web application asp.net iis app middleware server host
TRANSCRIPT
![Page 1: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/1.jpg)
Topic – ASP.NET Web API
Microsoft DevBoston
![Page 2: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/2.jpg)
ASP.NET Web API 2
Andy Tapaswi.Net Architect @Magenic
![Page 3: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/3.jpg)
Topics
1. What is ASP.Net Web API2. When to use WCF and When to use ASP.NET Web API3. New Features of ASP.NET Web API 24. OWIN5. OAuth 26. CORS7. OData8. Other Features
![Page 4: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/4.jpg)
Browsers Devices Phones Tablets
Web API
Web API connects to all HTTP aware clients
Web API
Web API
![Page 5: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/5.jpg)
What is ASP.NET Web API
A fully supported and extensible framework for building HTTP based endpoints
Built on top of ASP.NET Version 1.0 released along with MVC 4 in
August 2012 Version 2.0, released with ASP.NET MVC 5
(on .Net 4.5 and above) in October 2013 Version 2.1, released on Jan 17th 2014
![Page 6: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/6.jpg)
Should I use WCF or ASP.NET Web API
Use WCF If you are limited to .Net
3.5 If you are exposing SOAP
based services If you need to support
multiple protocols If you need to support
WS-* transaction If you need to achieve
message level security
Use ASP.Net Web API If you need to reach wider
and diverse cross platform clients / devices
If you need to leverage the benefits of Http
![Page 7: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/7.jpg)
1. OWIN integration / Katana Project
2. Security – OAuth 2.03. Security - CORS 4. OData
Improvements5. Attribute routing6. Request Batching
What’s new in ASP.NET Web API 2
7. Portable ASP.NET Web API Client
8. IHttpActionResult9. Authentication
Filters
![Page 8: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/8.jpg)
ASP.NET and OWIN IntegrationKatana Project
![Page 9: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/9.jpg)
Why OWIN?
Large footprint even for a small web application
System.Web is too large to maintain and can’t support frequent release cycles
Web Application
ASP.Net
IIS
![Page 10: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/10.jpg)
What is OWIN? OWIN = Open Web Interface for .NET (
www.owin.org) A Specification that defines a common interface that decouples web
apps from web servers Inspired by the likes of node.js, Rack, WSGI
Now deeply integrated with the ASP.NET pipeline
Ex. run authenticating middleware during the Authenticate ASP.NET pipeline stage
Run your Web APIs on any OWIN compliant host
Katana is the Microsoft’s OWIN implementation as hosting abstraction
![Page 11: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/11.jpg)
Katana Architecture App – Web Application Middleware – Frameworks:
Web API, Signal R, or any custom middleware (Oauth, CORS etc)
Server – Binding to TCP Port and constructing the HTTP context for pipeline
Host – Any executable or service or IIS
App
Middleware
Server
Host
![Page 12: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/12.jpg)
Katana Data Flow
Host / IIS
HTTP Request
HTTP Response
Server
ASP.Net Web API
Web Application
![Page 13: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/13.jpg)
Implementation Convention over configuration Configuration function in Startup class using AppFunc = Func<IDictionary<string, object>, Task>;
![Page 14: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/14.jpg)
DEMO: self and IIS hosted Web API
![Page 15: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/15.jpg)
Web API Security – OAuth2
![Page 16: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/16.jpg)
Web API Security
Security in transit SSL is always appropriate
Securing the API Itself Authentication and Authorization
Browser Security Cross Origin
![Page 17: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/17.jpg)
Web API Security – Authentication and Authorization Server to Server
API Keys and shared Secrets
User ProxyOAuth or similar
Direct User Piggyback on existing system using Cookies or Tokens Windows Authentication Forms Authentication Http based Authentications Basic , Digest, Digital Signature based
![Page 18: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/18.jpg)
OAuth
An open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications ~www.oauth.net
For allowing other API to act as user in your system
Accept user credential Then trust a 3rd party with a token that represents the other API The other API never receives the credentials
![Page 19: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/19.jpg)
OAuth2 (Implicit): The Players and Relationships
Trusted / Untrusted Client
Authorization Server
Resource Owner Resource Server
Registers With
Uses
Owns Resource
Trusts
Authorizes
Accesses
![Page 20: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/20.jpg)
OAuth2 (Implicit): Flow
Image Source : MSDN
![Page 21: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/21.jpg)
DEMO: SPA and OAuth
![Page 22: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/22.jpg)
CORS
![Page 23: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/23.jpg)
CORS - Cross Origin Resource Sharing
Http Request & Response
http://www.domain1.com
Web Server of Domain1.com
Web Server of Domain2.com
Http Request Header
Origin: domain1.com Http Response Header
Access-Control-Allow-Origin:
domain1.com
![Page 24: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/24.jpg)
CORS Http Headers
Request Headers: Origin Access-Control-Request-Method Access-Control-Request-Headers
Response Headers Access-Control-Allow-Origin Access-Control-Allow-Methods Access-Control-Allow-Headers Access-Control-Allow-Credentials Access-Control-Max-Age
![Page 25: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/25.jpg)
DEMO: CORS
![Page 26: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/26.jpg)
OData
![Page 27: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/27.jpg)
OData The Open Data Protocol
(OData) is a protocol for querying data over the web
OData protocol is a set of RESTful interactions along with an OData-defined query language based on JSON and AtomPub
![Page 28: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/28.jpg)
OData Query
$top=n: Returns only the first n entities in an entity set (or in Atom terms, the first n entries in a feed).
$skip=n: Skips the first n entities in an entity set. Using this option lets a client retrieve a series of distinct pages on subsequent requests.
$format: Determines whether data should be returned in JSON or the XML-based Atom/AtomPub format. (The default is Atom/AtomPub.)
$orderby=: Orders results, in ascending or descending order, by the value of one or more properties in those results.
$filter=: Returns only entities that match the specified expression.
![Page 29: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/29.jpg)
ASP.NET Web API OData
Components for implementing OData services Model builders, formatters (Atom/JSON/XML), path and query
parsers, LINQ expression generator, etc.
Built on ODataLib Same underpinnings as WCF Data Services
Initially shipped with Visual Studio 2012 Update 2
Now supports $select, $expand and $batch!
![Page 30: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/30.jpg)
DEMO: OData – Http GET $select and $expand
![Page 31: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/31.jpg)
Other ASP.Net Web API 2 Features
![Page 32: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/32.jpg)
Bring your routes closer to your resources
Attribute routing
config.Routes.MapHttpRoute( name: “DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional});
Controller Selector
Action Selector
public IEnumerable<Resource> GetResource () { … }
![Page 33: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/33.jpg)
In App Start WebAPIConfig
Optional values
Default values
Inline constraints
Attribute routing
[HttpGet(“Demographics/{zipcode?}")]public Demographics Get(int? zipcode) { … }
[HttpGet("people/{id:int}")]public Person Get(int id) { … }
[HttpGet("people/{name:alpha}")]public Person Get(string name) { … }
[HttpGet("Demographics/{zipcode=98052}")]public Demographics Get(int zipcode) { … }
config.MapHttpAttributeRoutes();
config.Routes.MapHttpRoute(name: "DefaultApi", routeTemplate: "api/{controller}/{id}",defaults: new { id = RouteParameter.Optional });
![Page 34: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/34.jpg)
Batching Request
Batch Request Handler at the Server - System.Web.Http.Batch.DefaultHttpBatchHandler
OData Batch Request Handler at the Server - System.Web.Http.OData.Batch.DefaultODataBatchHandler
Sequential and Non sequential execution support at the Server
Enhanced Client library for creating Container of multiple Requests or Context for OData
![Page 35: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/35.jpg)
Portable ASP.NET Web API Client
No more maintaining multiple client libraries for Phone and Store App
Single portable library that can be used to consume Web APIs from Windows Phone and Windows Store apps or any other client running on .NET 4.5
This support is built on the recently released portable HttpClient and the portable library support in Json.NET
![Page 36: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/36.jpg)
Http Response and IHttpActionResult
In Web API 1 – Return any object and let the Web API pipeline convert that to an
HttpResponseMessage Return HttpResponseMessage constructing the Http header and
body manually
In Web API 2 – IHttpActionResult is like a factory implementation of
HttpResponseMessage, provides more control over the returned HttpResponseMessage
![Page 37: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/37.jpg)
HttpRequestContext
Provides a shortcut to strongly typed access to the information which up to this point hidden inside of Request.Properties dictionary
Name Description
ClientCertificate Gets or sets the client certificate.
Configuration Gets or sets the configuration.
IncludeErrorDetail
Gets or sets a value indicating whether error details, such as exception messages and stack traces, should be included in the response for this request.
IsLocalGets or sets a value indicating whether the request originates from a local address.
Principal .Gets or sets the principal
RouteData Gets or sets the route data.
Url Gets or sets the factory used to generate URLs to other APIs.
VirtualPathRoot Gets or sets the virtual path root.
![Page 38: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/38.jpg)
1. Global Error Handling2. Attribute Routing Improvements3. Help Page Improvements4. IgnoreRoute Support5. BSON Media-Type Formatter6. Better Support for Async Filters7. Query Parsing for the Client
Formatting Library
What’s new in ASP.NET Web API 2.1
![Page 39: Web Application ASP.Net IIS App Middleware Server Host](https://reader034.vdocument.in/reader034/viewer/2022052618/551aa250550346856e8b45a4/html5/thumbnails/39.jpg)
Find out morehttp://www.asp.net/vnexthttp://www.asp.net/webapihttp://channel9.msdn.com
Follow progress inhttp://aspnetwebstack.codeplex.comhttp://katanaproject.codeplex.com