I am trying to understand how would I let other applications consume an API. It's my understanding that once I create a Web API then the other applications can use it to query customer data using it's different methods. The part I am confused about
is, once an API is created, how does it become a URL so people can use it's methods? Do they have to generate Keys to access my Web API, how do I make sure only authorized users can use the Web API?
Do I have to involve network admins in this process? If someone has a documentation or can point me to a video it will be great.
The client program would use HTTPclinet() to access the WebAPI's methods. In the code example, the client, which is a MVC solution, is calling methods on the WebAPI for CRUD operations with the backend database that is using ADO.NET Entity Framework
The DTO pattern is being used to pass data between client and service, which are kept in a classlib project called Entities, and all projects that need to know about the DTO(s) have reference to the Entities project..
using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Text;
using Entities;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
namespace ProgMgmntCore2UserIdentity.WebApi
{
public class WebApi : IWebApi
{
#region ProjectApi
public List<DtoProject> GetProjsByUserIdApi(string userid)
{
var dtoprojects = new List<DtoProject>();
using (var client = new HttpClient())
{
var uri = new Uri("http://progmgmntcore2api.com/api/project/GetProjsByUserId?userid=" + userid);
var response = client.GetAsync(uri).Result;
if (!response.IsSuccessStatusCode)
throw new Exception(response.ToString());
var responseContent = response.Content;
var responseString = responseContent.ReadAsStringAsync().Result;
dynamic projects = JArray.Parse(responseString) as JArray;
foreach (var obj in projects)
{
DtoProject dto = obj.ToObject<DtoProject>();
dtoprojects.Add(dto);
}
}
return dtoprojects;
}
public DtoProject GetProjByIdApi(int id)
{
DtoProject dto;
using (var client = new HttpClient())
{
var uri = new Uri("http://progmgmntcore2api.com/api/project/GetProjById?id=" + id);
HttpResponseMessage getResponseMessage = client.GetAsync(uri).Result;
if (!getResponseMessage.IsSuccessStatusCode)
throw new Exception(getResponseMessage.ToString());
var responsemessage = getResponseMessage.Content.ReadAsStringAsync().Result;
dynamic project = JsonConvert.DeserializeObject(responsemessage);
dto = project.ToObject<DtoProject>();
}
return dto;
}
public void CreateProjectApi(DtoProject dto)
{
using (var client = new HttpClient { BaseAddress = new Uri("http://progmgmntcore2api.com") })
{
string serailizeddto = JsonConvert.SerializeObject(dto);
var inputMessage = new HttpRequestMessage
{
Content = new StringContent(serailizeddto, Encoding.UTF8, "application/json")
};
inputMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage message =
client.PostAsync("api/project/CreateProject", inputMessage.Content).Result;
if (!message.IsSuccessStatusCode)
throw new Exception(message.ToString());
}
}
public void UpdateProjectApi(DtoProject dto)
{
using (var client = new HttpClient { BaseAddress = new Uri("http://progmgmntcore2api.com") })
{
string serailizeddto = JsonConvert.SerializeObject(dto);
var inputMessage = new HttpRequestMessage
{
Content = new StringContent(serailizeddto, Encoding.UTF8, "application/json")
};
inputMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage message =
client.PostAsync("api/project/UpdateProject", inputMessage.Content).Result;
if (!message.IsSuccessStatusCode)
throw new Exception(message.ToString());
}
}
public void DeleteProjectApi(DtoId dto)
{
using (var client = new HttpClient { BaseAddress = new Uri("http://progmgmntcore2api.com") })
{
string serailizeddto = JsonConvert.SerializeObject(dto);
var inputMessage = new HttpRequestMessage
{
Content = new StringContent(serailizeddto, Encoding.UTF8, "application/json")
};
inputMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
HttpResponseMessage message =
client.PostAsync("api/project/DeleteProject", inputMessage.Content).Result;
if (!message.IsSuccessStatusCode)
throw new Exception(message.ToString());
}
}
#endregion
}
}
using System.Collections.Generic;
using DAL;
using Entities;
using Microsoft.AspNetCore.Mvc;
namespace ProgMgmntCore2Api.Controllers
{
[Produces("application/json")]
[Route("api/[controller]")]
[ApiController]
public class ProjectController : ControllerBase, IProjectController
{
private readonly IDaoProject _daoProject;
public ProjectController(IDaoProject daoProject)
{
_daoProject = daoProject;
}
[HttpGet]
[Route("GetProjById")]
public DtoProject GetProjectById(int id)
{
return _daoProject.GetProjectById(id);
}
[HttpGet]
[Route("GetProjsByUserId")]
public List<DtoProject> GetProjectsByUserId(string userid)
{
return _daoProject.GetProjectsByUserId(userid);
}
[HttpPost]
[Route("CreateProject")]
public void Post_CreateProject(DtoProject dto)
{
_daoProject.CreateProject(dto);
}
[HttpPost]
[Route("DeleteProject")]
public void Post_DeleteProject(DtoId dto)
{
_daoProject.DeleteProject(dto.Id);
}
[HttpPost]
[Route("UpdateProject")]
public void Post_UpdateProject(DtoProject dto)
{
_daoProject.UpdateProject(dto);
}
}
}
If you find the post has answered your issue, then please mark post as 'answered'.
Do I have to involve network admins in this process?
You may need to involve network admins when you deploy your Web API(Provide external access in a secure situation).
Best Regards,
Yong Lu
.NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.
Member
143 Points
308 Posts
Web API question
Feb 19, 2019 02:17 PM|johnzee|LINK
Hello,
I am trying to understand how would I let other applications consume an API. It's my understanding that once I create a Web API then the other applications can use it to query customer data using it's different methods. The part I am confused about is, once an API is created, how does it become a URL so people can use it's methods? Do they have to generate Keys to access my Web API, how do I make sure only authorized users can use the Web API?
Do I have to involve network admins in this process? If someone has a documentation or can point me to a video it will be great.
Thanks
Contributor
4923 Points
4198 Posts
Re: Web API question
Feb 19, 2019 06:45 PM|DA924|LINK
The client program would use HTTPclinet() to access the WebAPI's methods. In the code example, the client, which is a MVC solution, is calling methods on the WebAPI for CRUD operations with the backend database that is using ADO.NET Entity Framework
The DTO pattern is being used to pass data between client and service, which are kept in a classlib project called Entities, and all projects that need to know about the DTO(s) have reference to the Entities project..
https://en.wikipedia.org/wiki/Data_transfer_object
https://www.codeproject.com/Articles/1050468/Data-Transfer-Object-Design-Pattern-in-Csharp
https://docs.microsoft.com/en-us/aspnet/web-api/overview/data/using-web-api-with-entity-framework/part-5
using System; using System.Collections.Generic; using System.Net.Http; using System.Net.Http.Headers; using System.Text; using Entities; using Newtonsoft.Json; using Newtonsoft.Json.Linq; namespace ProgMgmntCore2UserIdentity.WebApi { public class WebApi : IWebApi { #region ProjectApi public List<DtoProject> GetProjsByUserIdApi(string userid) { var dtoprojects = new List<DtoProject>(); using (var client = new HttpClient()) { var uri = new Uri("http://progmgmntcore2api.com/api/project/GetProjsByUserId?userid=" + userid); var response = client.GetAsync(uri).Result; if (!response.IsSuccessStatusCode) throw new Exception(response.ToString()); var responseContent = response.Content; var responseString = responseContent.ReadAsStringAsync().Result; dynamic projects = JArray.Parse(responseString) as JArray; foreach (var obj in projects) { DtoProject dto = obj.ToObject<DtoProject>(); dtoprojects.Add(dto); } } return dtoprojects; } public DtoProject GetProjByIdApi(int id) { DtoProject dto; using (var client = new HttpClient()) { var uri = new Uri("http://progmgmntcore2api.com/api/project/GetProjById?id=" + id); HttpResponseMessage getResponseMessage = client.GetAsync(uri).Result; if (!getResponseMessage.IsSuccessStatusCode) throw new Exception(getResponseMessage.ToString()); var responsemessage = getResponseMessage.Content.ReadAsStringAsync().Result; dynamic project = JsonConvert.DeserializeObject(responsemessage); dto = project.ToObject<DtoProject>(); } return dto; } public void CreateProjectApi(DtoProject dto) { using (var client = new HttpClient { BaseAddress = new Uri("http://progmgmntcore2api.com") }) { string serailizeddto = JsonConvert.SerializeObject(dto); var inputMessage = new HttpRequestMessage { Content = new StringContent(serailizeddto, Encoding.UTF8, "application/json") }; inputMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); HttpResponseMessage message = client.PostAsync("api/project/CreateProject", inputMessage.Content).Result; if (!message.IsSuccessStatusCode) throw new Exception(message.ToString()); } } public void UpdateProjectApi(DtoProject dto) { using (var client = new HttpClient { BaseAddress = new Uri("http://progmgmntcore2api.com") }) { string serailizeddto = JsonConvert.SerializeObject(dto); var inputMessage = new HttpRequestMessage { Content = new StringContent(serailizeddto, Encoding.UTF8, "application/json") }; inputMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); HttpResponseMessage message = client.PostAsync("api/project/UpdateProject", inputMessage.Content).Result; if (!message.IsSuccessStatusCode) throw new Exception(message.ToString()); } } public void DeleteProjectApi(DtoId dto) { using (var client = new HttpClient { BaseAddress = new Uri("http://progmgmntcore2api.com") }) { string serailizeddto = JsonConvert.SerializeObject(dto); var inputMessage = new HttpRequestMessage { Content = new StringContent(serailizeddto, Encoding.UTF8, "application/json") }; inputMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); HttpResponseMessage message = client.PostAsync("api/project/DeleteProject", inputMessage.Content).Result; if (!message.IsSuccessStatusCode) throw new Exception(message.ToString()); } } #endregion } }using System.Collections.Generic; using DAL; using Entities; using Microsoft.AspNetCore.Mvc; namespace ProgMgmntCore2Api.Controllers { [Produces("application/json")] [Route("api/[controller]")] [ApiController] public class ProjectController : ControllerBase, IProjectController { private readonly IDaoProject _daoProject; public ProjectController(IDaoProject daoProject) { _daoProject = daoProject; } [HttpGet] [Route("GetProjById")] public DtoProject GetProjectById(int id) { return _daoProject.GetProjectById(id); } [HttpGet] [Route("GetProjsByUserId")] public List<DtoProject> GetProjectsByUserId(string userid) { return _daoProject.GetProjectsByUserId(userid); } [HttpPost] [Route("CreateProject")] public void Post_CreateProject(DtoProject dto) { _daoProject.CreateProject(dto); } [HttpPost] [Route("DeleteProject")] public void Post_DeleteProject(DtoId dto) { _daoProject.DeleteProject(dto.Id); } [HttpPost] [Route("UpdateProject")] public void Post_UpdateProject(DtoProject dto) { _daoProject.UpdateProject(dto); } } }Star
11464 Points
2439 Posts
Re: Web API question
Feb 20, 2019 03:00 AM|Yohann Lu|LINK
Hi johnzee,
You can deploy the WebAPI on IIS or Self-Host or Azure, then client can use httpclient to call the Web API.
How to Host ASP.Net Web API on IIS Server
https://www.c-sharpcorner.com/UploadFile/2b481f/how-to-host-Asp-Net-web-api-on-iis-server/
Use OWIN to Self-Host ASP.NET Web API
https://docs.microsoft.com/en-us/aspnet/web-api/overview/hosting-aspnet-web-api/use-owin-to-self-host-web-api
Host ASP.NET Web API 2 in an Azure Worker Role
https://docs.microsoft.com/en-us/aspnet/web-api/overview/hosting-aspnet-web-api/host-aspnet-web-api-in-an-azure-worker-role
Yes, you can Secure your Web API to make sure only authorized users can use it.
You can refer the following ways.
Security, Authentication, and Authorization in ASP.NET Web API
https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/
Secure a Web API with Individual Accounts and Local Login in ASP.NET Web API 2.2
https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/individual-accounts-in-web-api
External Authentication Services with ASP.NET Web API (C#)
https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/external-authentication-services
You may need to involve network admins when you deploy your Web API(Provide external access in a secure situation).
Best Regards,
Yong Lu