Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

How to get full power from WebApi

2 079 vues

Publié le

WebApi presentation by Raffaele Rialdi at http://webnetconf.eu/ on October 20, 2012 in Milano

Publié dans : Technologie
  • Soyez le premier à commenter

How to get full power from WebApi

  1. 1. How to get full power from WebApi Raffaele Rialdi @raffaeler http://iamraf.net
  2. 2. Thanks to the sponsors
  3. 3. What is WebApi in one slide• A library to create HTTP services – HTTP is highly scalable (disconnect, cloud, …)• Designed to create REST services – WebApi does not automatically imply REST – Use HTTP as an application (not a transport) protocol• Fits in heterogeneous device/OS scenarios – Avoid typical SOAP versioning problems – Its highly pluggable• Leverages the Asp.net MVC 4 model
  4. 4. WebApi is flexible• oData is a work-in progress – look at nightly builds, avoid current pre-release• Can be Self-Hosted outside IIS and MVC4 – Easy way for inter-AppDomain or inter-Process – Console example: var config = new HttpSelfHostConfiguration("http://localhost:8000"); config.Routes.MapHttpRoute("API Default", "api/{controller}/{id}", new { id = RouteParameter.Optional }); using (HttpSelfHostServer server = new HttpSelfHostServer(config)) { server.OpenAsync().Wait(); Console.WriteLine("Press any key to exit"); Console.ReadKey(); }
  6. 6. Routing to a ControllerRequest controller • Use the standard MVC Routes – extract Controller, Action and parameters • Controller selection under the hood – IHttpControllerSelector.SelectController • HttpRequestMessage  HttpControllerDescriptor • Plug-in Controllers using IDependencyResolver – Nuget has a lot of ready to use IoC containers
  7. 7. Selecting an ActionRequest controller action • The easiest way is to modify the default Route config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); config.Routes.MapHttpRoute( name: "DefaultApi2", routeTemplate: "api/{controller}/{action}/{x}/{y}" ); • Can use [ActionName("myaction")] – override the method name as the action name • Can use [NonAction] – exclude a method from being an action
  8. 8. Selecting an Action by codeRequest controller action • Derive ApiControllerActionSelector Use case: – override SelectAction Versioning! • Implement IHttpActionSelector – Implement SelectAction – Obtain the previous selector in ctor – Call previous selector • In SelectAction method: – in: HttpControllerContext – out: HttpActionDescription
  9. 9. Authorization filterRequest controller action authoriz. I’ll play with Claims • [Authorize] is Role oriented • Derive AuthorizeAttribute to go Claim oriented • [AllowAnonymous] is self-explanatory • Starting from Fx4.5 new universal base classes – ClaimsPrincipal for every Principal – ClaimsIdentity for every Identity IPrincipal client = Thread.CurrentPrincipal; ClaimsPrincipal principal = Thread.CurrentPrincipal as ClaimsPrincipal; ClaimsIdentity identity = principal.Identity as ClaimsIdentity;
  10. 10. Security considerations• WebApi authorization model is not built-in – AuthorizationFilters / MessageHandlers are used to plugin the desired mechanism – Per-route handlers gives finer control• Use Filters/Handlers to add/modify claims
  11. 11. Model BindRequest controller action authoriz. binding • IValueProvider (Bind3 example) – useful to populate an action parameter – Require a ValueProviderFactory (applied via attribute) • HttpParameterBinding (Bind4 example) – Associate a type to a provider • IActionValueBinder (Bind5 example) – Associate an HttpActionDescription to a provider • DefaultActionValueBinder (Bind6 example) – Intercept default provider • IModelBinder (Bind7 example) – Execute the binding. Must provide the value
  12. 12. Action Filters actionRequest controller action authoriz. binding filter • Called before and after the action execution Use case: • Implement IActionFilter validation & auditing! or better…. • Derive ActionFilterAttribute – OnActionExecuting – OnActionExecuted
  13. 13. Target was reached! action invokeRequest controller action authoriz. binding filter action • In the action we have different options: – return an entity that will be embedded in a response – build and return the HttpResponseMessage • Can be an error (no exceptions imply better performances) or – throw a CLR exception (a filter will convert it in a msg) – throw an HttpResponseException • returns the HTTP status code of your choice • its a full response (specify Content, Headers, ReasonPhrase)
  14. 14. HttpError• Nice way to create the error message – Errors flow in the same way of the content – Keys/Values can be added for additional infos var msg = string.Format("Product with id = {0} not found", id); HttpError err = new HttpError(msg); return Request.CreateResponse(HttpStatusCode.NotFound, err); var msg = string.Format("Product with id = {0} not found", id); return Request.CreateErrorResponse(HttpStatusCode.NotFound, msg); HTTP/1.1 404 Not Found Content-Type: application/json; charset=utf-8 Date: Thu, 09 Aug 2012 23:27:18 GMT Content-Length: 51 { "Message": "Product with id = 12 not found" }
  15. 15. Action filter action invoke filter action• Same filter of the request• OnActionExecuted
  16. 16. Exception Filters exception action invoke filter filter action• Do not use MVC [HandleError]• Transform CLR exceptions in HTTP messages• Implement IExceptionFilter or better derive ExceptionFilterAttribute• Mark actions with the attribute or• Change the global configuration – GlobalConfiguration.Configuration.Filters.Add(new MyNamespace.NotImplExceptionFilterAttribute());
  17. 17. Formatting data for the output exception action invoke Response formatting action filter filter• MediaTypeFormatter is the abstract base class to serialize entities in whatever format• Built-in formatters: – Json.net and Xml formatter are built-in – bson and many others on nuget – your own just deriving this class• The correct formatter is picked up upon "http content negotiation"
  18. 18. GOING DEEPER
  19. 19. Message Handlers Request custom Http Http HttpServer Message Routing Controller Controller Response Handler Dispatcher Dispatcher• Message Handlers works at the beginning of the pipeline – They can use the message and pass it over – Or can "short-circuit" to the response (early validation)• MH still dont know the controller, action, etc.• Every endpoint has different MH instances• Typical usage: – Early validation of the message / headers (security keys) – Packet inspection
  20. 20. Wrap up• Webapi = extreme pluggability• Just follow the request – Before or later it will become a response  Questions?
  21. 21. Please rate this sessionScan the code, go online, rate this session