ASP.NET, Architecture, Web Forms, MVC, Web API Telerik Software Academy ASP.NET Web Forms.
ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...
Transcript of ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...
![Page 1: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/1.jpg)
![Page 2: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/2.jpg)
ASP.NET Web API 2—Web Services for Websites, Modern Apps, and Mobile AppsDaniel RothSenior Program Manager3-504
![Page 3: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/3.jpg)
Web Services
HTTP
![Page 4: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/4.jpg)
Reach more clients
Browsers Devices Phones Tablets
? ? ? ?
App
![Page 5: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/5.jpg)
Make it scale
Browsers Devices Phones Tablets
App
? ? ? ?
![Page 6: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/6.jpg)
Keep it simple
Browsers Devices Phones Tablets
App
? ? ? ? .config
SOAP
![Page 7: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/7.jpg)
Leverage the Web – build Web APIs
Browsers Devices Phones Tablets
ASP.NET Web API
App 2
![Page 8: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/8.jpg)
Getting started with ASP.NET Web API 2Available as stand-alone NuGet packagesShips with Visual Studio 2013 PreviewInstall the ASP.NET and Web Tools 2013 Preview Refresh to get additional features and enhancementsGet the bits at http://www.asp.net/vnextSupported on .NET 4.5 and beyondSee the code at http://aspnetwebstack.codeplex.com
![Page 9: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/9.jpg)
DEMO: Your first Web API with ASP.NET Web API 2
![Page 10: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/10.jpg)
Attribute routingOWIN integrationEasier to unit test (IHttpActionResult)Portable Web API clientsOData: $select, $expand, $batchRequest batchingWeb API security (CORS, OAuth 2.0)
What’s new in ASP.NET Web API 2
![Page 11: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/11.jpg)
Bring your routes closer to your resources
Attribute routingconfig.Routes.MapHttpRoute( name: “TodosForTodoList", routeTemplate: "api/todolists/{id}/todos", defaults: new { controller = “todolists”, action = “GetTodos” });
Controller Selector
Action Selector
public IEnumerable<TodoItem> GetTodos() { … }
![Page 12: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/12.jpg)
Bring your routes closer to your resources
Attribute routingconfig.MapHttpAttributeRoutes();
[HttpGet("api/todolists/{id}/todos")]public IEnumerable<TodoItem> GetTodos(int id) { … }
![Page 13: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/13.jpg)
Optional values
Default values
Inline constraints
Attribute routing[HttpGet(“Demographics/{zipcode?}")]public Demographics Get(int? zipcode) { … }
[HttpGet("people/{id:int}")]public Person Get(int id) { … }
[HttpGet("people/{name:alpha}")]public Person Get(string name) { … }
[HttpGet("Demographics/{zipcode=98052}")]public Demographics Get(int zipcode) { … }
![Page 14: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/14.jpg)
DEMO: Attribute routing
![Page 15: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/15.jpg)
Thank you Tim McCall for your contribution!
http://attributerouting.net
![Page 16: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/16.jpg)
Unit testing Web APIsIt used to be harder than it should be . . .Now unit testing is just:1. Create your controller2. Set properties as needed (Request, Configuration, etc)3. Call your actionUse IHttpActionResult to package up reusable logicExecutes immediately after the action is run – rest of the pipeline sees the response message
![Page 17: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/17.jpg)
DEMO: Web API Unit testing
![Page 18: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/18.jpg)
OWIN integrationOWIN = Open Web Interface for .NET (http://owin.org) Defines a common interface that decouples web apps from web serversInspired by the likes of node.js, Rack, WSGIMiddleware pipeline sits in . . . well, the middle Now deeply integrated with the ASP.NET pipelineEx. run authenticating middleware during the Authenticate ASP.NET pipeline stageRun your Web APIs on any OWIN compliant host
![Page 19: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/19.jpg)
DEMO: Web API OWIN self host
![Page 20: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/20.jpg)
ASP.NET Web API ODataComponents for implementing OData servicesModel builders, formatters (Atom/JSON/XML), path and query parsers, LINQ expression generator, etc.It’s not all or nothing – you can use as much as you wantBuilt on ODataLibSame underpinnings as WCF Data ServicesInitially shipped with Visual Studio 2012 Update 2Now supports $select, $expand and $batch!
![Page 21: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/21.jpg)
DEMO: OData - $select and $expand
![Page 22: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/22.jpg)
Free
Friends
Please give me your password
Web API SecurityWould you trust this app?
![Page 23: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/23.jpg)
The many challenges of Web API securityUsers may not want to trust client apps with their credentialsApps don’t want to have to store user credentialsMany servers don’t want to have to store user credentials eitherClient app access to protected resources should be scopedSupport browser clients (even cross origin)Avoid the perils of request forgeryNeed a friendly approach for native and mobile applications
![Page 24: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/24.jpg)
Why no COOKI
ES!?!
![Page 25: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/25.jpg)
OAuth 2.0Framework for authorizing clients to access a user’s protected resourcesIETF standard (RFCs 6749, 6750)Designed to work with HTTP servicesMultiple profiles according to client and access typesIt isn’t an authentication protocol…but one can be manufactured on its basis.
![Page 26: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/26.jpg)
Authorization Grant
Authorization GrantLooks good – here’s a token you can use
Protected ResourceAccess TokenOK, here you go
OAuth 2.0
AuthorizationServer
Resource Server (Web
API)
Resource Owner (user)
Client
Authorization Request
Access Token
Hey user, can I access your
photos?OKThe user said I
could access their photos– here’s
proof
Here is my access token. User’s
photos, please.
![Page 27: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/27.jpg)
OAuth 2.0 – obtain authorization
Protected ResourceClient
Authorization ServerAuthorization
EndpointToken
Endpoint
Browser CODE 3302
302 1
<Client ID>
2 <Client ID>user
User
![Page 28: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/28.jpg)
OAuth 2.0 – token request
Protected ResourceClient
Authorization ServerAuthorization
EndpointToken
Endpoint
CODE
2
access token
refresh token
Client
1
<Client ID>
client
![Page 29: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/29.jpg)
OAuth 2.0 – resource request
Protected ResourceClient
authorization serverAuthorization
EndpointToken
Endpoint
1
access token
2refresh token
Client
Authorization: Bearer
![Page 30: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/30.jpg)
OAuth 2.0 – refresh access token
Protected ResourceClient
Authorization ServerAuthorization
EndpointToken
Endpoint
2
access token
refresh token
refresh token
Client
1
<Client ID>
client
![Page 31: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/31.jpg)
OAuth 2.0 Bearer token supportAuthorize requests using OAuth 2.0 Bearer tokensBearer auth middleware validates tokens and converts tokens into claims
Protected Resource
Client
BearerAuth
×
![Page 32: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/32.jpg)
OAuth 2.0 Bearer token supportpublic class Startup{ public void ConfigureAuth(IAppBuilder app) { // Enable the application to use OAuth 2.0 bearer tokens to authenticate users app.UseOAuthBearerAuthentication(new OAuthBearerAuthenticationOptions()); }}
![Page 33: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/33.jpg)
OAuth 2.0 authorization server supportTwo options:1. Host your ownSimple authz server in preview Single Page Application template codeAuthz server support in OWIN middleware (future)2. Use an existing oneWindows Azure Active DirectoryActive Directory Federation Services in Window Server 2012 R2
![Page 34: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/34.jpg)
DEMO: My first secure Web API using OAuth 2.0
![Page 35: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/35.jpg)
Supporting multiple clients with portable libs
Web API
Single Page App
Windows Store App
Windows Phone App
Portable Web API Client
![Page 36: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/36.jpg)
DEMO: One Web API, multiple clients
![Page 37: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/37.jpg)
Attribute routingOWIN integrationEasier to unit test (IHttpActionResult)Portable Web API clientsOData: $select, $expand, $batchRequest batchingWeb API security (CORS, OAuth 2.0)
What’s new in ASP.NET Web API 2
![Page 38: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/38.jpg)
ResourcesFind out morehttp://www.asp.net/vnexthttp://www.asp.net/webapiFollow our progresshttp://aspnetwebstack.codeplex.comhttp://katanaproject.codeplex.com
![Page 39: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/39.jpg)
Evaluate this session
Scan this QR code to evaluate this session and be automatically entered in a drawing to win a prize!
![Page 40: ASP.NET Web API 2 * Web Services for Websites, Modern Apps ...](https://reader036.fdocuments.in/reader036/viewer/2022062504/586e2c471a28ab8b3b8ba3bd/html5/thumbnails/40.jpg)
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.