asp.net web api deep dive - ssd 2016 london
TRANSCRIPT
1
ASP.NET Web API deep dive
Manfred Steyer
About me …
Manfred Steyer
Trainer & Consultant
Angular & .NET
Page 2
2
Goal
Show advanced features
of ASP.NET Web API
Only some Slides
Live Coding
Folie 4
Contents
Configure Formatters
Binary Serialization
Custom Formatters
Streaming
Versioning
OData with and without EF + restricting it
Metadata via Swagger
Security
Folie 5
3
FORMATTERSDEMO
Page 6
STREAMINGDEMO
Page 7
4
Streaming in IIS (without OWIN)
Folie 8
config.Services.Replace(typeof(IHostBufferPolicySelector),new CustomWebHostBufferPolicySelector());
VERSIONING
Page 9
5
Two kinds of changes
Compatible Changes
Additional optional field etc.
Changes to the minor version, e. g. 1.1 to 1.2
Breaking Change
New Method/ Class
Changes to the major version, e. g. 1.2 to 2.0
Identity by URL or HTTP-Header
api-version: 1.2
Folie 10
DEMO
Page 11
6
ODATA
Page 12
What is ODATA
Standard for "SQL over HTTP"
Querying: ?$filter=From eq 'Vienna'
Also allows for editing
NuGet: Microsoft.AspNet.OData
Folie 13
7
SWAGGER
Page 14
Swagger
Metadata for Web APIs
Implementation for .NET: Swashbuckle
Every Action-Method has to have its own URL
NuGet: Swashbuckle
Folie 15
8
DEMO
Page 16
SECURITY
Page 17
9
HTTP BASIC
Transmitting username + password via
HTTP-Headers
Base64-encoded: No encryption
Just use with HTTPS
IIS checks username + password against
Windows/AD
OWIN-Middleware to check them by yourself:
Thinktecture.IdentityModel.Owin.BasicAuthentication
Folie 18
Tokens
Folie 19
Client
Authorization-Server
Resource-Server
3. Token
Central Accounts
Auth. decoupled
Tokens provide flexibility
10
Solutions for Web APIs
Microsoft:
Microsoft.Owin.Security.Jwt
IdentityServer:
IdentityServer3.AccessTokenValidation
Folie 20
DEMO
Page 21
11
Summary
Formatters for reading and writing Objects
Streaming for performance
Versioning with RouteContraint
OData
Metadata via Swagger and Swashbuckle
Security with HTTP BASIC and Tokens
Folie 22
SOFTWAREarchitekt.at
ManfredSteyer
Contact