SlideShare una empresa de Scribd logo

How to get full power from WebApi

Descargar como PPTX, PDF
Raffaele Rialdi
Raffaele Rialdi

WebApi presentation by Raffaele Rialdi at http://webnetconf.eu/ on October 20, 2012 in Milano http://www.iamraf.net @raffaeler

Tecnología
1 de 21
How to get full power from WebApi Raffaele Rialdi @raffaeler http://iamraf.net
Thanks to the sponsors
What is WebApi in one slide • A library to create HTTP services – HTTP is highly scalable (disconnect, cloud, …) • Designed to create REST services – WebApi does not automatically imply REST – Use HTTP as an application (not a transport) protocol • Fits in heterogeneous device/OS scenarios – Avoid typical SOAP versioning problems – It's highly pluggable • Leverages the Asp.net MVC 4 model
WebApi is flexible • oData is a work-in progress – look at nightly builds, avoid current pre-release • Can be Self-Hosted outside IIS and MVC4 – Easy way for inter-AppDomain or inter-Process – Console example: var config = new HttpSelfHostConfiguration("http://localhost:8000"); config.Routes.MapHttpRoute("API Default", "api/{controller}/{id}", new { id = RouteParameter.Optional }); using (HttpSelfHostServer server = new HttpSelfHostServer(config)) { server.OpenAsync().Wait(); Console.WriteLine("Press any key to exit"); Console.ReadKey(); }
THE REQUEST JOURNEY
Routing to a Controller Request controller • Use the standard MVC Routes – extract Controller, Action and parameters • Controller selection under the hood – IHttpControllerSelector.SelectController • HttpRequestMessage  HttpControllerDescriptor • Plug-in Controllers using IDependencyResolver – Nuget has a lot of ready to use IoC containers
Selecting an Action Request controller action • The easiest way is to modify the default Route config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); config.Routes.MapHttpRoute( name: "DefaultApi2", routeTemplate: "api/{controller}/{action}/{x}/{y}" ); • Can use [ActionName("myaction")] – override the method name as the action name • Can use [NonAction] – exclude a method from being an action
Selecting an Action by code Request controller action • Derive ApiControllerActionSelector Use case: – override SelectAction Versioning! • Implement IHttpActionSelector – Implement SelectAction – Obtain the previous selector in ctor – Call previous selector • In SelectAction method: – in: HttpControllerContext – out: HttpActionDescription
Authorization filter Request controller action authoriz. I’ll play with Claims • [Authorize] is Role oriented • Derive AuthorizeAttribute to go Claim oriented • [AllowAnonymous] is self-explanatory • Starting from Fx4.5 new universal base classes – ClaimsPrincipal for every Principal – ClaimsIdentity for every Identity IPrincipal client = Thread.CurrentPrincipal; ClaimsPrincipal principal = Thread.CurrentPrincipal as ClaimsPrincipal; ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
Security considerations • WebApi authorization model is not built-in – AuthorizationFilters / MessageHandlers are used to plugin the desired mechanism – Per-route handlers gives finer control • Use Filters/Handlers to add/modify claims
Model Bind Request controller action authoriz. binding • IValueProvider (Bind3 example) – useful to populate an action parameter – Require a ValueProviderFactory (applied via attribute) • HttpParameterBinding (Bind4 example) – Associate a type to a provider • IActionValueBinder (Bind5 example) – Associate an HttpActionDescription to a provider • DefaultActionValueBinder (Bind6 example) – Intercept default provider • IModelBinder (Bind7 example) – Execute the binding. Must provide the value
Action Filters action Request controller action authoriz. binding filter • Called before and after the action execution Use case: • Implement IActionFilter validation & auditing! or better…. • Derive ActionFilterAttribute – OnActionExecuting – OnActionExecuted
Target was reached! action invoke Request controller action authoriz. binding filter action • In the action we have different options: – return an entity that will be embedded in a response – build and return the HttpResponseMessage • Can be an error (no exceptions imply better performances) or – throw a CLR exception (a filter will convert it in a msg) – throw an HttpResponseException • returns the HTTP status code of your choice • it's a full response (specify Content, Headers, ReasonPhrase)
HttpError • Nice way to create the error message – Errors flow in the same way of the content – Keys/Values can be added for additional infos var msg = string.Format("Product with id = {0} not found", id); HttpError err = new HttpError(msg); return Request.CreateResponse(HttpStatusCode.NotFound, err); var msg = string.Format("Product with id = {0} not found", id); return Request.CreateErrorResponse(HttpStatusCode.NotFound, msg); HTTP/1.1 404 Not Found Content-Type: application/json; charset=utf-8 Date: Thu, 09 Aug 2012 23:27:18 GMT Content-Length: 51 { "Message": "Product with id = 12 not found" }
Action filter action invoke filter action • Same filter of the request • OnActionExecuted
Exception Filters exception action invoke filter filter action • Do not use MVC [HandleError] • Transform CLR exceptions in HTTP messages • Implement IExceptionFilter or better derive ExceptionFilterAttribute • Mark actions with the attribute or • Change the global configuration – GlobalConfiguration.Configuration.Filters.Add(new MyNamespace.NotImplExceptionFilterAttribute());
Formatting data for the output exception action invoke Response formatting action filter filter • MediaTypeFormatter is the abstract base class to serialize entities in whatever format • Built-in formatters: – Json.net and Xml formatter are built-in – bson and many others on nuget – your own just deriving this class • The correct formatter is picked up upon "http content negotiation"
GOING DEEPER
Message Handlers Request custom Http Http HttpServer Message Routing Controller Controller Response Handler Dispatcher Dispatcher • Message Handlers works at the beginning of the pipeline – They can use the message and pass it over – Or can "short-circuit" to the response (early validation) • MH still don't know the controller, action, etc. • Every endpoint has different MH instances • Typical usage: – Early validation of the message / headers (security keys) – Packet inspection
Wrap up • Webapi = extreme pluggability • Just follow the request – Before or later it will become a response  Questions?
Please rate this session Scan the code, go online, rate this session

Recomendados

Real World Asp.Net WebApi Applications
Real World Asp.Net WebApi ApplicationsReal World Asp.Net WebApi Applications
Real World Asp.Net WebApi ApplicationsEffie Arditi
 
Web Api vs MVC
Web Api vs MVCWeb Api vs MVC
Web Api vs MVCChaowlert Chaisrichalermpol
 
Intoduction to Play Framework
Intoduction to Play FrameworkIntoduction to Play Framework
Intoduction to Play FrameworkKnoldus Inc.
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsAugust Detlefsen
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot IntroductionJeevesh Pandey
 
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...Sencha
 
Developing Modern Java Web Applications with Java EE 7 and AngularJS
Developing Modern Java Web Applications with Java EE 7 and AngularJSDeveloping Modern Java Web Applications with Java EE 7 and AngularJS
Developing Modern Java Web Applications with Java EE 7 and AngularJSShekhar Gulati
 
ASP.NET MVC 4 - Routing Internals
ASP.NET MVC 4 - Routing InternalsASP.NET MVC 4 - Routing Internals
ASP.NET MVC 4 - Routing InternalsLukasz Lysik
 

Recomendados

Real World Asp.Net WebApi Applications
Real World Asp.Net WebApi ApplicationsReal World Asp.Net WebApi Applications
Real World Asp.Net WebApi ApplicationsEffie Arditi
 
Web Api vs MVC
Web Api vs MVCWeb Api vs MVC
Web Api vs MVCChaowlert Chaisrichalermpol
 
Intoduction to Play Framework
Intoduction to Play FrameworkIntoduction to Play Framework
Intoduction to Play FrameworkKnoldus Inc.
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsCusomizing Burp Suite - Getting the Most out of Burp Extensions
Cusomizing Burp Suite - Getting the Most out of Burp ExtensionsAugust Detlefsen
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot IntroductionJeevesh Pandey
 
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...
SenchaCon 2016: A Look Ahead: Survey Next-Gen Modern Browser APIs - Shikhir S...Sencha
 
Developing Modern Java Web Applications with Java EE 7 and AngularJS
Developing Modern Java Web Applications with Java EE 7 and AngularJSDeveloping Modern Java Web Applications with Java EE 7 and AngularJS
Developing Modern Java Web Applications with Java EE 7 and AngularJSShekhar Gulati
 
ASP.NET MVC 4 - Routing Internals
ASP.NET MVC 4 - Routing InternalsASP.NET MVC 4 - Routing Internals
ASP.NET MVC 4 - Routing InternalsLukasz Lysik
 
SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra
SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra
SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra Sencha
 
ASP.NET MVC 4 Request Pipeline Internals
ASP.NET MVC 4 Request Pipeline InternalsASP.NET MVC 4 Request Pipeline Internals
ASP.NET MVC 4 Request Pipeline InternalsLukasz Lysik
 
The Many Ways to Test Your React App
The Many Ways to Test Your React AppThe Many Ways to Test Your React App
The Many Ways to Test Your React AppAll Things Open
 
OroCRM Technology Webinar May 28, 2014
OroCRM Technology Webinar May 28, 2014OroCRM Technology Webinar May 28, 2014
OroCRM Technology Webinar May 28, 2014Jary Carter
 
ASP.Net 5 and C# 6
ASP.Net 5 and C# 6ASP.Net 5 and C# 6
ASP.Net 5 and C# 6Andy Butland
 
Spring Boot
Spring BootSpring Boot
Spring BootJiayun Zhou
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container AppsICS
 
Drupal8 for Symfony developers - Dutch PHP
Drupal8 for Symfony developers - Dutch PHPDrupal8 for Symfony developers - Dutch PHP
Drupal8 for Symfony developers - Dutch PHPAntonio Peric-Mazar
 
.NET Core, ASP.NET Core Course, Session 9
.NET Core, ASP.NET Core Course, Session 9.NET Core, ASP.NET Core Course, Session 9
.NET Core, ASP.NET Core Course, Session 9aminmesbahi
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring BootTrey Howard
 
Speed up your Web applications with HTML5 WebSockets
Speed up your Web applications with HTML5 WebSocketsSpeed up your Web applications with HTML5 WebSockets
Speed up your Web applications with HTML5 WebSocketsYakov Fain
 
ASP.NET Web API O to 100
ASP.NET Web API O to 100ASP.NET Web API O to 100
ASP.NET Web API O to 100Himanshu Desai
 
Reflection in Pharo: Beyond Smalltak
Reflection in Pharo: Beyond SmalltakReflection in Pharo: Beyond Smalltak
Reflection in Pharo: Beyond SmalltakMarcus Denker
 
Building a REST Service in minutes with Spring Boot
Building a REST Service in minutes with Spring BootBuilding a REST Service in minutes with Spring Boot
Building a REST Service in minutes with Spring BootOmri Spector
 
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...seleniumconf
 
Declarative Services Dependency Injection OSGi style
Declarative Services Dependency Injection OSGi styleDeclarative Services Dependency Injection OSGi style
Declarative Services Dependency Injection OSGi styleFelix Meschberger
 
Java EE revisits design patterns
Java EE revisits design patterns Java EE revisits design patterns
Java EE revisits design patterns Alex Theedom
 
Field injection, type safe configuration, and more new goodies in Declarative...
Field injection, type safe configuration, and more new goodies in Declarative...Field injection, type safe configuration, and more new goodies in Declarative...
Field injection, type safe configuration, and more new goodies in Declarative...bjhargrave
 
.NET Core, ASP.NET Core Course, Session 17
.NET Core, ASP.NET Core Course, Session 17.NET Core, ASP.NET Core Course, Session 17
.NET Core, ASP.NET Core Course, Session 17aminmesbahi
 
Variables in Pharo5
Variables in Pharo5Variables in Pharo5
Variables in Pharo5Marcus Denker
 
WebAPI::DBIC - Automated RESTful API's
WebAPI::DBIC - Automated RESTful API'sWebAPI::DBIC - Automated RESTful API's
WebAPI::DBIC - Automated RESTful API'sMichael Francis
 
Da DotNet a DotNetCore
Da DotNet a DotNetCoreDa DotNet a DotNetCore
Da DotNet a DotNetCoreRaffaele Rialdi
 

Más contenido relacionado

La actualidad más candente

SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra
SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra
SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra Sencha
 
ASP.NET MVC 4 Request Pipeline Internals
ASP.NET MVC 4 Request Pipeline InternalsASP.NET MVC 4 Request Pipeline Internals
ASP.NET MVC 4 Request Pipeline InternalsLukasz Lysik
 
The Many Ways to Test Your React App
The Many Ways to Test Your React AppThe Many Ways to Test Your React App
The Many Ways to Test Your React AppAll Things Open
 
OroCRM Technology Webinar May 28, 2014
OroCRM Technology Webinar May 28, 2014OroCRM Technology Webinar May 28, 2014
OroCRM Technology Webinar May 28, 2014Jary Carter
 
ASP.Net 5 and C# 6
ASP.Net 5 and C# 6ASP.Net 5 and C# 6
ASP.Net 5 and C# 6Andy Butland
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container AppsICS
 
Drupal8 for Symfony developers - Dutch PHP
Drupal8 for Symfony developers - Dutch PHPDrupal8 for Symfony developers - Dutch PHP
Drupal8 for Symfony developers - Dutch PHPAntonio Peric-Mazar
 
.NET Core, ASP.NET Core Course, Session 9
.NET Core, ASP.NET Core Course, Session 9.NET Core, ASP.NET Core Course, Session 9
.NET Core, ASP.NET Core Course, Session 9aminmesbahi
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring BootTrey Howard
 
Speed up your Web applications with HTML5 WebSockets
Speed up your Web applications with HTML5 WebSocketsSpeed up your Web applications with HTML5 WebSockets
Speed up your Web applications with HTML5 WebSocketsYakov Fain
 
ASP.NET Web API O to 100
ASP.NET Web API O to 100ASP.NET Web API O to 100
ASP.NET Web API O to 100Himanshu Desai
 
Reflection in Pharo: Beyond Smalltak
Reflection in Pharo: Beyond SmalltakReflection in Pharo: Beyond Smalltak
Reflection in Pharo: Beyond SmalltakMarcus Denker
 
Building a REST Service in minutes with Spring Boot
Building a REST Service in minutes with Spring BootBuilding a REST Service in minutes with Spring Boot
Building a REST Service in minutes with Spring BootOmri Spector
 
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...seleniumconf
 
Declarative Services Dependency Injection OSGi style
Declarative Services Dependency Injection OSGi styleDeclarative Services Dependency Injection OSGi style
Declarative Services Dependency Injection OSGi styleFelix Meschberger
 
Java EE revisits design patterns
Java EE revisits design patterns Java EE revisits design patterns
Java EE revisits design patterns Alex Theedom
 
Field injection, type safe configuration, and more new goodies in Declarative...
Field injection, type safe configuration, and more new goodies in Declarative...Field injection, type safe configuration, and more new goodies in Declarative...
Field injection, type safe configuration, and more new goodies in Declarative...bjhargrave
 
.NET Core, ASP.NET Core Course, Session 17
.NET Core, ASP.NET Core Course, Session 17.NET Core, ASP.NET Core Course, Session 17
.NET Core, ASP.NET Core Course, Session 17aminmesbahi
 

La actualidad más candente (20)

SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra
SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra
SenchaCon 2016: Learn the Top 10 Best ES2015 Features - Lee Boonstra
 
ASP.NET MVC 4 Request Pipeline Internals
ASP.NET MVC 4 Request Pipeline InternalsASP.NET MVC 4 Request Pipeline Internals
ASP.NET MVC 4 Request Pipeline Internals
 
The Many Ways to Test Your React App
The Many Ways to Test Your React AppThe Many Ways to Test Your React App
The Many Ways to Test Your React App
 
OroCRM Technology Webinar May 28, 2014
OroCRM Technology Webinar May 28, 2014OroCRM Technology Webinar May 28, 2014
OroCRM Technology Webinar May 28, 2014
 
ASP.Net 5 and C# 6
ASP.Net 5 and C# 6ASP.Net 5 and C# 6
ASP.Net 5 and C# 6
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
Azure Container Apps
Azure Container AppsAzure Container Apps
Azure Container Apps
 
Drupal8 for Symfony developers - Dutch PHP
Drupal8 for Symfony developers - Dutch PHPDrupal8 for Symfony developers - Dutch PHP
Drupal8 for Symfony developers - Dutch PHP
 
.NET Core, ASP.NET Core Course, Session 9
.NET Core, ASP.NET Core Course, Session 9.NET Core, ASP.NET Core Course, Session 9
.NET Core, ASP.NET Core Course, Session 9
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
 
Speed up your Web applications with HTML5 WebSockets
Speed up your Web applications with HTML5 WebSocketsSpeed up your Web applications with HTML5 WebSockets
Speed up your Web applications with HTML5 WebSockets
 
ASP.NET Web API O to 100
ASP.NET Web API O to 100ASP.NET Web API O to 100
ASP.NET Web API O to 100
 
Reflection in Pharo: Beyond Smalltak
Reflection in Pharo: Beyond SmalltakReflection in Pharo: Beyond Smalltak
Reflection in Pharo: Beyond Smalltak
 
Building a REST Service in minutes with Spring Boot
Building a REST Service in minutes with Spring BootBuilding a REST Service in minutes with Spring Boot
Building a REST Service in minutes with Spring Boot
 
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...
Testing Rapidly Changing Applications With Self-Testing Object-Oriented Selen...
 
Declarative Services Dependency Injection OSGi style
Declarative Services Dependency Injection OSGi styleDeclarative Services Dependency Injection OSGi style
Declarative Services Dependency Injection OSGi style
 
Java EE revisits design patterns
Java EE revisits design patterns Java EE revisits design patterns
Java EE revisits design patterns
 
Field injection, type safe configuration, and more new goodies in Declarative...
Field injection, type safe configuration, and more new goodies in Declarative...Field injection, type safe configuration, and more new goodies in Declarative...
Field injection, type safe configuration, and more new goodies in Declarative...
 
.NET Core, ASP.NET Core Course, Session 17
.NET Core, ASP.NET Core Course, Session 17.NET Core, ASP.NET Core Course, Session 17
.NET Core, ASP.NET Core Course, Session 17
 
Variables in Pharo5
Variables in Pharo5Variables in Pharo5
Variables in Pharo5
 

Destacado

WebAPI::DBIC - Automated RESTful API's
WebAPI::DBIC - Automated RESTful API'sWebAPI::DBIC - Automated RESTful API's
WebAPI::DBIC - Automated RESTful API'sMichael Francis
 
Ross Boucher - Quality Control: Testing and debugging your apps
Ross Boucher - Quality Control: Testing and debugging your appsRoss Boucher - Quality Control: Testing and debugging your apps
Ross Boucher - Quality Control: Testing and debugging your appsWeb Directions
 
ASP.Net WebAPI經驗分享
ASP.Net WebAPI經驗分享ASP.Net WebAPI經驗分享
ASP.Net WebAPI經驗分享國昭 張
 
Modern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and MonitoringModern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and MonitoringNeil Mansilla
 
web apiで遊び倒す
web apiで遊び倒すweb apiで遊び倒す
web apiで遊び倒すKeiichi Daiba
 

Destacado (8)

WebAPI::DBIC - Automated RESTful API's
WebAPI::DBIC - Automated RESTful API'sWebAPI::DBIC - Automated RESTful API's
WebAPI::DBIC - Automated RESTful API's
 
Da DotNet a DotNetCore
Da DotNet a DotNetCoreDa DotNet a DotNetCore
Da DotNet a DotNetCore
 
Ross Boucher - Quality Control: Testing and debugging your apps
Ross Boucher - Quality Control: Testing and debugging your appsRoss Boucher - Quality Control: Testing and debugging your apps
Ross Boucher - Quality Control: Testing and debugging your apps
 
ASP.Net WebAPI經驗分享
ASP.Net WebAPI經驗分享ASP.Net WebAPI經驗分享
ASP.Net WebAPI經驗分享
 
Modern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and MonitoringModern Tools for API Testing, Debugging and Monitoring
Modern Tools for API Testing, Debugging and Monitoring
 
web apiで遊び倒す
web apiで遊び倒すweb apiで遊び倒す
web apiで遊び倒す
 
Presentation on operating system
Presentation on operating system Presentation on operating system
Presentation on operating system
 
CPU Scheduling Algorithms
CPU Scheduling AlgorithmsCPU Scheduling Algorithms
CPU Scheduling Algorithms
 

Similar a How to get full power from WebApi

Advance java session 17
Advance java session 17Advance java session 17
Advance java session 17Smita B Kumar
 
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...WordCamp Sydney
 
ASP.NET MVC 2.0
ASP.NET MVC 2.0ASP.NET MVC 2.0
ASP.NET MVC 2.0Buu Nguyen
 
Enjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web APIEnjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web APIKevin Hazzard
 
API Check Overview - Rigor Monitoring
API Check Overview - Rigor MonitoringAPI Check Overview - Rigor Monitoring
API Check Overview - Rigor MonitoringAnthony Ferrari
 
API Testing with Open Source Code and Cucumber
API Testing with Open Source Code and CucumberAPI Testing with Open Source Code and Cucumber
API Testing with Open Source Code and CucumberSmartBear
 
Sling Component Filters in CQ5
Sling Component Filters in CQ5 Sling Component Filters in CQ5
Sling Component Filters in CQ5 connectwebex
 
Java Servlets.pdf
Java Servlets.pdfJava Servlets.pdf
Java Servlets.pdfArumugam90
 
J2EE : Java servlet and its types, environment
J2EE : Java servlet and its types, environmentJ2EE : Java servlet and its types, environment
J2EE : Java servlet and its types, environmentjoearunraja2
 
Servletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postServletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postvamsitricks
 
Servletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postServletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postvamsi krishna
 
Servletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postServletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postvamsitricks
 
Servlet.ppt
Servlet.pptServlet.ppt
Servlet.pptkstalin2
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 9...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 9... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 9...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 9...WebStackAcademy
 

Similar a How to get full power from WebApi (20)

Advance java session 17
Advance java session 17Advance java session 17
Advance java session 17
 
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
Stop Hacking WordPress, Start Working with it - Charly Leetham - WordCamp Syd...
 
ASP.NET MVC 2.0
ASP.NET MVC 2.0ASP.NET MVC 2.0
ASP.NET MVC 2.0
 
Enjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web APIEnjoying the Move from WCF to the Web API
Enjoying the Move from WCF to the Web API
 
Filter
FilterFilter
Filter
 
Filter
FilterFilter
Filter
 
API Check Overview - Rigor Monitoring
API Check Overview - Rigor MonitoringAPI Check Overview - Rigor Monitoring
API Check Overview - Rigor Monitoring
 
API Testing with Open Source Code and Cucumber
API Testing with Open Source Code and CucumberAPI Testing with Open Source Code and Cucumber
API Testing with Open Source Code and Cucumber
 
Sling Component Filters in CQ5
Sling Component Filters in CQ5 Sling Component Filters in CQ5
Sling Component Filters in CQ5
 
Java Servlets.pdf
Java Servlets.pdfJava Servlets.pdf
Java Servlets.pdf
 
J2EE : Java servlet and its types, environment
J2EE : Java servlet and its types, environmentJ2EE : Java servlet and its types, environment
J2EE : Java servlet and its types, environment
 
Servletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postServletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,post
 
Making the most out of CakePHP 2.2
Making the most out of CakePHP 2.2Making the most out of CakePHP 2.2
Making the most out of CakePHP 2.2
 
Servletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postServletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,post
 
Servletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,postServletarchitecture,lifecycle,get,post
Servletarchitecture,lifecycle,get,post
 
Servlet.ppt
Servlet.pptServlet.ppt
Servlet.ppt
 
Servlet.ppt
Servlet.pptServlet.ppt
Servlet.ppt
 
Servlet1.ppt
Servlet1.pptServlet1.ppt
Servlet1.ppt
 
Servlets
ServletsServlets
Servlets
 
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 9...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 9... Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 9...
Web Component Development Using Servlet & JSP Technologies (EE6) - Chapter 9...
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Último (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

How to get full power from WebApi

  • 1. How to get full power from WebApi Raffaele Rialdi @raffaeler http://iamraf.net
  • 2. Thanks to the sponsors
  • 3. What is WebApi in one slide • A library to create HTTP services – HTTP is highly scalable (disconnect, cloud, …) • Designed to create REST services – WebApi does not automatically imply REST – Use HTTP as an application (not a transport) protocol • Fits in heterogeneous device/OS scenarios – Avoid typical SOAP versioning problems – It's highly pluggable • Leverages the Asp.net MVC 4 model
  • 4. WebApi is flexible • oData is a work-in progress – look at nightly builds, avoid current pre-release • Can be Self-Hosted outside IIS and MVC4 – Easy way for inter-AppDomain or inter-Process – Console example: var config = new HttpSelfHostConfiguration("http://localhost:8000"); config.Routes.MapHttpRoute("API Default", "api/{controller}/{id}", new { id = RouteParameter.Optional }); using (HttpSelfHostServer server = new HttpSelfHostServer(config)) { server.OpenAsync().Wait(); Console.WriteLine("Press any key to exit"); Console.ReadKey(); }
  • 6. Routing to a Controller Request controller • Use the standard MVC Routes – extract Controller, Action and parameters • Controller selection under the hood – IHttpControllerSelector.SelectController • HttpRequestMessage  HttpControllerDescriptor • Plug-in Controllers using IDependencyResolver – Nuget has a lot of ready to use IoC containers
  • 7. Selecting an Action Request controller action • The easiest way is to modify the default Route config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); config.Routes.MapHttpRoute( name: "DefaultApi2", routeTemplate: "api/{controller}/{action}/{x}/{y}" ); • Can use [ActionName("myaction")] – override the method name as the action name • Can use [NonAction] – exclude a method from being an action
  • 8. Selecting an Action by code Request controller action • Derive ApiControllerActionSelector Use case: – override SelectAction Versioning! • Implement IHttpActionSelector – Implement SelectAction – Obtain the previous selector in ctor – Call previous selector • In SelectAction method: – in: HttpControllerContext – out: HttpActionDescription
  • 9. Authorization filter Request controller action authoriz. I’ll play with Claims • [Authorize] is Role oriented • Derive AuthorizeAttribute to go Claim oriented • [AllowAnonymous] is self-explanatory • Starting from Fx4.5 new universal base classes – ClaimsPrincipal for every Principal – ClaimsIdentity for every Identity IPrincipal client = Thread.CurrentPrincipal; ClaimsPrincipal principal = Thread.CurrentPrincipal as ClaimsPrincipal; ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
  • 10. Security considerations • WebApi authorization model is not built-in – AuthorizationFilters / MessageHandlers are used to plugin the desired mechanism – Per-route handlers gives finer control • Use Filters/Handlers to add/modify claims
  • 11. Model Bind Request controller action authoriz. binding • IValueProvider (Bind3 example) – useful to populate an action parameter – Require a ValueProviderFactory (applied via attribute) • HttpParameterBinding (Bind4 example) – Associate a type to a provider • IActionValueBinder (Bind5 example) – Associate an HttpActionDescription to a provider • DefaultActionValueBinder (Bind6 example) – Intercept default provider • IModelBinder (Bind7 example) – Execute the binding. Must provide the value
  • 12. Action Filters action Request controller action authoriz. binding filter • Called before and after the action execution Use case: • Implement IActionFilter validation & auditing! or better…. • Derive ActionFilterAttribute – OnActionExecuting – OnActionExecuted
  • 13. Target was reached! action invoke Request controller action authoriz. binding filter action • In the action we have different options: – return an entity that will be embedded in a response – build and return the HttpResponseMessage • Can be an error (no exceptions imply better performances) or – throw a CLR exception (a filter will convert it in a msg) – throw an HttpResponseException • returns the HTTP status code of your choice • it's a full response (specify Content, Headers, ReasonPhrase)
  • 14. HttpError • Nice way to create the error message – Errors flow in the same way of the content – Keys/Values can be added for additional infos var msg = string.Format("Product with id = {0} not found", id); HttpError err = new HttpError(msg); return Request.CreateResponse(HttpStatusCode.NotFound, err); var msg = string.Format("Product with id = {0} not found", id); return Request.CreateErrorResponse(HttpStatusCode.NotFound, msg); HTTP/1.1 404 Not Found Content-Type: application/json; charset=utf-8 Date: Thu, 09 Aug 2012 23:27:18 GMT Content-Length: 51 { "Message": "Product with id = 12 not found" }
  • 15. Action filter action invoke filter action • Same filter of the request • OnActionExecuted
  • 16. Exception Filters exception action invoke filter filter action • Do not use MVC [HandleError] • Transform CLR exceptions in HTTP messages • Implement IExceptionFilter or better derive ExceptionFilterAttribute • Mark actions with the attribute or • Change the global configuration – GlobalConfiguration.Configuration.Filters.Add(new MyNamespace.NotImplExceptionFilterAttribute());
  • 17. Formatting data for the output exception action invoke Response formatting action filter filter • MediaTypeFormatter is the abstract base class to serialize entities in whatever format • Built-in formatters: – Json.net and Xml formatter are built-in – bson and many others on nuget – your own just deriving this class • The correct formatter is picked up upon "http content negotiation"
  • 19. Message Handlers Request custom Http Http HttpServer Message Routing Controller Controller Response Handler Dispatcher Dispatcher • Message Handlers works at the beginning of the pipeline – They can use the message and pass it over – Or can "short-circuit" to the response (early validation) • MH still don't know the controller, action, etc. • Every endpoint has different MH instances • Typical usage: – Early validation of the message / headers (security keys) – Packet inspection
  • 20. Wrap up • Webapi = extreme pluggability • Just follow the request – Before or later it will become a response  Questions?
  • 21. Please rate this session Scan the code, go online, rate this session

Notas del editor

  1. high perf