asp.net web api deep dive - ssd 2016 london
Post on 11-Feb-2017
329 Views
Preview:
TRANSCRIPT
1
ASP.NET Web API deep dive
Manfred Steyer
About me …
Manfred Steyer
Trainer & Consultant
Angular & .NET
Page 2
2
Goal
Show advanced features
of ASP.NET Web API
Only some Slides
Live Coding
Folie 4
Contents
Configure Formatters
Binary Serialization
Custom Formatters
Streaming
Versioning
OData with and without EF + restricting it
Metadata via Swagger
Security
Folie 5
4
Streaming in IIS (without OWIN)
Folie 8
config.Services.Replace(typeof(IHostBufferPolicySelector),new CustomWebHostBufferPolicySelector());
VERSIONING
Page 9
5
Two kinds of changes
Compatible Changes
Additional optional field etc.
Changes to the minor version, e. g. 1.1 to 1.2
Breaking Change
New Method/ Class
Changes to the major version, e. g. 1.2 to 2.0
Identity by URL or HTTP-Header
api-version: 1.2
Folie 10
DEMO
Page 11
6
ODATA
Page 12
What is ODATA
Standard for "SQL over HTTP"
Querying: ?$filter=From eq 'Vienna'
Also allows for editing
NuGet: Microsoft.AspNet.OData
Folie 13
7
SWAGGER
Page 14
Swagger
Metadata for Web APIs
Implementation for .NET: Swashbuckle
Every Action-Method has to have its own URL
NuGet: Swashbuckle
Folie 15
9
HTTP BASIC
Transmitting username + password via
HTTP-Headers
Base64-encoded: No encryption
Just use with HTTPS
IIS checks username + password against
Windows/AD
OWIN-Middleware to check them by yourself:
Thinktecture.IdentityModel.Owin.BasicAuthentication
Folie 18
Tokens
Folie 19
Client
Authorization-Server
Resource-Server
3. Token
Central Accounts
Auth. decoupled
Tokens provide flexibility
10
Solutions for Web APIs
Microsoft:
Microsoft.Owin.Security.Jwt
IdentityServer:
IdentityServer3.AccessTokenValidation
Folie 20
DEMO
Page 21
top related