Microsoft devboston
This presentation is the property of its rightful owner.
Sponsored Links
1 / 39

Microsoft DevBoston PowerPoint PPT Presentation


  • 49 Views
  • Uploaded on
  • Presentation posted in: General

Microsoft DevBoston. Topic – ASP.NET Web API. ASP.NET Web API 2. Andy Tapaswi .Net Architect @Magenic. Topics. What is ASP.Net Web API When to use WCF and When to use ASP.NET Web API New Features of ASP.NET Web API 2 OWIN OAuth 2 CORS OData Other Features.

Download Presentation

Microsoft DevBoston

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Microsoft devboston

Microsoft DevBoston

  • Topic – ASP.NET Web API


Asp net web api 2

ASP.NET Web API 2

Andy Tapaswi

.Net Architect @Magenic


Topics

Topics

  • What is ASP.Net Web API

  • When to use WCF and When to use ASP.NET Web API

  • New Features of ASP.NET Web API 2

  • OWIN

  • OAuth 2

  • CORS

  • OData

  • Other Features


Web api connects to all http aware clients

Web API connects to all HTTP aware clients

Web API

Web API

Web API

Devices

Browsers

Phones

Tablets


What is asp net web api

What is ASP.NET Web API

  • A fully supported and extensible framework for building HTTP based endpoints

  • Built on top of ASP.NET

  • Version 1.0 released along with MVC 4 in August 2012

  • Version 2.0, released with ASP.NET MVC 5 (on .Net 4.5 and above) in October 2013

  • Version 2.1, released on Jan 17th 2014


Should i use wcf or asp net web api

Should I use WCF or ASP.NET Web API

Use ASP.Net Web API

If you need to reach wider and diverse cross platform clients / devices

If you need to leverage the benefits of Http

  • Use WCF

  • If you are limited to .Net 3.5

  • If you are exposing SOAP based services

  • If you need to support multiple protocols

  • If you need to support WS-* transaction

  • If you need to achieve message level security


What s new in asp net web api 2

What’s new in ASP.NET Web API 2

Portable ASP.NET Web API Client

IHttpActionResult

Authentication Filters

  • OWIN integration / Katana Project

  • Security – OAuth 2.0

  • Security - CORS

  • OData Improvements

  • Attribute routing

  • Request Batching


Asp net and owin integration katana project

ASP.NET and OWIN IntegrationKatana Project


Why owin

Why OWIN?

  • Large footprint even for a small web application

  • System.Web is too large to maintain and can’t support frequent release cycles

Web Application

ASP.Net

IIS


What is owin

What is OWIN?

  • OWIN = Open Web Interface for .NET (www.owin.org)

    • A Specification that defines a common interface that decouples web apps from web servers

    • Inspired by the likes of node.js, Rack, WSGI

  • Now deeply integrated with the ASP.NET pipeline

    • Ex. run authenticating middleware during the Authenticate ASP.NET pipeline stage

  • Run your Web APIs on any OWIN compliant host

  • Katana is the Microsoft’s OWIN implementation as hosting abstraction


  • Katana architecture

    Katana Architecture

    App

    • App – Web Application

    • Middleware – Frameworks: Web API, Signal R, or any custom middleware (Oauth, CORS etc)

    • Server – Binding to TCP Port and constructing the HTTP context for pipeline

    • Host – Any executable or service or IIS

    Middleware

    Server

    Host


    Katana data flow

    Katana Data Flow

    Host / IIS

    Web Application

    ASP.Net Web API

    HTTP Request

    Server

    HTTP Response


    Implementation

    Implementation

    • Convention over configuration

    • Configuration function in Startup class

    • usingAppFunc = Func<IDictionary<string, object>, Task>;


    Demo self and iis hosted web api

    DEMO: self and IIS hosted Web API


    Web api security oauth2

    Web API Security – OAuth2


    Web api security

    Web API Security

    • Security in transit

      • SSL is always appropriate

  • Securing the API Itself

    • Authentication and Authorization

  • Browser Security

    • Cross Origin


  • Web api security authentication and authorization

    Web API Security – Authentication and Authorization

    • Server to Server

      • API Keys and shared Secrets

  • User Proxy

    OAuth or similar

  • Direct User

    • Piggyback on existing system using Cookies or Tokens

    • Windows Authentication

    • Forms Authentication

    • Http based Authentications Basic , Digest,

    • Digital Signature based


  • Oauth

    OAuth

    • An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications ~www.oauth.net

    • For allowing other API to act as user in your system

      • Accept user credential

      • Then trust a 3rd party with a token that represents the other API

      • The other API never receives the credentials


    Oauth2 implicit the players and relationships

    OAuth2 (Implicit): The Players and Relationships

    Registers With

    • Trusted / Untrusted Client

    Authorizes

    Authorization Server

    Accesses

    Trusts

    Uses

    Owns Resource

    Resource Owner

    Resource Server


    Oauth2 implicit flow

    OAuth2 (Implicit): Flow

    Image Source : MSDN


    Demo spa and oauth

    DEMO: SPA and OAuth


    Microsoft devboston

    CORS


    Cors cross origin resource sharing

    CORS - Cross Origin Resource Sharing

    • Http Request & Response

    Http Request Header

    Origin: domain1.com

    http://www.domain1.com

    Web Server of Domain1.com

    Http Response Header

    Access-Control-Allow-Origin: domain1.com

    Web Server of Domain2.com


    Cors http headers

    CORS Http Headers

    • Request Headers:

      • Origin

      • Access-Control-Request-Method

      • Access-Control-Request-Headers

  • Response Headers

    • Access-Control-Allow-Origin

    • Access-Control-Allow-Methods

    • Access-Control-Allow-Headers

    • Access-Control-Allow-Credentials

    • Access-Control-Max-Age


  • Demo cors

    DEMO: CORS


    Odata

    OData


    Odata1

    OData

    • The Open Data Protocol (OData) is a protocol for querying data over the web

    • OData protocol is a set of RESTful interactions along with an OData-defined query language based on JSON and AtomPub


    Odata query

    OData Query

    • $top=n: Returns only the first n entities in an entity set (or in Atom terms, the first n entries in a feed).

    • $skip=n: Skips the first n entities in an entity set. Using this option lets a client retrieve a series of distinct pages on subsequent requests.

    • $format: Determines whether data should be returned in JSON or the XML-based Atom/AtomPub format. (The default is Atom/AtomPub.)

    • $orderby=: Orders results, in ascending or descending order, by the value of one or more properties in those results.

    • $filter=: Returns only entities that match the specified expression.


    Asp net web api odata

    ASP.NET Web API OData

    • Components for implementing OData services

      • Model builders, formatters (Atom/JSON/XML), path and query parsers, LINQ expression generator, etc.

    • Built on ODataLib

      • Same underpinnings as WCF Data Services

    • Initially shipped with Visual Studio 2012 Update 2

    • Now supports $select, $expand and $batch!


    Demo odata http get select and expand

    DEMO: OData – Http GET $select and $expand


    Other asp net web api 2 features

    Other ASP.Net Web API 2 Features


    Attribute routing

    Attribute routing

    • Bring your routes closer to your resources

    config.Routes.MapHttpRoute(

    name: “DefaultApi",

    routeTemplate: "api/{controller}/{id}",

    defaults: new { id = RouteParameter.Optional}

    );

    Controller Selector

    Action Selector

    publicIEnumerable<Resource> GetResource () { … }


    Attribute routing1

    Attribute routing

    config.MapHttpAttributeRoutes();

    config.Routes.MapHttpRoute(

    name: "DefaultApi", routeTemplate: "api/{controller}/{id}",

    defaults: new { id = RouteParameter.Optional});

    • In App Start WebAPIConfig

    • Optional values

    • Default values

    • Inline constraints

    [HttpGet(“Demographics/{zipcode?}")]

    publicDemographicsGet(int? zipcode) { … }

    [HttpGet("Demographics/{zipcode=98052}")]

    publicDemographicsGet(int zipcode) { … }

    [HttpGet("people/{id:int}")]

    publicPerson Get(int id) { … }

    [HttpGet("people/{name:alpha}")]

    publicPerson Get(string name) { … }


    Batching request

    Batching Request

    • Batch Request Handler at the Server - System.Web.Http.Batch.DefaultHttpBatchHandler

    • OData Batch Request Handler at the Server - System.Web.Http.OData.Batch.DefaultODataBatchHandler

    • Sequential and Non sequential execution support at the Server

    • Enhanced Client library for creating Container of multiple Requests or Context for OData


    Portable asp net web api client

    Portable ASP.NET Web API Client

    • No more maintaining multiple client libraries for Phone and Store App

    • Single portable library that can be used to consume Web APIs from Windows Phone and Windows Store apps or any other client running on .NET 4.5

    • This support is built on the recently released portable HttpClient and the portable library support in Json.NET


    Http response and ihttpactionresult

    Http Response and IHttpActionResult

    • In Web API 1 –

      • Return any object and let the Web API pipeline convert that to an HttpResponseMessage

      • Return HttpResponseMessage constructing the Http header and body manually

    • In Web API 2 –

      • IHttpActionResult is like a factory implementation of HttpResponseMessage, provides more control over the returned HttpResponseMessage


    Httprequestcontext

    HttpRequestContext

    • Provides a shortcut to strongly typed access to the information which up to this point hidden inside of Request.Propertiesdictionary


    What s new in asp net web api 2 1

    What’s new in ASP.NET Web API 2.1

    • Global Error Handling

    • Attribute Routing Improvements

    • Help Page Improvements

    • IgnoreRoute Support

    • BSON Media-Type Formatter

    • Better Support for AsyncFilters

    • Query Parsing for the Client Formatting Library


    Microsoft devboston

    Find out more

    http://www.asp.net/vnext

    http://www.asp.net/webapi

    http://channel9.msdn.com

    Follow progress in

    http://aspnetwebstack.codeplex.com

    http://katanaproject.codeplex.com


  • Login