ASP.NET Web API Deep Dive - SSD 2016 London

46 %
54 %
Information about ASP.NET Web API Deep Dive - SSD 2016 London

Published on May 19, 2016

Author: ManfredSteyer

Source: slideshare.net

1. 1 ASP.NET Web API deep dive Manfred Steyer About me … Manfred Steyer Trainer & Consultant Angular & .NET Page  2

2. 2 Goal Show advanced features of ASP.NET Web API Only some Slides Live Coding Folie 4 Contents  Configure Formatters  Binary Serialization  Custom Formatters  Streaming  Versioning  OData with and without EF + restricting it  Metadata via Swagger  Security Folie 5

3. 3 FORMATTERS DEMO Page  6 STREAMING DEMO Page  7

4. 4 Streaming in IIS (without OWIN) Folie 8 config.Services.Replace( typeof(IHostBufferPolicySelector), new CustomWebHostBufferPolicySelector()); VERSIONING Page  9

5. 5 Two kinds of changes Compatible Changes  Additional optional field etc.  Changes to the minor version, e. g. 1.1 to 1.2 Breaking Change  New Method/ Class  Changes to the major version, e. g. 1.2 to 2.0  Identity by URL or HTTP-Header  api-version: 1.2 Folie 10 DEMO Page  11

6. 6 ODATA Page  12 What is ODATA Standard for "SQL over HTTP" Querying: ?$filter=From eq 'Vienna' Also allows for editing NuGet: Microsoft.AspNet.OData Folie 13

7. 7 SWAGGER Page  14 Swagger Metadata for Web APIs Implementation for .NET: Swashbuckle Every Action-Method has to have its own URL NuGet: Swashbuckle Folie 15

8. 8 DEMO Page  16 SECURITY Page  17

9. 9 HTTP BASIC Transmitting username + password via HTTP-Headers  Base64-encoded: No encryption  Just use with HTTPS IIS checks username + password against Windows/AD OWIN-Middleware to check them by yourself:  Thinktecture.IdentityModel.Owin.BasicAuthentication Folie 18 Tokens Folie 19 Client Authorization-Server Resource-Server 3. Token Central Accounts Auth. decoupled Tokens provide flexibility

10. 10 Solutions for Web APIs Microsoft: Microsoft.Owin.Security.Jwt IdentityServer: IdentityServer3.AccessTokenValidation Folie 20 DEMO Page  21

11. 11 Summary  Formatters for reading and writing Objects  Streaming for performance  Versioning with RouteContraint  OData  Metadata via Swagger and Swashbuckle  Security with HTTP BASIC and Tokens Folie 22 manfred.steyer@SOFTWAREarchitekt.at SOFTWAREarchitekt.at ManfredSteyer Contact

Add a comment