Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

.NET Fundamentals > Security/WebAPI > Flashcards

Security/WebAPI Flashcards

1
Q

Introduction to Identity

A

It is an API that manages users, passwords, profile data, roles, tokens, email confirmation, external logins etc.

It is by default built on top of EntityFrameworkCore; you can also create custom data stores.

**IdentityUser<T>**
Acts as a base class for ApplicationUser class that acts as model class to store user details.
You can add additional properties to the ApplicationUser class.</T>

Built-in Properties:
Id
UserName
PasswordHash
Email
PhoneNumber

**IdentityRole<T>**
Acts as a base class for ApplicationRole class that acts as model class to store role details. Eg: "admin"
You can add additional properties to the ApplicationRole class.</T>

Built-in Properties:
Id
Name

IDENTITY USER + IDENTITY ROLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

UserManager

A

Provides business logic methods for managing users.

It provides methods for creating, searching, updating and deleting users.

Methods:
CreateAsync()
DeleteAsync()
UpdateAsync()
IsInRoleAsync()
FindByEmailAsync()
FindByIdAsync()
FindByNameAsync()

CRUD + FIND

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SignInManager

A

Provides business logic methods for sign-in and sign-in functionality of the users.

It provides methods for creating, searching, updating and deleting users.

Methods:
SignInAsync()
PasswordSignInAsync()
SignOutAsync()
IsSignedIn()

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Areas

A

Area is a group of related controllers, views and models that are related to specific module or specific user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Role Based Authentication

A

User-role defines type of the user that has access to specific resources of the application.

Examples: Administrator role, Customer role etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

XSRF

A

XSRF (Cross Site Request Forgery - CSRF) is a process of making a request to a web server from another domain, using an existing authentication of the same web server.

Eg: attacker.com creates a form that sends malicious request to original.com.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Asp.Net Core 4 elements

A

Asp.Net Core MVC

Asp.Net Core Web API

Asp.Net Core Blazor

Asp.Net Core Razor Pages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Introduction to Web API

A

ASP.NET Core Web API is a component (part) of ASP.NET Core, which is used create HTTP-based RESTful services (also known as HTTP services) that can be consumed (invoked) by wide range of client applications such as single-page web applications, mobile applications etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IActionResult [vs] ActionResult

A

IActionResult

public interface IActionResult
{
Task ExecuteResultAsync(ActionContext context); //converts an object into response
}

ActionResult<T>
public sealed class ActionResult<T>
{
IActionResult Convert();</T></T>

// converts the object into ObjectResult

}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

RESTful / Web API Services

A

RESTful services (Representational State Transfer) is an architecture style that defines to create HTTP services that receives HTTP GET, POST, PUT, DELETE requests; perform CRUD operations on the appropriate data source; and returns JSON / XML data as response to the client.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Web API Controllers

A

Should be either or both:

The class name should be suffixed with “Controller”. Eg: ProductsController

The [ApiController] attribute is applied to the same class or to its base class.

Optional:
Is a public class.
Inherited from Microsoft.AspNetCore.Mvc.ControllerBase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Introduction to Swagger

A

Swagger is a set of open-source tools that help developers to generate interactive UI to document, test RESTful services.

Swagger is a set of tools to implement Open API.

  1. Swasbuckle.AspNetCore
    Framework that makes it easy to use swagger in asp.net core.
  2. Swagger
    Set of tools to generate UI to document & test RESTful services.
  3. Open API
    Specification that defines how to write API specifications in JSON).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

API Versions

A

API Versioning is the practice of transparently managing changes to your API, where the client requests a specific version of API; and the server executes the same version of the API code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Content Negotiation

A

Content negotiation is the process of selecting the appropriate format or language of the content to be exchanged between the client (browser) and Web API.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Identity with Web API

A

It is an API that manages users, passwords, profile data, roles, tokens, email confirmation, external logins etc.

It is by default built on top of EntityFrameworkCore; you can also create custom data stores.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Introduction to JWT

A

A JSON Web Token (JWT) is a compact and self-contained object for securely transmitting information between parties as a JSON object.

13
Q

Contents of JWT

A
  1. Header (base 64 string)
    Defines the type of token and the signing algorithm used.
    Eg: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
  2. Payload (base 64 string)
    Contains user claims (user details such as name, email or user type).
    Eg: { “userId”: “b08f86af-35da-48f2-8fab-cef3904660bd”}
    Eg: eyJ1c2VySWQiOiJiMDhmOZhZi0zNWRhLTQ4ZjItOOTA0NjYwYmQifQ
  3. Signature (base 64 string)
    It is used to verify to ensure that the message wasn’t changed along the way.
    It is usually signed by using a secret key (HMAC algorithm).
    -xN_h82PHVTA9vdoHrcZxH-x5
14
Q

Refresh Tokens - JWT

A

A refresh token is a token (base-64 string of a random number) that is used to obtain a new JWT token every time, when it is expired.

15
Q

Overview of Minimal API

A
  • It is a Microsoft’s API that is used to create HTTP services (or HTTP APIs) with minimal dependencies on packages.
  • Alternative to Web API Controllers. Mainly used to create HTTP services or Microservices.
16
Q

MVC Controller (Microsoft.AspNetCore.Mvc.Controller)

A
  1. MVC Controller (Microsoft.AspNetCore.Mvc.Controller)

Full support for model binding and model validation.
Full support for views.
Full support for filters & filter pipeline.

  1. API Controller (Microsoft.AspNetCore.Mvc.ApiControllerAttribute)

Full support for model binding and model validation.
No support for views.
Full support for filters & filter pipeline.

  1. Minimal API (IApplicationBuilder.Map* Methods)

Limited support for custom model binding and custom model validation (needs to improve).
No support for views.
No support for filters & filter pipeline; but supports “Endpoint Filters” alternatively.

.NET Fundamentals (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions