Microsoft devboston
1 / 39

Microsoft DevBoston - PowerPoint PPT Presentation

  • Uploaded on

Microsoft DevBoston. Topic – ASP.NET Web API. ASP.NET Web API 2. Andy Tapaswi .Net Architect @Magenic. Topics. What is ASP.Net Web API When to use WCF and When to use ASP.NET Web API New Features of ASP.NET Web API 2 OWIN OAuth 2 CORS OData Other Features.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about ' Microsoft DevBoston' - judith

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Microsoft devboston
Microsoft DevBoston

  • Topic – ASP.NET Web API

Asp net web api 2


Andy Tapaswi

.Net Architect @Magenic


  • What is ASP.Net Web API

  • When to use WCF and When to use ASP.NET Web API

  • New Features of ASP.NET Web API 2

  • OWIN

  • OAuth 2

  • CORS

  • OData

  • Other Features

Web api connects to all http aware clients
Web API connects to all HTTP aware clients








What is asp net web api
What is ASP.NET Web API

  • A fully supported and extensible framework for building HTTP based endpoints

  • Built on top of ASP.NET

  • Version 1.0 released along with MVC 4 in August 2012

  • Version 2.0, released with ASP.NET MVC 5 (on .Net 4.5 and above) in October 2013

  • Version 2.1, released on Jan 17th 2014

Should i use wcf or asp net web api
Should I use WCF or ASP.NET Web API

Use ASP.Net Web API

If you need to reach wider and diverse cross platform clients / devices

If you need to leverage the benefits of Http

  • Use WCF

  • If you are limited to .Net 3.5

  • If you are exposing SOAP based services

  • If you need to support multiple protocols

  • If you need to support WS-* transaction

  • If you need to achieve message level security

What s new in asp net web api 2
What’s new in ASP.NET Web API 2

Portable ASP.NET Web API Client


Authentication Filters

  • OWIN integration / Katana Project

  • Security – OAuth 2.0

  • Security - CORS

  • OData Improvements

  • Attribute routing

  • Request Batching

Why owin

  • Large footprint even for a small web application

  • System.Web is too large to maintain and can’t support frequent release cycles

Web Application



What is owin
What is OWIN?

  • OWIN = Open Web Interface for .NET (

    • A Specification that defines a common interface that decouples web apps from web servers

    • Inspired by the likes of node.js, Rack, WSGI

  • Now deeply integrated with the ASP.NET pipeline

    • Ex. run authenticating middleware during the Authenticate ASP.NET pipeline stage

  • Run your Web APIs on any OWIN compliant host

  • Katana is the Microsoft’s OWIN implementation as hosting abstraction

  • Katana architecture
    Katana Architecture


    • App – Web Application

    • Middleware – Frameworks: Web API, Signal R, or any custom middleware (Oauth, CORS etc)

    • Server – Binding to TCP Port and constructing the HTTP context for pipeline

    • Host – Any executable or service or IIS




    Katana data flow
    Katana Data Flow

    Host / IIS

    Web Application

    ASP.Net Web API

    HTTP Request


    HTTP Response


    • Convention over configuration

    • Configuration function in Startup class

    • usingAppFunc = Func<IDictionary<string, object>, Task>;

    Demo self and iis hosted web api
    DEMO: self and IIS hosted Web API

    Web api security
    Web API Security

    • Security in transit

      • SSL is always appropriate

  • Securing the API Itself

    • Authentication and Authorization

  • Browser Security

    • Cross Origin

  • Web api security authentication and authorization
    Web API Security – Authentication and Authorization

    • Server to Server

      • API Keys and shared Secrets

  • User Proxy

    OAuth or similar

  • Direct User

    • Piggyback on existing system using Cookies or Tokens

    • Windows Authentication

    • Forms Authentication

    • Http based Authentications Basic , Digest,

    • Digital Signature based

  • Oauth

    • An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications

    • For allowing other API to act as user in your system

      • Accept user credential

      • Then trust a 3rd party with a token that represents the other API

      • The other API never receives the credentials

    Oauth2 implicit the players and relationships
    OAuth2 (Implicit): The Players and Relationships

    Registers With

    • Trusted / Untrusted Client


    Authorization Server




    Owns Resource

    Resource Owner

    Resource Server

    Oauth2 implicit flow
    OAuth2 (Implicit): Flow

    Image Source : MSDN

    Cors cross origin resource sharing
    CORS - Cross Origin Resource Sharing

    • Http Request & Response

    Http Request Header


    Web Server of

    Http Response Header


    Web Server of

    Cors http headers
    CORS Http Headers

    • Request Headers:

      • Origin

      • Access-Control-Request-Method

      • Access-Control-Request-Headers

  • Response Headers

    • Access-Control-Allow-Origin

    • Access-Control-Allow-Methods

    • Access-Control-Allow-Headers

    • Access-Control-Allow-Credentials

    • Access-Control-Max-Age

  • Odata1

    • The Open Data Protocol (OData) is a protocol for querying data over the web

    • OData protocol is a set of RESTful interactions along with an OData-defined query language based on JSON and AtomPub

    Odata query
    OData Query

    • $top=n: Returns only the first n entities in an entity set (or in Atom terms, the first n entries in a feed).

    • $skip=n: Skips the first n entities in an entity set. Using this option lets a client retrieve a series of distinct pages on subsequent requests.

    • $format: Determines whether data should be returned in JSON or the XML-based Atom/AtomPub format. (The default is Atom/AtomPub.)

    • $orderby=: Orders results, in ascending or descending order, by the value of one or more properties in those results.

    • $filter=: Returns only entities that match the specified expression.

    Asp net web api odata
    ASP.NET Web API OData

    • Components for implementing OData services

      • Model builders, formatters (Atom/JSON/XML), path and query parsers, LINQ expression generator, etc.

    • Built on ODataLib

      • Same underpinnings as WCF Data Services

    • Initially shipped with Visual Studio 2012 Update 2

    • Now supports $select, $expand and $batch!

    Demo odata http get select and expand
    DEMO: OData – Http GET $select and $expand

    Attribute routing
    Attribute routing

    • Bring your routes closer to your resources


    name: “DefaultApi",

    routeTemplate: "api/{controller}/{id}",

    defaults: new { id = RouteParameter.Optional}


    Controller Selector

    Action Selector

    publicIEnumerable<Resource> GetResource () { … }

    Attribute routing1
    Attribute routing



    name: "DefaultApi", routeTemplate: "api/{controller}/{id}",

    defaults: new { id = RouteParameter.Optional});

    • In App Start WebAPIConfig

    • Optional values

    • Default values

    • Inline constraints


    publicDemographicsGet(int? zipcode) { … }


    publicDemographicsGet(int zipcode) { … }


    publicPerson Get(int id) { … }


    publicPerson Get(string name) { … }

    Batching request
    Batching Request

    • Batch Request Handler at the Server - System.Web.Http.Batch.DefaultHttpBatchHandler

    • OData Batch Request Handler at the Server - System.Web.Http.OData.Batch.DefaultODataBatchHandler

    • Sequential and Non sequential execution support at the Server

    • Enhanced Client library for creating Container of multiple Requests or Context for OData

    Portable asp net web api client
    Portable ASP.NET Web API Client

    • No more maintaining multiple client libraries for Phone and Store App

    • Single portable library that can be used to consume Web APIs from Windows Phone and Windows Store apps or any other client running on .NET 4.5

    • This support is built on the recently released portable HttpClient and the portable library support in Json.NET

    Http response and ihttpactionresult
    Http Response and IHttpActionResult

    • In Web API 1 –

      • Return any object and let the Web API pipeline convert that to an HttpResponseMessage

      • Return HttpResponseMessage constructing the Http header and body manually

    • In Web API 2 –

      • IHttpActionResult is like a factory implementation of HttpResponseMessage, provides more control over the returned HttpResponseMessage


    • Provides a shortcut to strongly typed access to the information which up to this point hidden inside of Request.Propertiesdictionary

    What s new in asp net web api 2 1
    What’s new in ASP.NET Web API 2.1

    • Global Error Handling

    • Attribute Routing Improvements

    • Help Page Improvements

    • IgnoreRoute Support

    • BSON Media-Type Formatter

    • Better Support for AsyncFilters

    • Query Parsing for the Client Formatting Library

    Find out more

    Follow progress in