Dealing with Relationships, Partial Updates, and Other Complexities
In the previous chapter, after a brief introduction to the concepts of authentication and authorization, we added security to the task-management service. We began by applying an authorization filter to secure the AddTask method, and we complemented this by implementing a custom message handler supporting Basic authentication. After that, we implemented several scenarios (continuing with the theme of security) to further develop our application’s functional capabilities and to demonstrate various ASP.NET Web API features (e.g., global exception handling of custom exceptions, scoping of filter attributes, serialization control, async filters). We wrapped things up by adding support for token-based security.