What is new in ASP.NET Web API 2

Visual Studio 2013 is shipped with ASP.NET Web API2. ASP.NET Web API 2 allows you to easily build secure http services that can be called from any client including browsers and mobile devices. This post outlines how to build a secure http service using OAuth 2 and Visual Studio 2013.

1. Open Visual Studio 2013 and create File –> New Project, select the Web API


click on Change Authentication button then will be presented with various options for selecting the authentication methods


You can click no authentication or classic windows authentication or you can authenticate users using their individual accounts or organizational accounts. Individual accounts are typical user accounts that you create on internet facing web sites. Organisational accounts some sort of accounts that are associated with your organization typically associated with active directory. For this example you can click individual account and say ok.

Now you can see your Web API project is configured with full OAuth based security setup.


Open Startup.Auth.cs file from solution, You can now store and issue OAuth bearer tokens without writing lines of code. This means clients can call this Web API for authorizing their requests


The above method also enables you to use Facebook, Google and Twitter and Microsoft accounts. You just need to uncomment the relevant lines. Uncomment the UseGoogleAuthentication method and run the application.

This project also includes built-in secure account controller API for handling account management.


The above screen managed by AccountController.cs file, It uses lot of new runtime features like routing and authentication filters and IHttpActionResults.


This project is perfect for building backend and native mobile applications like windows store and windows phone applications. The same security setup can be used for rich response web API applications. In fact the same security setup used in new single page web application project template.

Related Posts:

%d bloggers like this: