1 / 40

ASP.NET Web API 2—Web Services for Websites, Modern Apps, and Mobile Apps

ASP.NET Web API 2—Web Services for Websites, Modern Apps, and Mobile Apps. Daniel Roth Senior Program Manager 3-504. HTTP. Web Services. Reach more clients. App. Devices. Browsers. Phones. ?. ?. ?. ?. Tablets. Make it scale. App. Devices. Browsers. Phones. ?. ?. ?. ?.

sanura
Télécharger la présentation

ASP.NET Web API 2—Web Services for Websites, Modern Apps, and Mobile Apps

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ASP.NET Web API 2—Web Services for Websites, Modern Apps, and Mobile Apps Daniel Roth Senior Program Manager 3-504

  2. HTTP Web Services

  3. Reach more clients App Devices Browsers Phones ? ? ? ? Tablets

  4. Make it scale App Devices Browsers Phones ? ? ? ? Tablets

  5. Keep it simple App .config Devices Browsers Phones ? ? ? ? Tablets SOAP

  6. Leverage the Web – build Web APIs App 2 ASP.NET Web API Devices Browsers Phones Tablets

  7. Getting started with ASP.NET Web API 2 • Available as stand-alone NuGet packages • Ships with Visual Studio 2013 Preview • Install the ASP.NET and Web Tools 2013 Preview Refresh to get additional features and enhancements • Get the bits at http://www.asp.net/vnext • Supported on .NET 4.5 and beyond • See the code at http://aspnetwebstack.codeplex.com

  8. DEMO: Your first Web API with ASP.NET Web API 2

  9. What’s new in ASP.NET Web API 2 • Attribute routing • OWIN integration • Easier to unit test (IHttpActionResult) • Portable Web API clients • OData: $select, $expand, $batch • Request batching • Web API security (CORS, OAuth 2.0)

  10. Attribute routing • Bring your routes closer to your resources config.Routes.MapHttpRoute( name: “TodosForTodoList", routeTemplate: "api/todolists/{id}/todos", defaults: new { controller = “todolists”, action = “GetTodos” } ); Controller Selector Action Selector publicIEnumerable<TodoItem> GetTodos() { … }

  11. Attribute routing • Bring your routes closer to your resources config.MapHttpAttributeRoutes(); [HttpGet("api/todolists/{id}/todos")] publicIEnumerable<TodoItem> GetTodos(int id) { … }

  12. Attribute routing • Optional values • Default values • Inline constraints [HttpGet(“Demographics/{zipcode?}")] publicDemographicsGet(int? zipcode) { … } [HttpGet("Demographics/{zipcode=98052}")] publicDemographicsGet(int zipcode) { … } [HttpGet("people/{id:int}")] publicPerson Get(int id) { … } [HttpGet("people/{name:alpha}")] publicPerson Get(string name) { … }

  13. DEMO: Attribute routing

  14. Thank you Tim McCall for your contribution!http://attributerouting.net

  15. Unit testing Web APIs • It used to be harder than it should be . . . • Now unit testing is just: • Create your controller • Set properties as needed (Request, Configuration, etc) • Call your action • Use IHttpActionResult to package up reusable logic • Executes immediately after the action is run – rest of the pipeline sees the response message

  16. DEMO: Web API Unit testing

  17. OWIN integration • OWIN = Open Web Interface for .NET (http://owin.org) • Defines a common interface that decouples web apps from web servers • Inspired by the likes of node.js, Rack, WSGI • Middleware pipeline sits in . . . well, the middle  • Now deeply integrated with the ASP.NET pipeline • Ex. run authenticating middleware during the Authenticate ASP.NET pipeline stage • Run your Web APIs on any OWIN compliant host

  18. DEMO: Web API OWIN self host

  19. ASP.NET Web API OData • Components for implementing OData services • Model builders, formatters (Atom/JSON/XML), path and query parsers, LINQ expression generator, etc. • It’s not all or nothing – you can use as much as you want • Built on ODataLib • Same underpinnings as WCF Data Services • Initially shipped with Visual Studio 2012 Update 2 • Now supports $select, $expand and $batch!

  20. DEMO: OData - $select and $expand

  21. Web API Security Free • Would you trust this app? Friends Please give me your password

  22. The many challenges of Web API security • Users may not want to trust client apps with their credentials • Apps don’t want to have to store user credentials • Many servers don’t want to have to store user credentials either • Client app access to protected resources should be scoped • Support browser clients (even cross origin) • Avoid the perils of request forgery • Need a friendly approach for native and mobile applications

  23. Why no COOKIES !?!

  24. OAuth 2.0 • Framework for authorizing clients to access a user’s protected resources • IETF standard (RFCs 6749, 6750) • Designed to work with HTTP services • Multiple profiles according to client and access types • It isn’t an authentication protocol • …but one can be manufactured on its basis.

  25. OAuth 2.0 Hey user, can I access your photos? Client The user said I could access their photos– here’s proof OK Resource Owner (user) Authorization Request Authorization Grant Looks good – here’s a token you can use Here is my access token. User’s photos, please. Authorization Server Authorization Grant Access Token Resource Server (Web API) OK, here you go Access Token Protected Resource

  26. OAuth 2.0 – obtain authorization Authorization Server Authorization Endpoint Token Endpoint user 302 3 User CODE 2 <Client ID> <Client ID> 302 Protected Resource Browser 1 Client

  27. OAuth 2.0 – token request Authorization Server Authorization Endpoint Token Endpoint client 2 Client <Client ID> 1 CODE access token refresh token Protected Resource Client

  28. OAuth 2.0 – resource request authorization server Authorization Endpoint Token Endpoint Client access token Authorization: Bearer refresh token 1 Protected Resource 2 Client

  29. OAuth 2.0 – refresh access token Authorization Server Authorization Endpoint Token Endpoint client 2 <Client ID> Client 1 access token refresh token refresh token Protected Resource Client

  30. OAuth 2.0 Bearer token support • Authorize requests using OAuth 2.0 Bearer tokens • Bearer auth middleware validates tokens and converts tokens into claims Bearer Auth ×  Protected Resource Client

  31. OAuth 2.0 Bearer token support • public class Startup • { • public void ConfigureAuth(IAppBuilder app) • { • // Enable the application to use OAuth 2.0 bearer tokens to authenticate users • app.UseOAuthBearerAuthentication(newOAuthBearerAuthenticationOptions()); • } • }

  32. OAuth 2.0 authorization server support • Two options: • 1. Host your own • Simple authz server in preview Single Page Application template code • Authz server support in OWIN middleware (future) • 2. Use an existing one • Windows Azure Active Directory • Active Directory Federation Services in Window Server 2012 R2

  33. DEMO: My first secure Web API using OAuth 2.0

  34. Supporting multiple clients with portable libs Web API Windows Phone App Windows Store App Single Page App Portable Web API Client

  35. DEMO: One Web API, multiple clients

  36. What’s new in ASP.NET Web API 2 • Attribute routing • OWIN integration • Easier to unit test (IHttpActionResult) • Portable Web API clients • OData: $select, $expand, $batch • Request batching • Web API security (CORS, OAuth 2.0)

  37. Resources • Find out more • http://www.asp.net/vnext • http://www.asp.net/webapi • Follow our progress • http://aspnetwebstack.codeplex.com • http://katanaproject.codeplex.com

  38. Required Slide *delete this box when your slide is finalized Your MS Tag will be inserted here during the final scrub. Evaluate this session • Scan this QR codeto evaluate this session and be automatically entered in a drawing to win a prize!

More Related