Microsoft devboston
This presentation is the property of its rightful owner.
Sponsored Links
1 / 39

Microsoft DevBoston PowerPoint PPT Presentation


  • 55 Views
  • Uploaded on
  • Presentation posted in: General

Microsoft DevBoston. Topic – ASP.NET Web API. ASP.NET Web API 2. Andy Tapaswi .Net Architect @Magenic. Topics. What is ASP.Net Web API When to use WCF and When to use ASP.NET Web API New Features of ASP.NET Web API 2 OWIN OAuth 2 CORS OData Other Features.

Download Presentation

Microsoft DevBoston

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Microsoft DevBoston

  • Topic – ASP.NET Web API


ASP.NET Web API 2

Andy Tapaswi

.Net Architect @Magenic


Topics

  • What is ASP.Net Web API

  • When to use WCF and When to use ASP.NET Web API

  • New Features of ASP.NET Web API 2

  • OWIN

  • OAuth 2

  • CORS

  • OData

  • Other Features


Web API connects to all HTTP aware clients

Web API

Web API

Web API

Devices

Browsers

Phones

Tablets


What is ASP.NET Web API

  • A fully supported and extensible framework for building HTTP based endpoints

  • Built on top of ASP.NET

  • Version 1.0 released along with MVC 4 in August 2012

  • Version 2.0, released with ASP.NET MVC 5 (on .Net 4.5 and above) in October 2013

  • Version 2.1, released on Jan 17th 2014


Should I use WCF or ASP.NET Web API

Use ASP.Net Web API

If you need to reach wider and diverse cross platform clients / devices

If you need to leverage the benefits of Http

  • Use WCF

  • If you are limited to .Net 3.5

  • If you are exposing SOAP based services

  • If you need to support multiple protocols

  • If you need to support WS-* transaction

  • If you need to achieve message level security


What’s new in ASP.NET Web API 2

Portable ASP.NET Web API Client

IHttpActionResult

Authentication Filters

  • OWIN integration / Katana Project

  • Security – OAuth 2.0

  • Security - CORS

  • OData Improvements

  • Attribute routing

  • Request Batching


ASP.NET and OWIN IntegrationKatana Project


Why OWIN?

  • Large footprint even for a small web application

  • System.Web is too large to maintain and can’t support frequent release cycles

Web Application

ASP.Net

IIS


What is OWIN?

  • OWIN = Open Web Interface for .NET (www.owin.org)

    • A Specification that defines a common interface that decouples web apps from web servers

    • Inspired by the likes of node.js, Rack, WSGI

  • Now deeply integrated with the ASP.NET pipeline

    • Ex. run authenticating middleware during the Authenticate ASP.NET pipeline stage

  • Run your Web APIs on any OWIN compliant host

  • Katana is the Microsoft’s OWIN implementation as hosting abstraction


  • Katana Architecture

    App

    • App – Web Application

    • Middleware – Frameworks: Web API, Signal R, or any custom middleware (Oauth, CORS etc)

    • Server – Binding to TCP Port and constructing the HTTP context for pipeline

    • Host – Any executable or service or IIS

    Middleware

    Server

    Host


    Katana Data Flow

    Host / IIS

    Web Application

    ASP.Net Web API

    HTTP Request

    Server

    HTTP Response


    Implementation

    • Convention over configuration

    • Configuration function in Startup class

    • usingAppFunc = Func<IDictionary<string, object>, Task>;


    DEMO: self and IIS hosted Web API


    Web API Security – OAuth2


    Web API Security

    • Security in transit

      • SSL is always appropriate

  • Securing the API Itself

    • Authentication and Authorization

  • Browser Security

    • Cross Origin


  • Web API Security – Authentication and Authorization

    • Server to Server

      • API Keys and shared Secrets

  • User Proxy

    OAuth or similar

  • Direct User

    • Piggyback on existing system using Cookies or Tokens

    • Windows Authentication

    • Forms Authentication

    • Http based Authentications Basic , Digest,

    • Digital Signature based


  • OAuth

    • An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications ~www.oauth.net

    • For allowing other API to act as user in your system

      • Accept user credential

      • Then trust a 3rd party with a token that represents the other API

      • The other API never receives the credentials


    OAuth2 (Implicit): The Players and Relationships

    Registers With

    • Trusted / Untrusted Client

    Authorizes

    Authorization Server

    Accesses

    Trusts

    Uses

    Owns Resource

    Resource Owner

    Resource Server


    OAuth2 (Implicit): Flow

    Image Source : MSDN


    DEMO: SPA and OAuth


    CORS


    CORS - Cross Origin Resource Sharing

    • Http Request & Response

    Http Request Header

    Origin: domain1.com

    http://www.domain1.com

    Web Server of Domain1.com

    Http Response Header

    Access-Control-Allow-Origin: domain1.com

    Web Server of Domain2.com


    CORS Http Headers

    • Request Headers:

      • Origin

      • Access-Control-Request-Method

      • Access-Control-Request-Headers

  • Response Headers

    • Access-Control-Allow-Origin

    • Access-Control-Allow-Methods

    • Access-Control-Allow-Headers

    • Access-Control-Allow-Credentials

    • Access-Control-Max-Age


  • DEMO: CORS


    OData


    OData

    • The Open Data Protocol (OData) is a protocol for querying data over the web

    • OData protocol is a set of RESTful interactions along with an OData-defined query language based on JSON and AtomPub


    OData Query

    • $top=n: Returns only the first n entities in an entity set (or in Atom terms, the first n entries in a feed).

    • $skip=n: Skips the first n entities in an entity set. Using this option lets a client retrieve a series of distinct pages on subsequent requests.

    • $format: Determines whether data should be returned in JSON or the XML-based Atom/AtomPub format. (The default is Atom/AtomPub.)

    • $orderby=: Orders results, in ascending or descending order, by the value of one or more properties in those results.

    • $filter=: Returns only entities that match the specified expression.


    ASP.NET Web API OData

    • Components for implementing OData services

      • Model builders, formatters (Atom/JSON/XML), path and query parsers, LINQ expression generator, etc.

    • Built on ODataLib

      • Same underpinnings as WCF Data Services

    • Initially shipped with Visual Studio 2012 Update 2

    • Now supports $select, $expand and $batch!


    DEMO: OData – Http GET $select and $expand


    Other ASP.Net Web API 2 Features


    Attribute routing

    • Bring your routes closer to your resources

    config.Routes.MapHttpRoute(

    name: “DefaultApi",

    routeTemplate: "api/{controller}/{id}",

    defaults: new { id = RouteParameter.Optional}

    );

    Controller Selector

    Action Selector

    publicIEnumerable<Resource> GetResource () { … }


    Attribute routing

    config.MapHttpAttributeRoutes();

    config.Routes.MapHttpRoute(

    name: "DefaultApi", routeTemplate: "api/{controller}/{id}",

    defaults: new { id = RouteParameter.Optional});

    • In App Start WebAPIConfig

    • Optional values

    • Default values

    • Inline constraints

    [HttpGet(“Demographics/{zipcode?}")]

    publicDemographicsGet(int? zipcode) { … }

    [HttpGet("Demographics/{zipcode=98052}")]

    publicDemographicsGet(int zipcode) { … }

    [HttpGet("people/{id:int}")]

    publicPerson Get(int id) { … }

    [HttpGet("people/{name:alpha}")]

    publicPerson Get(string name) { … }


    Batching Request

    • Batch Request Handler at the Server - System.Web.Http.Batch.DefaultHttpBatchHandler

    • OData Batch Request Handler at the Server - System.Web.Http.OData.Batch.DefaultODataBatchHandler

    • Sequential and Non sequential execution support at the Server

    • Enhanced Client library for creating Container of multiple Requests or Context for OData


    Portable ASP.NET Web API Client

    • No more maintaining multiple client libraries for Phone and Store App

    • Single portable library that can be used to consume Web APIs from Windows Phone and Windows Store apps or any other client running on .NET 4.5

    • This support is built on the recently released portable HttpClient and the portable library support in Json.NET


    Http Response and IHttpActionResult

    • In Web API 1 –

      • Return any object and let the Web API pipeline convert that to an HttpResponseMessage

      • Return HttpResponseMessage constructing the Http header and body manually

    • In Web API 2 –

      • IHttpActionResult is like a factory implementation of HttpResponseMessage, provides more control over the returned HttpResponseMessage


    HttpRequestContext

    • Provides a shortcut to strongly typed access to the information which up to this point hidden inside of Request.Propertiesdictionary


    What’s new in ASP.NET Web API 2.1

    • Global Error Handling

    • Attribute Routing Improvements

    • Help Page Improvements

    • IgnoreRoute Support

    • BSON Media-Type Formatter

    • Better Support for AsyncFilters

    • Query Parsing for the Client Formatting Library


    Find out more

    http://www.asp.net/vnext

    http://www.asp.net/webapi

    http://channel9.msdn.com

    Follow progress in

    http://aspnetwebstack.codeplex.com

    http://katanaproject.codeplex.com


  • Login