locked
Web API development RRS feed

  • Question

  • User-619898029 posted

    Hi All,

    All these years I have worked on projects which required normal web forms application, suing ADO.net. I was developing a n-tier applications where I would interact wth DB using Data layer where I had functions to call SP's and get the data whatever I needed to show. I used normal forms authentication whenever I had to Login a user to website with a username and password. 

    Now, I have project where I require an API to be developed so that it would be consumed from various other clients(mobiles and desktop browsers, other domain websites) for the data retrieval. I have researched and gone through many articles to learn before I start the development. While learning  I have come across various things like EF, token based authentciation for login, Web API2.2. 

    All these have been used along with MVC where I am still a novice in MVC. I am getting confused as to where I should start from

    1. When I think of EF, I am not having any real time hands on with EF and don't know how far it is best suited for my requirement. 

    2. All these days, for login, I used to authenticate and Authorize the user by normally sending the user credentials(in encrypted fromat) to SP and proceed further. But now I see that its not a recommended way and have come across token based authentication. But this too is majorly being implemented using MVC's and its also said that its has to implemented over HTTPS connection. Is there any other secured way of achieving the same?

    Can anyone guide me through the appropriate approach that I should use ?

    Your help is appreciated.

    Thanks,

    mds2907

    Tuesday, December 6, 2016 7:31 AM

All replies

  • User-10486210 posted

    Hi mds2907

    I was and to some extent still am very much in the same situation as you : many years of web forms experience, however no MVC nor any EF, and now I want to build a web api and I want to do it in ASP.NET Core. The best thing I did (actually just did) was to signup for 3 month free on pluralsight and there I found an incredible beginners tutorial in ASP.NET Core Web API.

    Link to pluralsight 3 month for free (look for row 3 column 2) https://my.visualstudio.com/Benefits?wt.mc_id=o~msft~vscom~devessentials-hero~mt628635&campaign=o~msft~vscom~devessentials-hero~mt628635

    Link to ASP.NET Core Web API tutorial on pluralsight : https://app.pluralsight.com/library/courses/asp-dotnet-core-api-building-first/table-of-contents

    It took me a week to go through the above pluralsight tutorial and I am now half a week in writing on my own web api and I love it.

    With regard to your second question about authentication for web api, I cannot answer, and indeed it is also something I am in need to find out myself.

    Tuesday, December 6, 2016 8:25 AM
  • User-619898029 posted

    Hi Rasmus Rummel,

    Thank you for sharing the link. I hope anybody who has experience might help us out. Meanwhile I will b going through the tutorial you shared to get some idea.

    Thanks,

    mds2907 

    Tuesday, December 6, 2016 8:55 AM
  • User1120430333 posted

    Why would using a WEB API be any different in  developing a n-tier solution using EF or just straight-up ADO.NET and SQL Command? It's not. The Web API should be calling methods on a DAL for CRUD operations using an ORM like EF or just using ADO.NET and SQL Command objects.

    The Repository or Data Access Object pattern should be used in the DAL with the Web API,  and DTO or DTO(s) should send and received by the client.  The client authentication should have been handled well before it even makes a call to the WEB API. The DAL is sitting behind the Web API,  and therefore, a generic user-id and psw can be used to logon to the database on the behalf of the client requesting CRUD operations with the database.

    You should look into the Service Layer pattern.

    https://msdn.microsoft.com/en-us/library/ee658090.aspx?f=255&MSPPError=-2147217396

    Wednesday, December 7, 2016 5:11 AM
  • User-619898029 posted

    Hi DA924,

    Thanks for the reply. I am trying to learn the best approach when we are going for WEB API development. I am looking out for some help on the same since there are lot of things on internet and its hard to decide which one I should go with since I have no idea of what will be the issues once the development keeps progressing.

    Thanks,

    mds2907

    Wednesday, December 7, 2016 6:52 AM
  • User-2057865890 posted

    i Mds2907,

    All these days, for login, I used to authenticate and Authorize the user by normally sending the user credentials(in encrypted fromat) to SP and proceed further. But now I see that its not a recommended way and have come across token based authentication. But this too is majorly being implemented using MVC's and its also said that its has to implemented over HTTPS connection. Is there any other secured way of achieving the same?

    You could refer folloiwng article to secure a web API using OAuth2 for authentication.

    Secure a Web API with Individual Accounts and Local Login in ASP.NET Web API 2.2

    https://www.asp.net/web-api/overview/security/individual-accounts-in-web-api 

    Best Regards,

    Chris

    Thursday, December 15, 2016 9:27 AM