Last post Dec 15, 2016 09:27 AM by Chris Zhao
Dec 06, 2016 07:31 AM|mds2907|LINK
All these years I have worked on projects which required normal web forms application, suing ADO.net. I was developing a n-tier applications where I would interact wth DB using Data layer where I had functions to call SP's and get the data whatever I needed
to show. I used normal forms authentication whenever I had to Login a user to website with a username and password.
Now, I have project where I require an API to be developed so that it would be consumed from various other clients(mobiles and desktop browsers, other domain websites) for the data retrieval. I have researched and gone through many articles to learn before
I start the development. While learning I have come across various things like EF, token based authentciation for login, Web API2.2.
All these have been used along with MVC where I am still a novice in MVC. I am getting confused as to where I should start from
1. When I think of EF, I am not having any real time hands on with EF and don't know how far it is best suited for my requirement.
2. All these days, for login, I used to authenticate and Authorize the user by normally sending the user credentials(in encrypted fromat) to SP and proceed further. But now I see that its not a recommended way and have come across token based authentication.
But this too is majorly being implemented using MVC's and its also said that its has to implemented over HTTPS connection. Is there any other secured way of achieving the same?
Can anyone guide me through the appropriate approach that I should use ?
Your help is appreciated.
Dec 06, 2016 08:25 AM|RRummel|LINK
I was and to some extent still am very much in the same situation as you : many years of web forms experience, however no MVC nor any EF, and now I want to build a web api and I want to do it in ASP.NET Core. The best thing I did (actually just did) was
to signup for 3 month free on pluralsight and there I found an incredible beginners tutorial in ASP.NET Core Web API.
Link to pluralsight 3 month for free (look for row 3 column 2)
Link to ASP.NET Core Web API tutorial on pluralsight :
It took me a week to go through the above pluralsight tutorial and I am now half a week in writing on my own web api and I love it.
With regard to your second question about authentication for web api, I cannot answer, and indeed it is also something I am in need to find out myself.
Dec 06, 2016 08:55 AM|mds2907|LINK
Hi Rasmus Rummel,
Thank you for sharing the link. I hope anybody who has experience might help us out. Meanwhile I will b going through the tutorial you shared to get some idea.
Dec 07, 2016 05:11 AM|DA924|LINK
Why would using a WEB API be any different in developing a n-tier solution using EF or just straight-up ADO.NET and SQL Command? It's not. The Web API should be calling methods on a DAL for CRUD operations using an ORM like EF or just using ADO.NET and
SQL Command objects.
The Repository or Data Access Object pattern should be used in the DAL with the Web API, and DTO or DTO(s) should send and received by the client. The client authentication should have been handled well before it even makes a call to the WEB API. The DAL
is sitting behind the Web API, and therefore, a generic user-id and psw can be used to logon to the database on the behalf of the client requesting CRUD operations with the database.
You should look into the Service Layer pattern.
Dec 07, 2016 06:52 AM|mds2907|LINK
Thanks for the reply. I am trying to learn the best approach when we are going for WEB API development. I am looking out for some help on the same since there are lot of things on internet and its hard to decide which one I should go with since I have no
idea of what will be the issues once the development keeps progressing.
Dec 15, 2016 09:27 AM|Chris Zhao|LINK
All these days, for login, I used to authenticate and Authorize the user by normally sending the user credentials(in encrypted fromat) to SP and proceed further. But now I see that its not a recommended way and have come across token based authentication. But
this too is majorly being implemented using MVC's and its also said that its has to implemented over HTTPS connection. Is there any other secured way of achieving the same?
You could refer folloiwng article to secure a web API using OAuth2 for authentication.
Secure a Web API with Individual Accounts and Local Login in ASP.NET Web API 2.2