), GetRegistrationNameFor(typeof(T))));

	{
	"projects": [
	"src"
	,"C:/home/code/cli/asp.net.5/Hosting/src"
	,"C:/home/code/cli/asp.net.5/KestrelHttpServer/src"
	,"C:/home/code/cli/asp.net.5/HttpAbstractions/src"
	,"C:/home/code/cli/asp.net.5/Mvc/src"
	]
	}