I'm working on segregating the authentication part of my ASP.net MVC4 application using DotNetOAuth 2.0, Which will means that one project will do only authentication and send out response,based on response it will have access to other application.
The Idea is to get any application or project added later on use one common authentication process.
First thing came to my mind was building a service, in the process a read a lot about Web API and think it can help to achieve what I'm looking for.
Please suggest if you guys have implemented something like this or whats's the best practice.
Should i go with API or service, any link or sample to direct is appreciated
ASP.NET Web API is also a service - a RESTful service. The choice of using a "Service" although is good your underlying authentication platform will define what you should be using.
WCF is much more than a web service where as a Web API is pure HTTP service.
If you expect all your "applications" to be web based then there is no reason why this cannot be a Web API.
This article might be something that should help you decide on your authentication model: http://www.asp.net/web-api/overview/security/external-authentication-services
Related
The idea is to implement Single-sign on using the given technical stack (ASP.NET CORE WEB API, IdentityServer4, ReactJS - Front end)
ASP.NET Core Identity together with IdentityServer4 offers an extensions for Single-Sign-On (Google, Microsoft ect.) for MVC framework. However, a proper guidance is not given for a WEB API scenario.
Please provide me an example or a tutorial, which I can follow in this regard?
Thanks in advance.
*** Update ***
Would be great if an example is given for the flow of events on this scenario, as to how should the communication happen between the Front end application and the backend.
We want to use Web API for inter-operable purposes. i mean our web api can be exposed and used in different type of apps ( Asp.net mvc, php, android, windows store/phone and ios).
We are not using wcf and prefer web api. Will it be a good choice ? we just need http and https.
Please guide the best.
if you only need support http protocol yes, web api is an excellent option, web api has a lot of features that can help you to build robust http services, and yes, I mean is a good choice.
be careful when you build yours web api service, use best practices, security in your service, and think in rest architecture, not only simple web services and you will have a true rest service
If you want to read more about this (to have a good base, not the final or only way to do this), see the rest maturity model and json api.
WCF is the best way when you need to support others protocols that only http.
Regards
I am making a choice between ASP.NET Web API and WCF.
I am not quite sure about the authentication part. Could some one shed some light on the differences?
I suppose there would be no actual difference under the hood. After all, the authenticaton mechanism refers to the HTTP request level on the ASP.NET engine integrated in IIS. It should have nothing to do with whether the module responding the specific HTTP request is implemented as an ASP.NET web page, WCF or Web API endpoint.
Nevertheless, there would be some differences in modelling and perhaps in configuration. WCF models the authentication mechanism as a "WCF authentication service" while Web API uses the normal security model of ASP.NET.
Use this WCF and ASP.NET security guide and this Web API security guides as a reference.
Hope I helped!
I have an web application built using RESTful services (JAX-RS).
There are REST calls, and simple JSPs with js files to handle data.
Now I want to implement authentication and authorization in service. What I did earlier was to implement simple filter and inside each service check for #HttpRequestContext for if session has user object. Since it I want to expose service to say, external webapp, I will have to hard code system as there is no standard.
I feel this is not good design. Is there a design pattern to solve this common issue ?
I am new to ASP.NET Web API. Can anyone please tell me
Why we need Web API?
How it differs from rest full api from MVC ?
When to use MVC4 web api ?
What is restful api in MVC
WebAPI is based on MVC, but has some subtle differences. You need to understand that WebAPI is a separate thing from MVC, and does not require MVC. You can install WebAPI separately, and you can uninstall it from the default MVC templates.
It's true, MS could have built WebAPI directly into the MVC Controllers, but they chose to keep API Controllers separate from MVC Controllers because they really are different ways of dealing with requests and responses.
Examples of things you can do in WebAPI that you can't (or at least not as easily) in MVC include:
Content Negotiation
This allows the calling client to choose the format that data will be returned in, such as XML or JSON.
OData support
This allows the caller to "filter" results on the server without the service method having to specifically support it. For instance, if you want to sort the results by first name, then this can be done simply by specifying OData query parameters
WebAPI provides a lot of power for dealing with data result sets. MVC does not provide that kind of functionality.
You would tend to use WebAPI for things like Ajax requests, or web service based requests that do not require the complexity of WCF.
RESTful API's are not specific to MVC or WebAPI. They're simply a philosophy for how you design your HTTP requests in a service. There's a lot to it really, but I won't go into it.
WCF team merged at Microsoft with MVC team. WCF is not going away, but for simple RESTFUL service call, the MVC Controller were a match made in heaven, and the modification to it allowed for a very easy Web API.
While many of us feel WCF is relatively easy, there are many who fear it and/or don't have/take time to learn it, thus they a. still use ASMX, b. still never adopted services, or NOW with Web API, are c. Very excited that they can very easily get up and running with restful web services.
So really it is a matter of comfort level, adaptation, ability to change and the Web API does have its place. It cannot replace WCF as WCF has advanced configurations with all the bindings and ability to do SOAP and not just REST, which many applications still NEED to have SOAP protocol.
MVC is optimized to serve information to a web browser client. If your client is something else, Web API will make your life easier over the long term.
Web API is a from the ground up re-write of the web stack. At the core it is much cleaner and more flexible than the 12 year old infrastructure that MVC is built on top of. Web API does not yet have the same level of tooling, add-ons, plugins as MVC, but that will come.