DOT-NET-WEB-API核心技術(shù)指南

Topic–ASP.NETWebAPIMicrosoftDevBostonASP.NETWebAPI2AndyTapaswi.NetArchitect@MagenicTopicsWhatisASP.NetWebAPIWhentouseWCFandWhentouseASP.NETWebAPINewFeaturesofASP.NETWebAPI2OWINOAuth2CORSODataOtherFeaturesBrowsersDevicesPhonesTabletsWebAPIWebAPIconnectstoallHTTPawareclientsWebAPIWebAPIWhatisASP.NETWebAPIAfullysupportedandextensibleframeworkforbuildingHTTPbasedendpointsBuiltontopofASP.NETVersion1.0releasedalongwithMVC4inAugust2012Version2.0,releasedwithASP.NETMVC5(on.Net4.5andabove)inOctober2013Version2.1,releasedonJan17th2014ShouldIuseWCForASP.NETWebAPIUseWCFIfyouarelimitedto.Net3.5IfyouareexposingSOAPbasedservicesIfyouneedtosupportmultipleprotocolsIfyouneedtosupportWS-*transactionIfyouneedtoachievemessagelevelsecurityUseASP.NetWebAPIIfyouneedtoreachwideranddiversecrossplatformclients/devicesIfyouneedtoleveragethebenefitsofHttpOWINintegration/KatanaProjectSecurity–OAuth2.0Security-CORSODataImprovementsAttributeroutingRequestBatchingWhat’snewinASP.NETWebAPI2PortableASP.NETWebAPIClientIHttpActionResultAuthenticationFiltersASP.NETandOWINIntegration

KatanaProjectWhyOWIN?LargefootprintevenforasmallwebapplicationSystem.Webistoolargetomaintainandcan’tsupportfrequentreleasecyclesWebApplicationASP.NetIISWhatisOWIN?OWIN=OpenWebInterfacefor.NET()ASpecificationthatdefinesacommoninterfacethatdecoupleswebappsfromwebserversInspiredbythelikesofnode.js,Rack,WSGINowdeeplyintegratedwiththeASP.NETpipelineEx.runauthenticatingmiddlewareduringtheAuthenticateASP.NETpipelinestageRunyourWebAPIsonanyOWINcomplianthostKatanaistheMicrosoft’sOWINimplementationashostingabstractionKatanaArchitectureApp–WebApplicationMiddleware–Frameworks:WebAPI,SignalR,oranycustommiddleware(Oauth,CORSetc)Server–BindingtoTCPPortandconstructingtheHTTPcontextforpipelineHost–AnyexecutableorserviceorIISAppMiddlewareServerHostKatanaDataFlowHost/IISHTTPRequestHTTPResponseServerASP.NetWebAPIWebApplicationImplementationConventionoverconfigurationConfigurationfunctioninStartupclassusing

AppFunc

=

Func<IDictionary<string,

object>,

Task>;DEMO:selfandIIShostedWebAPIWebAPISecurity–OAuth2WebAPISecuritySecurityintransitSSLisalwaysappropriateSecuringtheAPIItselfAuthenticationandAuthorizationBrowserSecurityCrossOrigin

WebAPISecurity–AuthenticationandAuthorizationServertoServerAPIKeysandsharedSecretsUserProxy

OAuthorsimilarDirectUserPiggybackonexistingsystemusingCookiesorTokensWindowsAuthenticationFormsAuthenticationHttpbasedAuthenticationsBasic,Digest,DigitalSignaturebased

OAuthAnopenprotocoltoallowsecureauthorizationinasimpleandstandardmethodfromweb,mobileanddesktopapplications~

ForallowingotherAPItoactasuserinyoursystemAcceptusercredentialThentrusta3rdpartywithatokenthatrepresentstheotherAPITheotherAPIneverreceivesthecredentialsOAuth2(Implicit):ThePlayersandRelationshipsTrusted/UntrustedClientAuthorizationServerResourceOwnerResourceServerRegistersWithUsesOwnsResourceTrustsAuthorizesAccessesOAuth2(Implicit):FlowImageSource:MSDNDEMO:SPAandOAuthCORSCORS-CrossOriginResourceSharing

HttpRequest&ResponseWebServerofDomain1WebServerofDomain2HttpRequestHeaderOrigin:domain1HttpResponseHeaderAccess-Control-Allow-Origin:domain1CORSHttpHeadersRequestHeaders:OriginAccess-Control-Request-MethodAccess-Control-Request-HeadersResponseHeadersAccess-Control-Allow-OriginAccess-Control-Allow-MethodsAccess-Control-Allow-HeadersAccess-Control-Allow-CredentialsAccess-Control-Max-AgeDEMO:CORSODataODataTheOpenDataProtocol(OData)isaprotocolforqueryingdataoverthewebODataprotocolisasetofRESTfulinteractionsalongwithanOData-definedquerylanguagebasedonJSONandAtomPubODataQuery$top=n:Returnsonlythefirstnentitiesinanentityset(orinAtomterms,thefirstnentriesinafeed).$skip=n:Skipsthefirstnentitiesinanentityset.Usingthisoptionletsaclientretrieveaseriesofdistinctpagesonsubsequentrequests.$format:DetermineswhetherdatashouldbereturnedinJSONortheXML-basedAtom/AtomPubformat.(ThedefaultisAtom/AtomPub.)$orderby=:Ordersresults,inascendingordescendingorder,bythevalueofoneormorepropertiesinthoseresults.$filter=:Returnsonlyentitiesthatmatchthespecifiedexpression.ASP.NETWebAPIODataComponentsforimplementingODataservicesModelbuilders,formatters(Atom/JSON/XML),pathandqueryparsers,LINQexpressiongenerator,etc.BuiltonODataLibSameunderpinningsasWCFDataServicesInitiallyshippedwithVisualStudio2012Update2Nowsupports$select,$expandand$batch!DEMO:OData–

HttpGET$selectand$expandOtherASP.NetWebAPI2FeaturesBringyourroutesclosertoyourresourcesAttributerouting(name:“DefaultApi",routeTemplate:"api/{controller}/{id}",

defaults:new{id=RouteParameter.Optional});ControllerSelectorActionSelectorpublic

IEnumerable<Resource>GetResource(){…}InAppStartWebAPIConfigOptionalvaluesDefaultvaluesInlineconstraintsAttributerouting[HttpGet(“Demographics/{zipcode?}")]public

Demographics

Get(int?zipcode){…}[HttpGet("people/{id:int}")]public

PersonGet(intid){…}[HttpGet("people/{name:alpha}")]public

PersonGet(stringname){…}[HttpGet("Demographics/{zipcode=98052}")]public

Demographics

Get(intzipcode){…}

config.MapHttpAttributeRoutes();(name:"DefaultApi",routeTemplate:"api/{controller}/{id}",defaults:new{id=RouteParameter.Optional});BatchingRequestSequentialandNonsequentialexecutionsupportattheServerEnhancedClientlibraryforcreatingContainerofmultipleRequestsorContextforODataPortableASP.NETWebAPIClientNomoremaintainingmultipleclientlibrariesforPhoneandStoreAppSingleportablelibrarythatcanbeusedtoconsumeWebAPIsfromWindowsPhoneandWindowsStoreappsoranyotherclientrunningon.NET4.5ThissupportisbuiltontherecentlyreleasedportableHttpClientandtheportablelibrarysupportinJson.NETHttpResponseandIHttpActionResultInWebAPI1–ReturnanyobjectandlettheWebAPIpipelineconvertthattoanHttpResponseMessageReturnHttpResponseMessageconstructingtheHttpheaderandbodymanuallyInWebAPI2–IHttpActionResultislikeafactoryimplementationofHttpResponseMessage,providesmorecontroloverthereturnedHttpResponseMessageHttpRequestContextProvidesashortcuttostronglytypedaccesstotheinformationwhichuptothispointhiddeninsideofRequest.PropertiesdictionaryNameDescriptionClientCertificateGetsorsetsthe