[email protected] @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted...
-
Upload
steven-nickless -
Category
Documents
-
view
214 -
download
0
Transcript of [email protected] @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted...
![Page 1: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/1.jpg)
![Page 2: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/2.jpg)
Build Your Own REST Service with Web API 2Scot HillierMVPScot Hillier Technical Solutions, LLC
SPC404
![Page 4: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/4.jpg)
From Bricks to Houses
Web Parts
Workflows
Pages
Libraries
SharePoint 2010 SharePoint 2013
App Parts
SharePoint-Hosted Apps
Provider-Hosted Apps
![Page 5: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/5.jpg)
Agenda Building RESTful Services Building OData Services Securing WebAPI Services
![Page 6: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/6.jpg)
Building RESTful Services
![Page 7: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/7.jpg)
REST Constraints Client-Server
Client pulls representations from the server Separation of concerns
Stateless Client provides all necessary context Server returns all necessary state
Cache Responses indicate whether or not they can be cached eTag, Date, Expires headers
Interface Resources are accessible through URIs Resources operations are through HTTP verbs The same representations can be used for all operations Resources are interconnected to allow linking
Layered Resources are unaffected by proxy servers, gateways, etc.
![Page 8: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/8.jpg)
Introducing WebAPI Framework and tooling for building HTTP-
based services RESTful, OData, custom
Part of ASP.NET MVC Uses Controller and Routing paradigm
Tooling, wizards, scaffolding Simplified creation of REST and OData services Simplified use of Entity Framework to wrap database operations
Can be a stand-alone service or part of an app When added to an app, you must make additional manual code
updates
![Page 9: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/9.jpg)
ControllerClient
Model-Client-Controller with Web API
Model
DataHTTP
![Page 10: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/10.jpg)
Controllers Controllers inherit from ApiController
By default methods are mapped to HTTP verbspublic IEnumerable<string> Get() {}
public string Get(int id) {}
public void Post([FromBody]string value){}
public void Put(int id, [FromBody]string value){}
public void Delete(int id){}
public class ValuesController : ApiController
![Page 11: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/11.jpg)
Routing Routes are controlled through maps
Router makes decisions if information is missing
By default methods are mapped to HTTP verbs
config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional });
![Page 12: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/12.jpg)
Responding Content Negotiation is automatic
accept: "application/json" accept: "application/xml"
Return IQueryable to support query syntax
Return HttpResponseMessage for headers and status
public IQueryable<string> Get(){ var d = new List<string>() {"a", "b" }; return d.AsQueryable();}
public HttpResponseMessage Get(int id){ return Request.CreateResponse<string>(HttpStatusCode.OK, data[id - 1]);}
![Page 13: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/13.jpg)
Calling with Managed Code
![Page 14: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/14.jpg)
Calling with JavaScript
![Page 15: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/15.jpg)
DEMO
Creating and Testing a RESTful Service
![Page 16: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/16.jpg)
Building OData Services
![Page 17: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/17.jpg)
Open Data Protocol (OData) Standardized REST API for CRUD
operations Standardized Data Types
Standardized URI format
<Property Name="Id" Type="Edm.Guid" Nullable="false"/><Property Name="Title" Type="Edm.String"/><Property Name="TreeViewEnabled" Type="Edm.Boolean" Nullable="false"/><Property Name="UIVersion" Type="Edm.Int32" Nullable="false"/>
![Page 18: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/18.jpg)
OData Entity Model Service Document
$metadata
Entity Types define entities
Entity Key defines unique property
Associations link entities together
<EntityType Name="Site"><EntityType Name="Web" BaseType="SP.SecurableObject"><EntityType Name="List" BaseType="SP.SecurableObject"><EntityType Name="ListItem" BaseType="SP.SecurableObject" OpenType="true">
<Key><PropertyRef Name="Id"/></Key>
<NavigationProperty Name="RootWeb" …
![Page 19: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/19.jpg)
OData Query Options $select $filter $orderby $top $skip $expand
![Page 20: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/20.jpg)
Controllers Controllers inherit from ODataController
Methods are mapped to HTTP verbs just like ApiController
Content Negotiation is automatic IQueryable generated by default
public class ContactsController : ODataController
![Page 21: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/21.jpg)
Routing Routes are controlled through maps
Router makes decisions if information is missing
By default methods are mapped to HTTP verbs
ODataConventionModelBuilder builder = new ODataConventionModelBuilder();builder.EntitySet<Contact>("Contacts");builder.EntitySet<Company>("Companies");config.Routes.MapODataRoute("odata", "odata", builder.GetEdmModel());
![Page 22: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/22.jpg)
DEMO
Creating and Testing an OData Service
![Page 23: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/23.jpg)
Securing WebAPI Services
![Page 24: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/24.jpg)
General Security Considerations Secure Sockets Layer – always! AuthN, AuthZ
Windows FBA Basic Token OAuth
Same Origin JavaScript API Controllers directly in the app
Cross-Origin JavaScript Cross-Origin Resource Sharing (CORS)
![Page 25: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/25.jpg)
Cross-Origin Resource Sharing Allows JavaScript to make a call across domains Superior to JSONP, which only supports GET Supported in current versions of all major
browsers Browser and resource exchange headers
Origin header from browser Access-Control-Allow-Origin header returned from resource OPTIONS method used for “pre-flight” requests
Enabling in WebAPI2 Install Microsoft ASP.NET WebAPI2 CORS NuGet Package Enable CORS in WebApiConfig Use [EnableCors] attribute in controllers
![Page 26: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/26.jpg)
Cross-Origin Resource Sharing
Pre-flight request
Request Headers
Response Headers
![Page 27: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/27.jpg)
Security Considerations Secure Sockets Layer – always! Always validate calling domain
Allowing all domains can open network to attack
Service not validating domains
Page with malicious script
Script gains access
![Page 28: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/28.jpg)
DEMO
Cross Origin Resource Sharing
![Page 29: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/29.jpg)
On-Premises Apps and Services SSL! Server-to-Server (S2S) High Trust
Windows Authentication required Designing a Service for use solely by your app in same domain Include WebAPI Controllers in same project jQuery ajax calls work from JavaScript in Same Origin
Stand-Alone Services Secure with Windows Auth or Simple Web Token Enable CORS
![Page 30: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/30.jpg)
Cloud Apps and Services SSL! Token-based Security
Simple Web Token OAuth
Enable CORS for stand-alone services
![Page 31: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/31.jpg)
SWT is just HTML form-encoded name-value pairs Audience, the Relying Party. In this case your WebAPI endpoint ExpiresOn, the token expiration Issuer, the token issuing authority Additional custom name-value pairs HMACSHA256, Hash-Based Method Authentication Code of all other
name-value pairs in the token.
Using Simple Web Tokens
Audience=http://myserver.com/apiIssuer=dev.wingtip.comExpiresOn=1255913549role=developerover18=trueHMACSHA256=N4QeKa3c062VBjnVK6fb+rnwURkcwGXh7EoNK34n0uM=
![Page 32: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/32.jpg)
Simple Web Token Flow
MVC5 App(Token IssuingService)
WebAPIService
(Relying Party)
Client
![Page 33: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/33.jpg)
Simple Web Token Flow
MVC5 App(Token IssuingService)
WebAPIService
(Relying Party)
Client
Attempt to accesssecured resource withouta token
![Page 34: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/34.jpg)
Simple Web Token Flow
MVC5 App(Token IssuingService)
WebAPIService
(Relying Party)
Client
Redirected toToken Issuer
![Page 35: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/35.jpg)
Simple Web Token Flow
MVC5 App(Token IssuingService)
WebAPIService
(Relying Party)
Client
Log in andRequest token
![Page 36: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/36.jpg)
Simple Web Token Flow
MVC5 App(Token IssuingService)
WebAPIService
(Relying Party)
Client
Receive access token
![Page 37: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/37.jpg)
Simple Web Token Flow
MVC5 App(Token IssuingService)
WebAPIService
(Relying Party)
Client
Access resourceBy passing token with call
![Page 38: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/38.jpg)
DEMO
Simple Web Token Security
![Page 39: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/39.jpg)
Summary Building RESTful Services Building OData Services Securing WebAPI Services
![Page 40: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/40.jpg)
SPC 413, Complex Problem Solving with HTML5 Tuesday, March 4, 2014, 10:45 AM-12:00 PM Palazzo Ballroom A-H http://curah.microsoft.com/56000/sharepoint-conference-2014-spc413-r
esources
SPC 400, 3rd-Party JS Libraries You Need to Know Tuesday, March 4, 2014, 3:15 PM-4:30 PM Palazzo Ballroom K,L http://
curah.microsoft.com/56018/sharepoint-conference-2014-spc400-resources
SPC 404, Build your own REST service with WebAPI 2 Wednesday, March 5, 2014, 10:45 AM-12:00 PM Palazzo Ballroom A-H http://
curah.microsoft.com/56111/sharepoint-conference-2014-spc400-resources
Sessions and Resources
![Page 41: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/41.jpg)
MySPCSponsored by
connect. reimagine. transform.
Evaluate sessionson MySPC using yourlaptop or mobile device:myspc.sharepointconference.com
![Page 42: scot@scothillier.net @ScotHillier Web Parts Workflows Pages Libraries App Parts SharePoint-Hosted Apps Provider-Hosted Apps.](https://reader035.fdocuments.in/reader035/viewer/2022081602/5516c229550346a25b8b6114/html5/thumbnails/42.jpg)
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.