locked
Using ASP.MVC with ASP.NET Web API RRS feed

  • Question

  • User-584397130 posted
    I'm pretty familiar with both technologies and understand the concepts of both.
     
    In MVC we create a web application and add some logic behind it using the controllers and actions, along with the models and view.
    The user requests a controller, either to read, write, update, and delete, and all that is being communicated to the user and from him
    using the views.
     
    In Web API we do pretty much the same, just without using views.
    In Web API the user requests a controller, and receives some data from the server in a specific format JSON/XML.
     
    There is a distinct difference between MVC Controllers and API Controllers as we create them separately and define them
    differently.
     
    Both technologies allow authentication and registration using HTTP attributes like [Authenticate] to enable or disable
    authentication, and both technologies allow us to access data in databases using EntityFramework or in any other way
    to implement "CRUD" actions.
     
    Its all nice and pretty easy to implement when done seperate.
    A lot of questions rise up when trying to use both together.
     
    Obviously an API is meant to serve other applications over the web and is more
    of a backend service to some frontend applications.
    So a good practice to design a website to my understanding would be to create an ASP.NET MVC Web Application
    that will be the website itself and the UI gate for the users and another backend ASP.NET Web API Service that
    will manage, and relay all data to the MVC application.
     
    There are many different ways to do it, like: 
    1. Creating a main ASP.NET MVC Web Applcation without a Web API and letting the controllers in the MVC application handle all
    communication with the database, and just authenticate once through the MVC application. (1 Application)
     
    2. Creating a main ASP.NET MVC Web Applcation and adding 2 controllers for each module, for example: (1 Application,1 Project,1 Solution)
     
    MVC Controller
    http://localhost:50219/Employees/1
     
    API Controller
    http://localhost:50219/api/Employees/1
     
    3. doing the same like in 2, but the opposite, creating a Web API application and again
     adding 2 controllers like in step 2. (1 Application,1 Project,1 Solution)
     
    4. This is the confusing case, when creating 2 separate projects under the same solution
    which to me seems like the best practice in terms of separation etc.
     
    My questions come up when i want to create a website in MVC architecture and also have a backend Web API Service for this
    website using REST API.
     
    I'm able to create these 2 projects and implement everything nicely including Cross Origin Resource Sharing
    since the MVC application is consuming the Web API service which is in charge of all the data in the system
    and is under a different domain.
     
    In this case, my question are:
     
    1. Where authentication should be implemented, i mean there is an obvious need to authenticate at the API
    to make sure onlt authenticated users are accessing the service, but does that mean i don't have to 
    authenticate at the MVC application? like when a user logs in at the MVC UI, he is actually using a 
    request to the API and when logged in is being redirected to the page he requested.
    Should i authenticate twice?
     
    2. A common way to display a list of employees or anything else in the frontend UI or web page
    is by using Ajax and javascript, and requesting the data from the Web API using a web request
    and later using the result JSON to populate some containers in the MVC view.
    Does that mean that there is no logic in the controllers in the MVC application? since
    we anyway make reuests to the service in the view using Ajax.
    And if so, why do we need the backend side of the MVC controllers like validating model
    and returning a friendly "OK" or "Not Found" messages? if everything somes from the Web API anyway?
     
    3. When loading a simple employees list to a web page should we use ajax and 
    populate HTML elements using javascript? or use the MVC controller action to call the 
    web service using HTTP request and then populating the "ViewBag" or "ViewData" with the 
    list of employees and later using Razor "@" symbol to loop through the list in the "ViewBag"?
     
    4. On the same note, if the Web API application which is located in another domain is serving 
    all the data to the MVC Web Application why do we need the "ViewBag" in the MVC controllers 
    if everything is coming from the server using Ajax in the frotend?
     
    5. When requesting a specific employee page from an MVC application we obviously want
     to route to the right controller to get its specific view, but what is the right practice
    for doing that if we use 2 separate applications?
     
      
    MVC Controller
    http://localhost:50219/Employees/1
     
    API Controller
    http://localhost:50109/api/Employees/1
     
    and again in either way we use, because there are a few ways to achieve that, what is the 
    best practice, in terms of design, reliability, security?
    And why one is better over the other? 
     
    Main Quesion: Why do we need both frontend Ajax and also backend MVC controllers to retrieve or save
    data to and from a database in case of a Web API service, serving an MVC application?
     
    Thanks.
     
     
     
     
     
     
     
     
     
     
     
     
     
    Sunday, March 31, 2019 9:53 PM

All replies

  • User283571144 posted

    Hi Maor.Busk,

    1. Where authentication should be implemented, i mean there is an obvious need to authenticate at the API</div> <div>to make sure onlt authenticated users are accessing the service, but does that mean i don't have to authenticate at the MVC application? like when a user logs in at the MVC UI, he is actually using a request to the API and when logged in is being redirected to the page he requested. Should i authenticate twice?

    In my opinion, this is according to your web application architecture. 

    Normally, we will have two authentication , one for MVC and another for web api. We will not let user authenticate twice in the web application. We could get the user credential or use application level credential to access the web api.

     A common way to display a list of employees or anything else in the frontend UI or web page is by using Ajax and javascript, and requesting the data from the Web API using a web request and later using the result JSON to populate some containers in the MVC view. Does that mean that there is no logic in the controllers in the MVC application? since we anyway make reuests to the service in the view using Ajax. And if so, why do we need the backend side of the MVC controllers like validating model and returning a friendly "OK" or "Not Found" messages? if everything somes from the Web API anyway? 

    You could also get the data from web api in MVC controller. By using MVC controller we could use MVC razor engin and controller feature to build the web application more eaisly.

    Why do we need both frontend Ajax and also backend MVC controllers to retrieve or savedata to and from a database in case of a Web API service, serving an MVC application? 

    This is also according to your web application architecture. You could get the data by using ajax or using controller.

    Normally, the reason why we use web api is the web api will be a data center which allow multiple forent-end application to get the data. Like Angular application , win form application, or something else. Your MVC project is also some part of the froent-end application. 

    Best Regards,

    Brando

    Monday, April 1, 2019 6:30 AM