asp.net web api 2 - msdevboston
TRANSCRIPT
![Page 1: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/1.jpg)
Topic – ASP.NET Web API
Microsoft DevBoston
![Page 2: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/2.jpg)
ASP.NET Web API 2
Andy Tapaswi.Net Architect @Magenic
![Page 3: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/3.jpg)
Topics1. What is ASP.Net Web API2. When to use WCF and When to use ASP.NET Web API3. New Features of ASP.NET Web API 24. OWIN5. OAuth 26. CORS7. OData8. Other Features
![Page 4: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/4.jpg)
Browsers Devices Phones Tablets
Web API
Web API connects to all HTTP aware clients Web
APIWeb API
![Page 5: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/5.jpg)
What is ASP.NET Web API A fully supported and extensible framework for
building HTTP based endpoints Built on top of ASP.NET Version 1.0 released along with MVC 4 in
August 2012 Version 2.0, released with ASP.NET MVC 5
(on .Net 4.5 and above) in October 2013 Version 2.1, released on Jan 17th 2014
![Page 6: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/6.jpg)
Should I use WCF or ASP.NET Web APIUse WCF If you are limited to .Net
3.5 If you are exposing SOAP
based services If you need to support
multiple protocols If you need to support
WS-* transaction If you need to achieve
message level security
Use ASP.Net Web API If you need to reach wider
and diverse cross platform clients / devices
If you need to leverage the benefits of Http
![Page 7: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/7.jpg)
1. OWIN integration / Katana Project
2. Security – OAuth 2.03. Security - CORS 4. OData
Improvements5. Attribute routing6. Request Batching
What’s new in ASP.NET Web API 27. Portable ASP.NET
Web API Client8. IHttpActionResult9. Authentication
Filters
![Page 8: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/8.jpg)
ASP.NET and OWIN IntegrationKatana Project
![Page 9: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/9.jpg)
Why OWIN? Large footprint even for
a small web application System.Web is too large
to maintain and can’t support frequent release cycles
Web Application
ASP.Net
IIS
![Page 10: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/10.jpg)
What is OWIN? OWIN = Open Web Interface for .NET (
www.owin.org) A Specification that defines a common interface that decouples web
apps from web servers Inspired by the likes of node.js, Rack, WSGI
Now deeply integrated with the ASP.NET pipeline
Ex. run authenticating middleware during the Authenticate ASP.NET pipeline stage
Run your Web APIs on any OWIN compliant host
Katana is the Microsoft’s OWIN implementation as hosting abstraction
![Page 11: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/11.jpg)
Katana Architecture App – Web Application Middleware – Frameworks:
Web API, Signal R, or any custom middleware (Oauth, CORS etc)
Server – Binding to TCP Port and constructing the HTTP context for pipeline
Host – Any executable or service or IIS
App
Middleware
Server
Host
![Page 12: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/12.jpg)
Katana Data FlowHost / IIS
HTTP Request
HTTP Response
Server
ASP.Net Web API
Web Application
![Page 13: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/13.jpg)
Implementation Convention over configuration Configuration function in Startup class using AppFunc = Func<IDictionary<string, object>, Task>;
![Page 14: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/14.jpg)
DEMO: self and IIS hosted Web API
![Page 15: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/15.jpg)
Web API Security – OAuth2
![Page 16: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/16.jpg)
Web API Security Security in transit
SSL is always appropriate Securing the API Itself
Authentication and Authorization Browser Security
Cross Origin
![Page 17: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/17.jpg)
Web API Security – Authentication and Authorization Server to Server
API Keys and shared Secrets User Proxy
OAuth or similar Direct User
Piggyback on existing system using Cookies or Tokens Windows Authentication Forms Authentication Http based Authentications Basic , Digest, Digital Signature based
![Page 18: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/18.jpg)
OAuth An open protocol to allow secure
authorization in a simple and standard method from web, mobile and desktop applications ~www.oauth.net
For allowing other API to act as user in your system
Accept user credential Then trust a 3rd party with a token that represents the other API The other API never receives the credentials
![Page 19: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/19.jpg)
OAuth2 (Implicit): The Players and Relationships
Trusted / Untrusted Client
Authorization Server
Resource Owner Resource Server
Registers With
Uses
Owns Resource
Trusts
Authorizes
Accesses
![Page 20: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/20.jpg)
OAuth2 (Implicit): Flow
Image Source : MSDN
![Page 21: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/21.jpg)
DEMO: SPA and OAuth
![Page 22: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/22.jpg)
CORS
![Page 23: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/23.jpg)
CORS - Cross Origin Resource Sharing
Http Request & Response
http://www.domain1.com
Web Server of Domain1.com
Web Server of Domain2.com
Http Request Header
Origin: domain1.com Http Response Header
Access-Control-Allow-Origin:
domain1.com
![Page 24: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/24.jpg)
CORS Http HeadersRequest Headers:
Origin Access-Control-Request-Method Access-Control-Request-Headers
Response Headers Access-Control-Allow-Origin Access-Control-Allow-Methods Access-Control-Allow-Headers Access-Control-Allow-Credentials Access-Control-Max-Age
![Page 25: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/25.jpg)
DEMO: CORS
![Page 26: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/26.jpg)
OData
![Page 27: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/27.jpg)
OData The Open Data Protocol
(OData) is a protocol for querying data over the web
OData protocol is a set of RESTful interactions along with an OData-defined query language based on JSON and AtomPub
![Page 28: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/28.jpg)
OData Query $top=n: Returns only the first n entities in an entity set (or in
Atom terms, the first n entries in a feed). $skip=n: Skips the first n entities in an entity set. Using this
option lets a client retrieve a series of distinct pages on subsequent requests.
$format: Determines whether data should be returned in JSON or the XML-based Atom/AtomPub format. (The default is Atom/AtomPub.)
$orderby=: Orders results, in ascending or descending order, by the value of one or more properties in those results.
$filter=: Returns only entities that match the specified expression.
![Page 29: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/29.jpg)
ASP.NET Web API OData Components for implementing OData services Model builders, formatters (Atom/JSON/XML), path and query
parsers, LINQ expression generator, etc. Built on ODataLib Same underpinnings as WCF Data Services Initially shipped with Visual Studio 2012 Update
2 Now supports $select, $expand and $batch!
![Page 30: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/30.jpg)
DEMO: OData – Http GET $select and $expand
![Page 31: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/31.jpg)
Other ASP.Net Web API 2 Features
![Page 32: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/32.jpg)
Bring your routes closer to your resources
Attribute routingconfig.Routes.MapHttpRoute( name: “DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional});
Controller Selector
Action Selector
public IEnumerable<Resource> GetResource () { … }
![Page 33: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/33.jpg)
In App Start WebAPIConfig
Optional values
Default values
Inline constraints
Attribute routing
[HttpGet(“Demographics/{zipcode?}")]public Demographics Get(int? zipcode) { … }
[HttpGet("people/{id:int}")]public Person Get(int id) { … }
[HttpGet("people/{name:alpha}")]public Person Get(string name) { … }
[HttpGet("Demographics/{zipcode=98052}")]public Demographics Get(int zipcode) { … }
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(name: "DefaultApi", routeTemplate: "api/{controller}/{id}",defaults: new { id = RouteParameter.Optional });
![Page 34: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/34.jpg)
Batching Request Batch Request Handler at the Server -
System.Web.Http.Batch.DefaultHttpBatchHandler OData Batch Request Handler at the Server -
System.Web.Http.OData.Batch.DefaultODataBatchHandler Sequential and Non sequential execution support at the
Server Enhanced Client library for creating Container of multiple
Requests or Context for OData
![Page 35: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/35.jpg)
Portable ASP.NET Web API Client No more maintaining multiple client libraries
for Phone and Store App Single portable library that can be used to
consume Web APIs from Windows Phone and Windows Store apps or any other client running on .NET 4.5
This support is built on the recently released portable HttpClient and the portable library support in Json.NET
![Page 36: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/36.jpg)
Http Response and IHttpActionResult In Web API 1 –
Return any object and let the Web API pipeline convert that to an HttpResponseMessage
Return HttpResponseMessage constructing the Http header and body manually
In Web API 2 – IHttpActionResult is like a factory implementation of
HttpResponseMessage, provides more control over the returned HttpResponseMessage
![Page 37: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/37.jpg)
HttpRequestContext Provides a
shortcut to strongly typed access to the information which up to this point hidden inside of Request.Properties dictionary
Name DescriptionClientCertificate Gets or sets the client certificate.Configuration Gets or sets the configuration.
IncludeErrorDetail
Gets or sets a value indicating whether error details, such as exception messages and stack traces, should be included in the response for this request.
IsLocalGets or sets a value indicating whether the request originates from a local address.
Principal .Gets or sets the principalRouteData Gets or sets the route data.
Url Gets or sets the factory used to generate URLs to other APIs.
VirtualPathRoot Gets or sets the virtual path root.
![Page 38: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/38.jpg)
1. Global Error Handling2. Attribute Routing Improvements3. Help Page Improvements4. IgnoreRoute Support5. BSON Media-Type Formatter6. Better Support for Async Filters7. Query Parsing for the Client
Formatting Library
What’s new in ASP.NET Web API 2.1
![Page 39: ASP.Net Web API 2 - MSDevBoston](https://reader034.vdocuments.net/reader034/viewer/2022051319/586e2c471a28ab8b3b8ba3c2/html5/thumbnails/39.jpg)
Find out morehttp://www.asp.net/vnexthttp://www.asp.net/webapihttp://channel9.msdn.com
Follow progress inhttp://aspnetwebstack.codeplex.comhttp://katanaproject.codeplex.com