Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ASP.NET Web API Deep Dive - SSD 2016 London

563 views

Published on

ASP.NET Web API Deep Dive - SSD 2016 London

Published in: Internet
  • Be the first to comment

  • Be the first to like this

ASP.NET Web API Deep Dive - SSD 2016 London

  1. 1. 1 ASP.NET Web API deep dive Manfred Steyer About me … Manfred Steyer Trainer & Consultant Angular & .NET Page  2
  2. 2. 2 Goal Show advanced features of ASP.NET Web API Only some Slides Live Coding Folie 4 Contents  Configure Formatters  Binary Serialization  Custom Formatters  Streaming  Versioning  OData with and without EF + restricting it  Metadata via Swagger  Security Folie 5
  3. 3. 3 FORMATTERS DEMO Page  6 STREAMING DEMO Page  7
  4. 4. 4 Streaming in IIS (without OWIN) Folie 8 config.Services.Replace( typeof(IHostBufferPolicySelector), new CustomWebHostBufferPolicySelector()); VERSIONING Page  9
  5. 5. 5 Two kinds of changes Compatible Changes  Additional optional field etc.  Changes to the minor version, e. g. 1.1 to 1.2 Breaking Change  New Method/ Class  Changes to the major version, e. g. 1.2 to 2.0  Identity by URL or HTTP-Header  api-version: 1.2 Folie 10 DEMO Page  11
  6. 6. 6 ODATA Page  12 What is ODATA Standard for "SQL over HTTP" Querying: ?$filter=From eq 'Vienna' Also allows for editing NuGet: Microsoft.AspNet.OData Folie 13
  7. 7. 7 SWAGGER Page  14 Swagger Metadata for Web APIs Implementation for .NET: Swashbuckle Every Action-Method has to have its own URL NuGet: Swashbuckle Folie 15
  8. 8. 8 DEMO Page  16 SECURITY Page  17
  9. 9. 9 HTTP BASIC Transmitting username + password via HTTP-Headers  Base64-encoded: No encryption  Just use with HTTPS IIS checks username + password against Windows/AD OWIN-Middleware to check them by yourself:  Thinktecture.IdentityModel.Owin.BasicAuthentication Folie 18 Tokens Folie 19 Client Authorization-Server Resource-Server 3. Token Central Accounts Auth. decoupled Tokens provide flexibility
  10. 10. 10 Solutions for Web APIs Microsoft: Microsoft.Owin.Security.Jwt IdentityServer: IdentityServer3.AccessTokenValidation Folie 20 DEMO Page  21
  11. 11. 11 Summary  Formatters for reading and writing Objects  Streaming for performance  Versioning with RouteContraint  OData  Metadata via Swagger and Swashbuckle  Security with HTTP BASIC and Tokens Folie 22 manfred.steyer@SOFTWAREarchitekt.at SOFTWAREarchitekt.at ManfredSteyer Contact

×