HTML Form File upload (defined in RFC 1867) is a classic mechanism for uploading content to a Web server and is supported by all browsers that I am aware of. This blog shows how to handle Form File Upload in ASP.NET Web API asynchronously using the Task-based pattern introduced in .NET 4 and enhanced in .NET 4.5. Using ASP.NET Web API you can upload files of any size when self hosted (well, up to System.Int64.MaxValue which in practice is “any size”). ASP.NET has a maximum limit of 2G in terms of file size that you can upload.

Thinktecture.IdentityModel and ASP.NET Web API

As part of my work with the new Thinktecture.IdentityModel and JWT, I also updated the ASP.NET Web API integration. My first drop was based on this article. But had some limitation.

The next version is easier to use and much more flexible. It come out-of-the-box with support for:

  • Basic Authentication
  • Simple Web Tokens
  • JSON Web Tokens
  • Access Keys
  • SAML 1.1 & 2.0

The first version only supported the authorization header, now I am able to retrieve credentials from various locations like:

  • the authorization header (scheme / credential)
  • some other header
  • query string parameter
  • client certificate
  • cookie

ASP.NET Web API is a great tool to create lightweight, HTTP-based APIs for your internet and mobile applications. In most scenarios you will need to provide some kind of authentication and authorization mechanism to restrict and isolate resources exposed by your services. Security in ASP.NET Web API is deferred to the hosting infrastructure. When running within IIS, authorization mechanism runs on top of an existing ASP.NET security system, meaning you can leverage existing features like … good ‘ol membership and role providers.