i need to handle my authorization in my project
my project contains 5 libraries (DAL+COMMON+SERVICE+API+UI)
my UI project is accomplised by mvc and when i need to view partial view i request controller in mvc to return me partial view and when i need to add new item i call web api directly from my html so some times i called controller in mvc and sometimes i need to call web api from html using ajax call ,
i want to know where i will put my security permission in (UI) or in (API)
I would make sure that both your API and MVC layer are protected.
You can protect all controllers with some sort of Authorization, depending on how you set up your project to begin with.
If the API is part of the same MVC project then it can use the same authorization system like the MVC side of things.
If your API is completely independent and functions on its own then you can use something like IdentityServer, to protect it with OAuth2.
Related
I currently have an ASP.NET MVC and ASP.NET WEB API 2 project (both types of controllers are included in the same project).
I want to ensure that a user cannot directly make a call to the Web Api and get raw data (such as http://domain/api/myaction). However, the Api methods should have the ability to be called by jquery via AJAX, and MVC Controller Actions should also be able to call the Web Api Actions (in cases where the initial View should be rendered with some data that came from the API).
What is the best approach to do something like this, or am I looking at this the wrong way?
There is no difference between Ajax call and "direct" call.
What you should do in any case of actions controller, is validate the request via token or whatever authentication method you have established.
If you are using Microsoft authentication you only need to add the [Authorize] tag above your controller/action.
https://msdn.microsoft.com/en-us/library/system.web.mvc.authorizeattribute(v=vs.118).aspx
It's more a structural question than a technical one.
I made a classical Web App with ASP.NET MVC.
I works well, the server responds with HTML when I send him an URL. Ok.
I now want to make a mobile application (Android) to access the same data.
Maybe there is a way to use the controller's methods which already return the objects I'll need.
So the question:
Is there a simple way to make a REST API from a ASP.NET MVC WebAPP?
Once again, I think that the controller's method will be pretty much the same. It just has to not return HTML but XML for instance.
I'm a newbie in the Web services technologies.
Add webapi project to your solution
Configure web api controllers
Reuse MVVC classes to access database
Return necessary data - webapi will return it in json and in xml (depends how client will consume it)
I am developing an MVC5 application and use Entity Framewerok 6 code first on this. Now we we will also develop an android application that will interact with the MVC application (CRUD operations) by using the web services. At this stage I want to be clarified about the issues below:
1) I think WebAPI is better option for us as we use the services on android apps. What do you suggest?
2) In order to integrate WebAPI to an MVC project, which changes should be made? On the other hand, can we use the same controller and data layer methods (i.e. SaveChanges, etc.) by making some modifications i.e. inheritance? Or do we have to create a seperate methods for web services? Could you give an example by code?
3) Does integrating WebAPI to the MVC project affect the MVC project's abilities or methods? I mean that is there any disadvantage integrating WebAPI to an MVC project?
Any help would be appreciated.
1) That's a good idea. Web API is easy to implement and consume
2) You don't need to make changes to intergate Web API in your application: just start using it. As you want to expose CRUD operations from EF a good idea would be to implement ODATA services. Or use something like Breeze (depending on how you want to consume the services). See "MVC and Web API" bwelow
3) Web API doesn't affect at all the MVC part, unless you make a mistake setting the routes. Although they run in the same host, they work completely independent of each other.
MVC and Web API
Unless you need to do something special, like exposing Web API in a different URL or "domain name", MVC and Web API are implemented in the same web application project. To start using Web API in your MVC project simply add a new controller. Perhaps you'll have to include also the WEB API route configuration, and some other Web API configuration.
If you want to expose the EF model throug Web API you simply have to follow the instructions in the link to create an ODATA controller, which will expose the EF model as a RESTful service, allowing you to execute the CRUD operations to the EF model through URLs.
NOTE: What you want to do is a very frequesnt pattern in MVC applications: MVC is used for generating the views, and Web API fos exposing functionalities that can be easily consumed from the views usin Javascript + AJAX. Don't be afraid to use it. You'll find no problems at all
I have a rather complex solution which I implemented using ASP Web API, among others. I have 3 projects in my solution worth mentinoing right now. One is a WebAPI containing only api methods. Other two are are the backend and frontend for my application. The backend uses a SPA approach loading mostly empty shells for views and filling everything with ajax acessing the API. The frontend on the other hand because of SEO concerns was decided to be implemented by more traditional means, aka most stuff is rendered server side. My question is, is it possible and good practice to simply call the web api methods from the frontend controlllers and send the results to the view? I don't see a point in duplicating most code in the regular controllers since it's all done with the api.
Any samples on this? I've been searching but couldn't find much.
If you need to call Web API service from C# code (MVC controllers or elsewhere), HttpClient or WebClient can be used to call the services over HTTP.
If you need to simply reuse code, it should be abstracted into a class library (DLL) and referenced from the Web API and MVC projects.
I've run into this same situation and have used the Web API controllers from MVC controllers for a little while at least. You can do this simply by creating new objects of the Web API controllers then calling the appropriate methods off of them. I found this method works fine initially but creates the dependency that means your Web API can't change without also changing the MVC controllers as well.
My advice is to put as much functionality on your models that makes sense with partial classes, and if that is still inadequate then create another logic tier that contains all the shared business logic. You should not have duplicated logic in your MVC and Web API controllers, they should just serve as the glue to get the data served.
When I create a new ASP.NET MVC 4.0 project e.g. Single Page App or Mobile etc... they all have Controller classes inheriting from ApiController.
I do not need to expose a web service to someone else. I just want to run a public website with a private webapplication if logged in. I do not want ApiController but I want a Single Page App.
Why have they done it that way?
WebApi does not necessarily imply that you are creating a web service for someone else. Instead, when you are developing a single page app, you would use the WebApi controllers to deal with getting/posting data via ajax.
There is nothing stopping you from using regular controllers, but the WebApi is well suited for SPA. See any of the online tutorials where this technique is used.
It sounds like you want to create an Mvc4 Web Application using the Internet Application project template. This template uses forms authentication and creates controllers that inherit from System.Web.Mvc.Controller. If you are using Visual Studio 2012 then this template is installed (along with a handful of others including the Api Web template).
Right click on your controllers folder -> Add -> Controller and then choose an MVC controller from the template drop down. You don't have to use an API Controller.
If you think of what a SPA is, it's essentially an HTML page that uses JavaScript to get data from a WebAPI or some other web service. Like Bort said, web API calls are very well suited for SPA.
Personally, for a single page app, before they added the SPA template in Update 1 I'd just create a static .html page and make RESTful calls into my WebAPI controllers.