web application asp.net iis app middleware server host
TRANSCRIPT
Topic – ASP.NET Web API
Microsoft DevBoston
ASP.NET Web API 2
Andy Tapaswi.Net Architect @Magenic
Topics
1. What is ASP.Net Web API2. When to use WCF and When to use ASP.NET Web API3. New Features of ASP.NET Web API 24. OWIN5. OAuth 26. CORS7. OData8. Other Features
Browsers Devices Phones Tablets
Web API
Web API connects to all HTTP aware clients
Web API
Web API
What is ASP.NET Web API
A fully supported and extensible framework for building HTTP based endpoints
Built on top of ASP.NET Version 1.0 released along with MVC 4 in
August 2012 Version 2.0, released with ASP.NET MVC 5
(on .Net 4.5 and above) in October 2013 Version 2.1, released on Jan 17th 2014
Should I use WCF or ASP.NET Web API
Use WCF If you are limited to .Net
3.5 If you are exposing SOAP
based services If you need to support
multiple protocols If you need to support
WS-* transaction If you need to achieve
message level security
Use ASP.Net Web API If you need to reach wider
and diverse cross platform clients / devices
If you need to leverage the benefits of Http
1. OWIN integration / Katana Project
2. Security – OAuth 2.03. Security - CORS 4. OData
Improvements5. Attribute routing6. Request Batching
What’s new in ASP.NET Web API 2
7. Portable ASP.NET Web API Client
8. IHttpActionResult9. Authentication
Filters
ASP.NET and OWIN IntegrationKatana Project
Why OWIN?
Large footprint even for a small web application
System.Web is too large to maintain and can’t support frequent release cycles
Web Application
ASP.Net
IIS
What is OWIN? OWIN = Open Web Interface for .NET (
www.owin.org) A Specification that defines a common interface that decouples web
apps from web servers Inspired by the likes of node.js, Rack, WSGI
Now deeply integrated with the ASP.NET pipeline
Ex. run authenticating middleware during the Authenticate ASP.NET pipeline stage
Run your Web APIs on any OWIN compliant host
Katana is the Microsoft’s OWIN implementation as hosting abstraction
Katana Architecture App – Web Application Middleware – Frameworks:
Web API, Signal R, or any custom middleware (Oauth, CORS etc)
Server – Binding to TCP Port and constructing the HTTP context for pipeline
Host – Any executable or service or IIS
App
Middleware
Server
Host
Katana Data Flow
Host / IIS
HTTP Request
HTTP Response
Server
ASP.Net Web API
Web Application
Implementation Convention over configuration Configuration function in Startup class using AppFunc = Func<IDictionary<string, object>, Task>;
DEMO: self and IIS hosted Web API
Web API Security – OAuth2
Web API Security
Security in transit SSL is always appropriate
Securing the API Itself Authentication and Authorization
Browser Security Cross Origin
Web API Security – Authentication and Authorization Server to Server
API Keys and shared Secrets
User ProxyOAuth or similar
Direct User Piggyback on existing system using Cookies or Tokens Windows Authentication Forms Authentication Http based Authentications Basic , Digest, Digital Signature based
OAuth
An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications ~www.oauth.net
For allowing other API to act as user in your system
Accept user credential Then trust a 3rd party with a token that represents the other API The other API never receives the credentials
OAuth2 (Implicit): The Players and Relationships
Trusted / Untrusted Client
Authorization Server
Resource Owner Resource Server
Registers With
Uses
Owns Resource
Trusts
Authorizes
Accesses
OAuth2 (Implicit): Flow
Image Source : MSDN
DEMO: SPA and OAuth
CORS
CORS - Cross Origin Resource Sharing
Http Request & Response
http://www.domain1.com
Web Server of Domain1.com
Web Server of Domain2.com
Http Request Header
Origin: domain1.com Http Response Header
Access-Control-Allow-Origin:
domain1.com
CORS Http Headers
Request Headers: Origin Access-Control-Request-Method Access-Control-Request-Headers
Response Headers Access-Control-Allow-Origin Access-Control-Allow-Methods Access-Control-Allow-Headers Access-Control-Allow-Credentials Access-Control-Max-Age
DEMO: CORS
OData
OData The Open Data Protocol
(OData) is a protocol for querying data over the web
OData protocol is a set of RESTful interactions along with an OData-defined query language based on JSON and AtomPub
OData Query
$top=n: Returns only the first n entities in an entity set (or in Atom terms, the first n entries in a feed).
$skip=n: Skips the first n entities in an entity set. Using this option lets a client retrieve a series of distinct pages on subsequent requests.
$format: Determines whether data should be returned in JSON or the XML-based Atom/AtomPub format. (The default is Atom/AtomPub.)
$orderby=: Orders results, in ascending or descending order, by the value of one or more properties in those results.
$filter=: Returns only entities that match the specified expression.
ASP.NET Web API OData
Components for implementing OData services Model builders, formatters (Atom/JSON/XML), path and query
parsers, LINQ expression generator, etc.
Built on ODataLib Same underpinnings as WCF Data Services
Initially shipped with Visual Studio 2012 Update 2
Now supports $select, $expand and $batch!
DEMO: OData – Http GET $select and $expand
Other ASP.Net Web API 2 Features
Bring your routes closer to your resources
Attribute routing
config.Routes.MapHttpRoute( name: “DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional});
Controller Selector
Action Selector
public IEnumerable<Resource> GetResource () { … }
In App Start WebAPIConfig
Optional values
Default values
Inline constraints
Attribute routing
[HttpGet(“Demographics/{zipcode?}")]public Demographics Get(int? zipcode) { … }
[HttpGet("people/{id:int}")]public Person Get(int id) { … }
[HttpGet("people/{name:alpha}")]public Person Get(string name) { … }
[HttpGet("Demographics/{zipcode=98052}")]public Demographics Get(int zipcode) { … }
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(name: "DefaultApi", routeTemplate: "api/{controller}/{id}",defaults: new { id = RouteParameter.Optional });
Batching Request
Batch Request Handler at the Server - System.Web.Http.Batch.DefaultHttpBatchHandler
OData Batch Request Handler at the Server - System.Web.Http.OData.Batch.DefaultODataBatchHandler
Sequential and Non sequential execution support at the Server
Enhanced Client library for creating Container of multiple Requests or Context for OData
Portable ASP.NET Web API Client
No more maintaining multiple client libraries for Phone and Store App
Single portable library that can be used to consume Web APIs from Windows Phone and Windows Store apps or any other client running on .NET 4.5
This support is built on the recently released portable HttpClient and the portable library support in Json.NET
Http Response and IHttpActionResult
In Web API 1 – Return any object and let the Web API pipeline convert that to an
HttpResponseMessage Return HttpResponseMessage constructing the Http header and
body manually
In Web API 2 – IHttpActionResult is like a factory implementation of
HttpResponseMessage, provides more control over the returned HttpResponseMessage
HttpRequestContext
Provides a shortcut to strongly typed access to the information which up to this point hidden inside of Request.Properties dictionary
Name Description
ClientCertificate Gets or sets the client certificate.
Configuration Gets or sets the configuration.
IncludeErrorDetail
Gets or sets a value indicating whether error details, such as exception messages and stack traces, should be included in the response for this request.
IsLocalGets or sets a value indicating whether the request originates from a local address.
Principal .Gets or sets the principal
RouteData Gets or sets the route data.
Url Gets or sets the factory used to generate URLs to other APIs.
VirtualPathRoot Gets or sets the virtual path root.
1. Global Error Handling2. Attribute Routing Improvements3. Help Page Improvements4. IgnoreRoute Support5. BSON Media-Type Formatter6. Better Support for Async Filters7. Query Parsing for the Client
Formatting Library
What’s new in ASP.NET Web API 2.1
Find out morehttp://www.asp.net/vnexthttp://www.asp.net/webapihttp://channel9.msdn.com
Follow progress inhttp://aspnetwebstack.codeplex.comhttp://katanaproject.codeplex.com