Develop ASP.Net Core Web API with View page, Search and Authorization for API user RRS feed

  • Question

  • User1242168447 posted

    Hi I'm new to ASP.Net Core Web API on its own (Web API template) and need some help please.

    I need to Develop ASP.Net Core Web API with View page (see UI below), Search and Authorization for API user.

    I had a requirement last month to develop an ASP.Net Core API for managing Vehicle fleet for a local company while I was working on a different ASP.Net Core MVC project.

    I didn't even start, I was still thinking and analyzing what to do... then the manager realized that I was still working on another project and took that requirement and gave it to another team... so I was a bit lucky !!!

    Now I decide to double check on internet how to achieve that even though I'm not working on that any more... but I just want to know how to develop that ASP.Net Core Web API requirement, if the same requirement comes again another day.

    I know how to expose a web API from an ASP.NET Core MVC App, I mean add an API controller into an ASP.Net MVC Core project... I used to do that several times before.

    So I've never seen a web API with a view within it...  I know one can create a ASP.Net Core MVC app to consume a webapi and display data in a view... 
    but displaying data in a web api app in its view page as seen in that layout requirement, I've never seen that... so that's the thing that made me confused.

    Please I just need a general idea (big picture) of what to do... or you can walk me through how to achieve each of the requirement and explain me.

    API UI /Reference Layout

    Thursday, April 22, 2021 11:27 AM


All replies

  • User1120430333 posted

    An ASP.NET MVC UI project and ASP.NET MVC WebAPI project use the same ASP.NET MVC pipeline. So an ASP.NET MVC  WebAPI project can have views and controllers for the views in it as well. The below tutorial is an ASP.NET  WebAPI project that has views and controllers for the views along with WebAPI controllers for CRUD with the database. I don't see where where the tutorial wouldn't work for ASP.NET Core.

    Using Web API 2 with Entity Framework 6 | Microsoft Docs

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, April 22, 2021 3:34 PM
  • User1242168447 posted

    Thank you so much user DA924.

    But the tutorial does not explain how to add Authorization for an API user, and add API search.

    Can you please show me how to do it ?

    Friday, April 23, 2021 9:54 AM
  • User475983607 posted

    There are many different authentication/authorization approaches.  The details are covered in the official documentation.  



    Searching/filtering is a fundamental covered in any beginning level tutorials,


    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Friday, April 23, 2021 10:45 AM
  • User1242168447 posted

    Thanks user mgebhard

    The link you provided explain user authorization for ASP.Net Core, but I'm looking for user Authorization for ASP.Net Core Web API.

    I mean an Authorization for an API user.

    Friday, April 23, 2021 2:21 PM
  • User475983607 posted


    The link you provided explain user authorization for ASP.Net Core, but I'm looking for user Authorization for ASP.Net Core Web API.

    You are a bit confused... The links are for ASP.NET Core Web API.  There is a lot to read, look to the index menu on the left.  

    I mean an Authorization for an API user.

    What is an API user in your application?  

    Friday, April 23, 2021 2:27 PM
  • User1242168447 posted


    I mean an Authorization for an API user.

    What is an API user in your application?  

    For me, an API user is the person who can perform any action (CRUD) on the API data.

    Not sure if I'm right. What is your definition of API user then?

    Friday, April 23, 2021 4:47 PM
  • User475983607 posted

    A user can be an another system, code, or a person.   The first step is figuring out the clients in your application and picking a security strategy that works for your requirements.  It seems you are unsure how your security is supposed to work and why I shared the authorization links.

    A typical situation is a person using a browser (user-agent) logs in.   This gives the user-agent access to the web application.  If the web application is gets data from Web API then either the Web API knows the web application and allows the web application to call Web API actions.  Another situation could be the Web API expects a bearer token. 

    Friday, April 23, 2021 5:17 PM
  • User1242168447 posted

    There's another Authentication/Authorization for the whole App as seen in the below picture.

    Not sure, if it's the same with the one for the API user.

    link to image

    Friday, April 23, 2021 5:20 PM
  • User1242168447 posted

    Thanks. Now I understand.

    In this situation, with the above UI (The one on my first post) on my hands, what could be the clients??

    For me I think the clients are the persons who are using a browser (user-agent) as you quoted.

    Because there's also a search, and button so that the user can click on "Complete" button. (Please see my first post)

    So with that in mind, so I don't need to implement a JWT Token system... I think I just need to implement the entire system registration/authentication as seen in the below picture.

    link to image

    Please let me know if I'm wrong.

    Friday, April 23, 2021 5:36 PM
  • User475983607 posted

    You misunderstand a few fundamentals which is causing you to make assumptions.  Web applications have a UI (HTML) which is displayed in a browser.   Web API does not have a UI and is NOT displayed a browser.  Code typically makes requests to Web API.  

    Web applications use an authentication cookie to store data about the user.  Browsers handle cookies transparently by setting a line in the HTTP header if the cookie has not expired.  Web API does not handle cookie by default because browser's are not directly requesting resources from Web API.  Usually the request is coming from C# (HttpClient) or JavaScript (AJAX or fetch).  One very common method for security Web API is passing a bearer token in the HTTP header.  The bearer token contains information about the client making the request.  This is explained in the linked documentation.

    Anyway, if you continued with the authentication option from the link you provided, you would have found what I explained above.  Next, the wizard asks how you wish to secure Web API by providing a few options.

    Friday, April 23, 2021 6:23 PM
  • User1242168447 posted

    I think it was my mistake.

    The requirement said "Use that UI/Layout" as reference...   and NOT develop the web api with that UI design.  

    Now I got it !!!

    I think they didn't tell me to develop an API with that UI in it... seems like they meant to just retrieve the DB Entities from that layout.

    @User mgebhard and DA924

    What should you do if you've got the same requirement stating that : Use the given UI/Layout as reference.

    Are you going to develop a Web API with with that View in it  or  you're just going to retrieve the web api entities from the ui/layout ??

    I'm asking cause I'm not native english;  I had not understood that properly !!!

    What should you do, if that above requirement from my first post was given to you?

    Friday, April 23, 2021 8:35 PM
  • User475983607 posted

    There are a lot of ways to solve this problem.   I'm pretty sure the person asking you to solve this problem is interested in your solution not an anonymous person on a support forum. 

    With that being said, it depends.  A lot of us are forced to build 3-tier applications due to security policies.  All our applications have an application server (Web API).  We have no idea how your organization works.

    The best approach is building an API to handler the database interactions, searching, filtering, editing, etc.  This is also called a data access layer or a service in .NET 5.  You can put the API behind Web API or a Web Application once you figure out the details.

    Authentication/Authorization is another standard application feature.  .NET 5 comes with Identity which is an API with everything needed to manage user accounts.   The user accounts can be behind Web API, Web Application, or a remote Identity service.  

    Lastly, the layout is just how the application should look.  We don't know if you have a picture or HTML, CSS, and JS files.

    The main problem is you are asking the community how to design and build an application that requires the entire .NET stack.  That's just too much.  You should go through a few beginning level tutorials to learn the basics.

    Friday, April 23, 2021 9:19 PM