1 / 39

Microsoft DevBoston

Microsoft DevBoston. Topic – ASP.NET Web API. ASP.NET Web API 2. Andy Tapaswi .Net Architect @Magenic. Topics. What is ASP.Net Web API When to use WCF and When to use ASP.NET Web API New Features of ASP.NET Web API 2 OWIN OAuth 2 CORS OData Other Features.

judith
Download Presentation

Microsoft DevBoston

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Microsoft DevBoston • Topic – ASP.NET Web API

  2. ASP.NET Web API 2 Andy Tapaswi .Net Architect @Magenic

  3. Topics • What is ASP.Net Web API • When to use WCF and When to use ASP.NET Web API • New Features of ASP.NET Web API 2 • OWIN • OAuth 2 • CORS • OData • Other Features

  4. Web API connects to all HTTP aware clients Web API Web API Web API Devices Browsers Phones Tablets

  5. What is ASP.NET Web API • A fully supported and extensible framework for building HTTP based endpoints • Built on top of ASP.NET • Version 1.0 released along with MVC 4 in August 2012 • Version 2.0, released with ASP.NET MVC 5 (on .Net 4.5 and above) in October 2013 • Version 2.1, released on Jan 17th 2014

  6. Should I use WCF or ASP.NET Web API Use ASP.Net Web API If you need to reach wider and diverse cross platform clients / devices If you need to leverage the benefits of Http • Use WCF • If you are limited to .Net 3.5 • If you are exposing SOAP based services • If you need to support multiple protocols • If you need to support WS-* transaction • If you need to achieve message level security

  7. What’s new in ASP.NET Web API 2 Portable ASP.NET Web API Client IHttpActionResult Authentication Filters • OWIN integration / Katana Project • Security – OAuth 2.0 • Security - CORS • OData Improvements • Attribute routing • Request Batching

  8. ASP.NET and OWIN IntegrationKatana Project

  9. Why OWIN? • Large footprint even for a small web application • System.Web is too large to maintain and can’t support frequent release cycles Web Application ASP.Net IIS

  10. What is OWIN? • OWIN = Open Web Interface for .NET (www.owin.org) • A Specification that defines a common interface that decouples web apps from web servers • Inspired by the likes of node.js, Rack, WSGI • Now deeply integrated with the ASP.NET pipeline • Ex. run authenticating middleware during the Authenticate ASP.NET pipeline stage • Run your Web APIs on any OWIN compliant host • Katana is the Microsoft’s OWIN implementation as hosting abstraction

  11. Katana Architecture App • App – Web Application • Middleware – Frameworks: Web API, Signal R, or any custom middleware (Oauth, CORS etc) • Server – Binding to TCP Port and constructing the HTTP context for pipeline • Host – Any executable or service or IIS Middleware Server Host

  12. Katana Data Flow Host / IIS Web Application ASP.Net Web API HTTP Request Server HTTP Response

  13. Implementation • Convention over configuration • Configuration function in Startup class • usingAppFunc = Func<IDictionary<string, object>, Task>;

  14. DEMO: self and IIS hosted Web API

  15. Web API Security – OAuth2

  16. Web API Security • Security in transit • SSL is always appropriate • Securing the API Itself • Authentication and Authorization • Browser Security • Cross Origin

  17. Web API Security – Authentication and Authorization • Server to Server • API Keys and shared Secrets • User Proxy OAuth or similar • Direct User • Piggyback on existing system using Cookies or Tokens • Windows Authentication • Forms Authentication • Http based Authentications Basic , Digest, • Digital Signature based

  18. OAuth • An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications ~www.oauth.net • For allowing other API to act as user in your system • Accept user credential • Then trust a 3rd party with a token that represents the other API • The other API never receives the credentials

  19. OAuth2 (Implicit): The Players and Relationships Registers With • Trusted / Untrusted Client Authorizes Authorization Server Accesses Trusts Uses Owns Resource Resource Owner Resource Server

  20. OAuth2 (Implicit): Flow Image Source : MSDN

  21. DEMO: SPA and OAuth

  22. CORS

  23. CORS - Cross Origin Resource Sharing • Http Request & Response Http Request Header Origin: domain1.com http://www.domain1.com Web Server of Domain1.com Http Response Header Access-Control-Allow-Origin: domain1.com Web Server of Domain2.com

  24. CORS Http Headers • Request Headers: • Origin • Access-Control-Request-Method • Access-Control-Request-Headers • Response Headers • Access-Control-Allow-Origin • Access-Control-Allow-Methods • Access-Control-Allow-Headers • Access-Control-Allow-Credentials • Access-Control-Max-Age

  25. DEMO: CORS

  26. OData

  27. OData • The Open Data Protocol (OData) is a protocol for querying data over the web • OData protocol is a set of RESTful interactions along with an OData-defined query language based on JSON and AtomPub

  28. OData Query • $top=n: Returns only the first n entities in an entity set (or in Atom terms, the first n entries in a feed). • $skip=n: Skips the first n entities in an entity set. Using this option lets a client retrieve a series of distinct pages on subsequent requests. • $format: Determines whether data should be returned in JSON or the XML-based Atom/AtomPub format. (The default is Atom/AtomPub.) • $orderby=: Orders results, in ascending or descending order, by the value of one or more properties in those results. • $filter=: Returns only entities that match the specified expression.

  29. ASP.NET Web API OData • Components for implementing OData services • Model builders, formatters (Atom/JSON/XML), path and query parsers, LINQ expression generator, etc. • Built on ODataLib • Same underpinnings as WCF Data Services • Initially shipped with Visual Studio 2012 Update 2 • Now supports $select, $expand and $batch!

  30. DEMO: OData – Http GET $select and $expand

  31. Other ASP.Net Web API 2 Features

  32. Attribute routing • Bring your routes closer to your resources config.Routes.MapHttpRoute( name: “DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional} ); Controller Selector Action Selector publicIEnumerable<Resource> GetResource () { … }

  33. Attribute routing config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional}); • In App Start WebAPIConfig • Optional values • Default values • Inline constraints [HttpGet(“Demographics/{zipcode?}")] publicDemographicsGet(int? zipcode) { … } [HttpGet("Demographics/{zipcode=98052}")] publicDemographicsGet(int zipcode) { … } [HttpGet("people/{id:int}")] publicPerson Get(int id) { … } [HttpGet("people/{name:alpha}")] publicPerson Get(string name) { … }

  34. Batching Request • Batch Request Handler at the Server - System.Web.Http.Batch.DefaultHttpBatchHandler • OData Batch Request Handler at the Server - System.Web.Http.OData.Batch.DefaultODataBatchHandler • Sequential and Non sequential execution support at the Server • Enhanced Client library for creating Container of multiple Requests or Context for OData

  35. Portable ASP.NET Web API Client • No more maintaining multiple client libraries for Phone and Store App • Single portable library that can be used to consume Web APIs from Windows Phone and Windows Store apps or any other client running on .NET 4.5 • This support is built on the recently released portable HttpClient and the portable library support in Json.NET

  36. Http Response and IHttpActionResult • In Web API 1 – • Return any object and let the Web API pipeline convert that to an HttpResponseMessage • Return HttpResponseMessage constructing the Http header and body manually • In Web API 2 – • IHttpActionResult is like a factory implementation of HttpResponseMessage, provides more control over the returned HttpResponseMessage

  37. HttpRequestContext • Provides a shortcut to strongly typed access to the information which up to this point hidden inside of Request.Propertiesdictionary

  38. What’s new in ASP.NET Web API 2.1 • Global Error Handling • Attribute Routing Improvements • Help Page Improvements • IgnoreRoute Support • BSON Media-Type Formatter • Better Support for AsyncFilters • Query Parsing for the Client Formatting Library

  39. Find out more http://www.asp.net/vnext http://www.asp.net/webapi http://channel9.msdn.com Follow progress in http://aspnetwebstack.codeplex.com http://katanaproject.codeplex.com

More Related