Web API Design Jump Start Q&A Logdownload.microsoft.com/download/6/3/6/636926B9-D17A-4CF8-927… · Web API Design Jump Start Q&A Log Live Event Date: February 4, ... given all the

Web API Design Jump Start

Q&A Log

Live Event Date: February 4, 2015 Page 1 of 26 DISCLAIMER: This information is provided to you for informational purposes only and is provided “as is.” Microsoft has not reviewed the information and it may contain inaccuracies. You bear the risk of using it. Microsoft makes no warranties, express or implied, as to the information.

08:56:54 PST Question: I'm very much new in Web API concept. Am i eligible for this session? Answer: Absolutely!

08:57:25 PST Question: waiting desperately Answer: Me too!

08:57:30 PST Question: Hello, so excited for this event, lets ROCK....! Answer: I like it!

08:58:18 PST Question: Hey Chris, I'm really trying to understand web API jeje Answer: Hopefully we can help!

08:58:35 PST Question: will SignalR + WebApi integration be covered? Answer: We won't be doing a SignalR demo, but we do have a full MVA on SignalR.

08:58:46 PST Question: This should be awesome! Answer: I'm hoping so!

08:59:05 PST Question: Hi Sir video stops after each second how to watch in 240 or in resolution that foesn't stops the video??? Answer: Try the low resolution

08:59:40 PST Question: Can I use Visual Studio 2012 instead of 2013 for code samples ? Answer: Probably best to look at 2013. You can grab the community edition

09:00:20 PST Question: Clashing with Jeffrey Snover on TechDays. Tsk.

Answer: We're cooler. A couple weeks ago we clashed with the Windows 10 announcements.

09:00:27 PST Question: Spaghetti time Chris ? Answer: Always!

09:00:44 PST Question: Does ASP Web API host web pages as well? Like if I wanted my own view to be calling the API using

javascript? Answer: You can put Web API into the same projects

09:01:34 PST Question: Hey, from Monteal

Answer: I used to live just north of Plattsburgh!


Q&A Log


09:04:27 PST Question: With announcement of Spartan Browser, Do we need to make changes to our WebApps as we did for IE9

and IE10...

Answer: Expect an MVA in the near future about all of that.

09:04:33 PST Question: Has the video stream started? I still see the default message "The session video stream will appear here

once the event starts" Answer: Ctl-F5

09:04:38 PST Question: chugga chugga chugga

Answer:

09:04:50 PST Question: will thsi session be recorded. I have no streaming at all. Answer: Try ctl-F5

09:05:03 PST Question: Hi Christopher! Answer: Hi there!

09:08:13 PST Question: what's the difference between web api and restful web api Answer: Stay tuned! We'll actually dig into that right now.

09:09:21 PST Question: Sound's good with Jump start with Web API @Christopher Answer: Thanks!

09:09:28 PST Question: Can I watch it in lower resolution than standard quality

Answer: Unfortunately, no.

09:12:44 PST Question: Is this session being recorded? so that one can watch later? Answer: It'll be available in about two weeks

09:13:14 PST Question: @Hilmand, the recordings can be downloaded later (I think in 2 weeks) Answer: That is correct

09:13:30 PST Question: Rest is what you need each night. You got to get your zzzzzzzzzzzzzzzz.

Answer: #ISeeWhatYouDidThere

09:13:39 PST Question: Chris, how can you handle writing responses on chat and simultaneously speak to audience ?

Answer: I'm cool like that.


Q&A Log


09:14:49 PST Question: Does RESTful WebApi mix well with SignalR/websockets? Answer: Absolutely!

09:15:00 PST Question: Hey Christopher! Just started a course last week in webcommunication which includes ASP.NET Web

API. Perfect timing for another awesome MVA video Answer: Awesome!!

09:15:41 PST Question: Does he mean idempotent? Answer: He does

09:15:45 PST Question: Chris are you guys posting the source code of this session. So that we can play with those? Answer: https://github.com/MicrosoftLearning/WebAPIDesign

09:16:09 PST Question: Christopher handle async so he can speak and write at the same time? Answer: public async String AnswerQuestion(String question) { }

09:16:52 PST Question: Tiny note-- think it's idempotent, not indempotent. Answer: Thanks

09:17:12 PST Question: Oh Lord, visited Plattsburgh routinely every summer, in my once young days.

Answer: Good times! I have fond memories of the area.

09:17:19 PST Question: Thank you so much Chris! You guys are great!!! Answer: Thank you!

09:17:44 PST Question: If you hate it don't use it!!!! Don't use OAS

Answer: Don't hate the player, hate the game.

09:22:33 PST Question: Will you be covering Asp.Net5 WebApi design .. that has the complete ripped off .Net Framework & IIS

Pipeline..? Answer: We won't dig into .NET 5, but what we'll be covering won't be impacted by the upcoming changes.

09:22:49 PST Question: Interesting to see how Chris stays engaged while monitoring chat. Apparently MCTs have a mental 'async

await' to keep them responsive.

Answer: Used to multiple brain threads.

09:24:02 PST Question: I can't see the video, only a blue screen that says "The session video stream will appear here once event

srats..." Answer: Try a Ctl-F5

https://github.com/MicrosoftLearning/WebAPIDesign


Q&A Log


09:24:13 PST Question: Christopher: Multiple brain threads with async

Answer: I'm programmed to be async

09:24:53 PST Question: Even MS guys are making fun of IE

Answer: I didn't make fun of IE. I was just trying to subtly mention Chrome.

09:25:37 PST Question: case made!! i'm moving to chrome so much more powerful Answer: :-P

09:27:21 PST Question: I'm waiting for Spartan!

Answer: Me too!

09:28:07 PST Question: given all the goodness of WebApi & OData (JSON et al), why would anyone write a new WCF & WSDL

(SOAP etc) ? Answer: WCF can give you a bit more control over the messaging, but generally I'd trend towards Web API.

09:28:49 PST Question: What is the difference between PostMan and Fiddler? Do they both do almost the same? Answer: They do similar things. Fiddler is more about tracking requests and making some calls. Postman is more

focused on sending requests and formatting those.

09:29:38 PST Question: what happen? i'm hanging... Answer: Try a refresh

09:29:43 PST Question: Will URL for recorded session be emailed or I need to g some web-page to find it? Answer: You will get an email

09:29:57 PST Question: no examples with VS 2015? Answer: Not right now. But we are working on a VS 2015 MVA in the near future

09:30:17 PST Question: Will the Q&A be available later with the video recording? Answer: Certain questions will be available.

09:31:14 PST Question: why not use fiddler.. the great tool... Answer: It is. Postman makes it a little easier to build your requests, and from a demo perspective it's a bigger font

which makes it easier to read.


Q&A Log


09:34:09 PST Question: @Chris, Jermey: Can I publish a WebAPI project from my Visual Studio 2013 (update 4) to an IIS 6 (a

Windows Server 2003 machine), or is it required to be hosted by IIS 8 ? Thanks in aadvance.

Answer: I'm honestly not sure. If you can install .NET 4.5 into Windows Server 2003 you're all set. But I must

admit I don't always remember the server versions and what works.

09:34:14 PST Question: One Query.. Does Web API support HATEOAS? Answer: It does

09:34:31 PST Question: I use RESTClient in a little known browser called FoxFire (sp?)

Answer:

09:34:57 PST Question: Will there be some live coding in further blocks of this session? Answer: We'll be doing a lot of canned code just to give us the ability to cover more ground. But we will walk through

everything.

09:35:09 PST Question: Fiddler breaks down quickly when you need to start sending authenticated requests to REST APIs,

Postman makes it dead simple to add OAuth / Basic requests + the history of previous requests is powerful Answer: Nice comparison

09:35:49 PST Question: i don't know how to use fiddler or postman, can i still continue with it? Answer: Absolutely! Postman experience isn't required

09:36:09 PST Question: Salman: .NET 4.5 is not supported on Windows Server 2003 Answer: There you have it

09:36:26 PST Question: Hi, Just joined. Guess missed early parts. can i get copy of video once this session completed. Answer: It'll be available in about two weeks

09:38:49 PST Question: Unless vNext is out, we are not able to deploy WebAPIs such as the one you present here on Linux, right?

Will it be difficult to migrate "old" WebAPI to vNext? Answer: That is correct. The upgrade shouldn't be a challenge.

09:38:59 PST Question: When will the Chugga, Chugga, Chugga shirts be available to purchase? Answer: Ha! New marketing idea!!

09:39:16 PST Question: In your security module, will you be discussing any security tokens that front ends like AngularJS could

use? (like JSON Web Tokens, JWT ?) Answer: We will. That'll be in the last module.


Q&A Log


09:39:23 PST Question: Are the code samples available to follow along? Answer: https://github.com/MicrosoftLearning/WebAPIDesign

09:42:36 PST Question: Is scaffolding available in VS2010 by an upgrading or something? Answer: You need to use VS2012 or higher

09:43:02 PST Question: what happened to the video feed? it Closed and now is showing countdown (10m break?)... Answer: We are on a break at the moment

09:43:30 PST Question: I still not got to the Point where I understand the Advantage of REST and OData over SOAP. Is it "just"

that the Interface is the same on every site that uses the WEP API? Or are there more fundamental Advantages - what I can do with REST / ODATA and cann not with WSDL? Answer: We'll answer this coming out of break

09:50:21 PST Question: Is there a migration model or strategy that takes a older Win Forms client application and SQL database

and leaves the WinForms clients and database in place but transforms the database and UI into Web API while the existing application continues to run. Are you better off starting everything new? Answer: We actually have an MVA addressing that coming up in a couple weeks. Ping me on @GeekTrainer and I'll

get you the reg link once it's live.

09:50:31 PST Question: Hi! Frankie from Czech republic reporting in. I missed the first hour, didn't I? That damn time converter

crashed on me.

Answer:

09:51:04 PST Question: all of the Web API demos/talks are focused on data from a database. I get those, slam dunk for Web API.

Can/will we cover designing APIs that do "business" work? i.e. execute a set of rules or logic. for example, the classic CalculateSalesTax type of functionality? These typically take more of a "request" (several parameters in the body) and not an ID in the db. What about longer running actions too?

Answer: Stay tuned.

09:52:32 PST Question: you got the Name right - thanks for the great answers ! Answer: You're very welcome!

09:52:42 PST Question: Also: I too want a "Chugga Chugga Chugga" t-shirt.. Maybe with some gears on it!

Answer: I'll talk to my marketing guy.

09:53:57 PST Question: can we get email with link to the replay and sample code after the session is over? Answer: You'll get an email with the link to the video when it's available. You can find the source code

here: https://github.com/MicrosoftLearning/WebAPIDesign




Q&A Log


09:54:20 PST Question: What does WCF mean? Sorry if you explained it before,I missed 30 minutes or so. Answer: Windows Communication Foundation. It was the way to create services for external calls

09:55:01 PST Question: add me too on the "Chugga Chugga Chugga" t-shirt shopping chart!

Answer:

09:56:27 PST Question: We can customize (code /configure) WCF to be similar to REST Service like be based in HTTP as well as

tunned to have same specification as REST Service . is that right?

Answer: You could, but I'd just go with Web API.

09:58:04 PST Question: Will there be any (honorable) mention of PATCH verb? Answer: There will be

09:58:27 PST Question: awesome.. one more question about security: interested how to connect Web API (on DMZ) to the SQL

behind DMZ.. can this be covered or some solution suggested? Answer: We won't cover that directly. There's a lot of ways you could handle that.

09:59:08 PST Question: basicly dont reinvent the wheel Answer: That's it!

10:00:07 PST Question: @Chris - http://blog.codinghorror.com/dont-reinvent-the-wheel-unless-you-plan-on-learning-more-about-

wheels/ Answer: I love it! It was a different author, but that puts it perfectly!

10:00:15 PST Question: How can can I get video of this session ? Answer: It'll be available in about two weeks.

10:00:27 PST Question: How can I claim the Current user Identity in Web API? User.Identity not works for me. Pls if you have

explanation links send me Answer: We'll get to that in the last module (the security module)

10:00:44 PST Question: i installed ASP.NET and Web Tools 2013.1 for Visual Studio 2012 now i have an ASP.NET Web API 2

Empty Project option when i create a new project is this equivalent to what Jeremy showed in the previous module as an empty web project in with web api support in VS13 Answer: It is

http://blog.codinghorror.com/dont-reinvent-the-wheel-unless-you-plan-on-learning-more-about-wheels/

http://blog.codinghorror.com/dont-reinvent-the-wheel-unless-you-plan-on-learning-more-about-wheels/


Q&A Log


10:04:17 PST Question: What are the advantages of writing WebAPI project over MVC project with the usage of "string" return

values from the controller? I can perform authorization, implement business logic etc with MVC project and then just return JSON instead of view? Are there differences in the routing logic, classes etc between WebAPI and MVC? Answer: It's not so much advantage/disadvantage but rather different uses/needs. Web API doesn't provide a UI,

which means you can build your own in say a mobile device or an AngularJS/SPA project. MVC is about generating a web UI for use with browser clients.

10:06:20 PST Question: Hi there, I've got a question about REST and DDD. As far as I know, in REST changing the state of a

resource amounts to send an HTTP PUT request with a representation of the new state of the resource which will be replaced. Now, when doing DDD the change in the state of objects is done calling methods that encapsulate the business logic instead of accesing the fields directly. Is DDD and REST incompatible then? REST does imply the domain models will be anemic? Answer: We're actually addressing that right now

10:06:39 PST Question: Also, Web API is more appealing when considering OWIN/Katana Answer: Agreed

10:06:45 PST Question: sorry im late Answer: You're forgiven!

10:06:58 PST Question: if you the rest api's represents resources, do you not need to implement the business logic on the client?

Is that realy advisable? Answer: We're addressing that right now

10:08:28 PST Question: is there any major change between web api 2 and mvc 6 . why it is called mvc 6 instead of web api 3?

how easy or difficult it is to upgrade it from web api 2 to mvc 6? Answer: It should be relatively easy to upgrade. There are some changes, and some simplifications, but the core

remains the same.

10:09:07 PST Question: can u suggest book for web api Answer: I don't have a good suggestion. :-/

10:10:43 PST Question: Book Suggestion: Designing Evolvable Web APIs with ASP.NET O'Reilly (Written by Glenn Block - An

Azure MVP) Answer: Nice! (Full disclosure, I haven't read that book so I can't speak to it)

10:19:02 PST Question: So I can still have rich domains encapsulating the business logic, then communicate with the API

exchanging DTO's and on the server decide how that exchange of DTO's will have side effects on the domain objects? Answer: Absolutely!

10:19:10 PST Question: Chunky not Chatty nice one

Answer: Technical description.


Q&A Log


10:19:44 PST Question: I know Yahoo uses REST and Google uses SOAP for their APIs. Does Microsoft use REST in any of their

APIs? Answer: Azure uses REST, and I want to say that Visual Studio Online does as well.

10:20:07 PST Question: really great dialog guys, i undesrtand better now about how could i do my design Answer: Awesome!

10:20:22 PST Question: The 'other' browser...

Answer:

10:23:07 PST Question: How can I get this JSON for my gitHub profile? Is it somehow getable? Answer: You can use the url of api.github.com/users/{yourusername}

10:23:45 PST Question: non threatening competitors browser lol Answer: That's the phrase Hanselman uses! I was trying to remember it!

10:26:54 PST Question: Are you going to touch on persisting data? ex: creating an WebAPI for a users shopping cart Answer: We'll dig into that as time goes on.

10:28:47 PST Question: I join late. When this session will be online Answer: It'll be available in about two weeks

10:28:58 PST Question: it looks like the GitHub response conforms to HAL _links is part of that spec...can we hear about

hypermedia types and how we would handle those with web API? Answer: We'll dig into that going forward

10:29:11 PST Question: will the video of this be punished to download Answer: It'll be published in about two weeks

10:30:29 PST Question: XML XSLT apps were hell to debug! Answer: Weren't they?!

10:31:53 PST Question: Any suggestions for returning errors that occur in say business logic? Do you return 200 and error info or

attempt translation into HTTP error codes?

Answer: Stay tuned.

10:32:00 PST Question: I find XSLT very hard Answer: Me too!


Q&A Log


10:32:12 PST Question: Is there any MVA Course of Design Pattern that helps to Design web APP

Answer: Not yet, but I'm working on it!

10:32:43 PST Question: One question about the repos resource on github api: how could I deal with cyclic references? I mean,

what if "owner" had a reference to the collection of repos? Answer: This is where knowing the API and building the client comes into play

10:33:24 PST Question: even if the links/service are available you still need to understand semantics of it or is this standardized? Answer: More than anything you need to know the data that's coming back. There are standards, but those

standards only go so far. There are still going to be differences based on the types of data.

10:35:40 PST Question: @Chris , glad to hear that do u have any links about Design pattern u can advise us

Answer: I don't have any links handy, but I'm sure others in the chat window do.

10:37:03 PST Question: Any suggestion to structure a VST solution with WebAPI as well the other underlying layers? Answer: We'll be digging into that going forward

10:38:45 PST Question: Sorry, what is the Nuget package for WebApi Help? Answer: Microsoft.AspNet.WebApi.HelpPage

10:40:47 PST Question: Can i use web API with my existing database? Without code a database class? Answer: Absolutely! You can add in whatever server code you want.

10:40:50 PST Question: is the package avaible for vNext projects? Answer: It is

10:41:17 PST Question: Where does "E=mc2" sticker gone from the bottle?

Answer: It's an MCT sticker.

10:41:49 PST Question: Why do people pronounced JSON as "Jay-Sawn"? The creator Douglas Crockford pronounce it as "Jay-

Sun". Listen to his youtube talk on Javascript. Answer: Same reason people say GIF with a hard-G, rather than with the J sound. (I personally say GIF, not JIF)

10:42:49 PST Question: What version of VS are you using in the demo? Answer: 2013


Q&A Log


10:44:20 PST Question: I kind of wish there were more MVAs on the front-end side of things. I never really understand how to for

example consume the JSON file once I get it from the server or how to "connect the dots" between frond-end scripting and server-side code... Answer: Check out our jQuery and AngularJS MVAs

10:44:39 PST Question: Other than the pronunciation, great start...so far.

Answer:

10:46:53 PST Question: Christopher: Examples interfacing to RunKeeper would be great. Give me something to do while resting a

calf injury.

Answer: I've had this app I've been wanting to build for a long time using RunKeeper as back-end. I hope you

heal quickly! I struggled with a calf injury a few years ago. It's tough.

10:47:39 PST Question: are there any mvas on design patterns at all? Answer: Not yet

10:48:44 PST Question: Hi, is this being recorded? I will like to download the vids Answer: They'll be available in about two weeks

10:51:32 PST Question: @Christopher It would be great if you had some "from scratch" series, where we could learn about

something and follow a project from start to end Answer: I like the idea!

10:52:42 PST Question: Some rest gurus say to return 200 for a DELETE that was not found, comments? Answer: Sure, I could make that argument. It really depends on your particular scenario. Returning a 200 just always

indicates success. By returning some form of a 400 error you're letting the client know it wasn't there. They may have sent up the wrong ID and need to know that a delete didn't actually take place.

10:53:14 PST Question: Im trying to enroll in bizspark It is asking enrollment code, do you have any Answer: Ping me on Twitter (@GeekTrainer) and I can try to point you in the right direction.

10:54:52 PST Question: sorry for non relevant query. Its been over 3 weeks since I applied for @BizSpark. haven't heard yet. Answer: I don't know that I have an answer for that one. :-/

10:55:20 PST Question: What would a web api call look like for finding a customer. in order to find a customer you search by

FirstName, LastName and Email. would it be a GET api\Customer\Bob\Smith\[email protected]... or could you use a Post to send data and get a Customer back? Is that an improper use of POST? Answer: You could do that, or if you supported OData you could it with a $filter call


Q&A Log


10:55:45 PST Question: @Christopher are you going to discuss coding in authentication/authorization in the API versus using an

API management tool?

Answer: We are, but we keep all the great stuff for the last module.

11:00:20 PST Question: Are you doing a marathon? Answer: I ran Carlsbad (Just north of San Diego, CA) in January. Trying to figure out what the next marathon is

going to be. You?

11:00:50 PST Question: sorry for copying my blog where the article was published @asp.net as 'Article of the Day'

Answer: Nice!

11:01:32 PST Question: are we still on? Answer: We just started back up!

11:04:47 PST Question: the $.ajax, $.get, $.post are awesome, but the $.deferred is super, the whole promisses thing is wonderful Answer: Absolutely! We were trying to keep the code pretty simple, which is why we didn't use promises.

11:06:01 PST Question: Hi! Can we found this demo source code online ? Answer: https://github.com/MicrosoftLearning/WebAPIDesign

11:06:14 PST Question: you get full control of the requests and when things happen, and most important, in which order Answer: Absolutely!

11:07:10 PST Question: What time did you do Carlsbad in?

Answer: I finished. It wasn't my best marathon as I ran into a couple of training issues, including pneumonia to

start the year. But I finished!

11:07:55 PST Question: yep.. the security issue, I think we should give just enough information.. you don't need to tell everything Answer: Absolutely! And there is something to be said for sending down a 200 to hide the fact that it wasn't found, to

try to prevent someone from poking at your data trying to find a weakness. I don't know that I'm entirely in that camp, but I grok the argument.

11:08:16 PST Question: Are you guys going to discuss CORS? Http get is usually fine, but put, post, delete, etc are usually

secured out of the box, correct? Answer: We'll be talking about that going forward.

11:08:35 PST Question: roger, Roger!

Answer:



Q&A Log


11:08:40 PST Question: Airplane!

Answer:

11:08:45 PST Question: tnx for link Answer: You're welcome!

11:08:50 PST Question: unless you are making delete idempotent Answer: Right

11:08:55 PST Question: is JL's code in that earlier Git repo Uri ? or will it be ?! Answer: https://github.com/MicrosoftLearning/WebAPIDesign

11:09:01 PST Question: Kelber from Florida Answer: Welcome!

11:09:57 PST Question: then you can mark it as deleted instead of actually deleting Answer: And that's a big key - you can still do whatever you want on the server side. So you don't actually have to

delete it from the database.

11:10:11 PST Question: Ouch! good effort for completing it with those obstacles Answer: Thanks! I had a friend do Tough Mudder and I went out to cheer him on. that's a tough race!!

11:10:36 PST Question: There is problem with distortion from the mikes - your input level is probably too high...

Answer: Stay tuned!

11:11:28 PST Question: can you possibly demo how to pass multiple parameters with web api and how to handle null parameters? Answer: Stay tuned!

11:12:26 PST Question: In GetHub is there a way to download the whole package as one file or do I have to download the

individual files? Answer: On the lower right you can click "Download Zip". You can also "clone" it in Visual Studio, but that takes a bit

longer to explain.

11:14:42 PST Question: What happens if your source items contain delimiters like Sam's Market 6" hotdog or strings containing

commas. Answer: You can quote them, or send down semicolons instead.



Q&A Log


11:14:58 PST Question: @Marie theres a #MVA great course on GIT too http://www.microsoftvirtualacademy.com/training-

courses/using-git-with-visual-studio-2013-jump-start

Answer: There is!

11:15:12 PST Question: Hump day! Answer: Mike, Mike, Mike, Mike, Mike, Mike

11:15:18 PST Question: Let it go, Phil.

Answer:

11:15:26 PST Question: Hump Day Answer: Woot woot!

11:15:32 PST Question: HUMP DAY!!! Answer: Woot woot!

11:15:36 PST Question: i like saying it now when it's != wed

Answer:

11:15:52 PST Question: Camel Wednesday! Answer: Absolutely!

11:15:57 PST Question: HUUUUUMPDDDAAAYY!!! Answer: Woot woot!

11:16:03 PST Question: Is the session going? I don't see any thing Answer: Try a Ctl-F5

11:18:29 PST Question: I asked a question earlier; might be missed. How do you transfer image/binary data across WebAPI in

JSON? Answer: I'm trying to sneak that in

11:18:42 PST Question: Is this event recorded? Answer: It is. It'll be available in about two weeks

11:19:26 PST Question: MIKE MIKE MIKE!!!

Answer:

http://www.microsoftvirtualacademy.com/training-courses/using-git-with-visual-studio-2013-jump-start

http://www.microsoftvirtualacademy.com/training-courses/using-git-with-visual-studio-2013-jump-start


Q&A Log


11:20:54 PST Question: can't you just include application layer messaging rather than assuming the transport layer messaging is

accurate for communicating application layer status? Answer: That's sort of like sending down a flag rather than throwing an exception. The advantage to sending down a

400 error is the client is going to force handling of that error.

11:23:28 PST Question: how do you handle api versioning? Is there a url format in the style /api_v##/ or do you handle versioning

as completely separate URLs apiv##.example.com/api/ ? Answer: We'll actually be addressing that a little later today

11:26:28 PST Question: Is it possible to change the JSON Property casing depending on the request? Answer: I'd say generally you'd want to avoid that. I do believe you can sneak in the serialization options into specific

requests, but you want to be consistent.

11:27:00 PST Question: Do we have a OPenXML Parser that emits restful data from a web API...? ( I am looking for .Xlsx Export of

data from server.) Answer: There are many that are out there. I don't have one that I can recommend.

11:30:21 PST Question: Will apidoc tool still work with attribute routing? Answer: It will

11:30:59 PST Question: Hi, at the moment I have a mvc application for the user to add particular information to the web app and

this information will be passed down to a windows phone/windows 8(8.1) app. I am just wondering would the web api (json) approach be the better way to pass down the information down to the app over wcf? (Sorry if I should be asking this question on stackoverflow). Great video so far by the way Answer: Thanks! We talked about that quite a bit earlier today. In a nutshell, Web API is standards based, more

flexible, and likes JSON.

11:31:03 PST Question: and stop calling me Shirley !

Answer:

11:34:01 PST Question: is it best practice to decorate with [HttpVerb] instead of trusting the interpretation of the method name? Answer: I personally like to decorate just to make it a bit clearer, but that's a personal preference.

11:37:57 PST Question: does WebAPI support sending email addresses ? ie api/users/email/[email protected] ? calling it fails -yet if I

removed the '.com' part (ie api/users/email/abc@xyz) then it it would work. Answer: That's not a Web API thing but rather a URL encoding thing. I'd say the best way to handle special

characters is to send it in the header information instead.

11:38:03 PST Question: Thanks for the answer Answer: You're welcome!


Q&A Log


11:38:35 PST Question: You can always partition controllers out using partial classes, or you could use #region blocks. Answer: I'd prefer the #region blocks over the partial classes solution, but don't be afraid to add additional

controllers.

11:38:58 PST Question: The red squiggles are really an attention grabber. Is Jeremy gonna take care of them? Answer: Just having a small technical difficulty there. Sorry about the red squigglies.

11:40:07 PST Question: WHat if you do foo, but change the verb to Get... will it still delete, or will you get an error Answer: Are you talking about the actual operation it'll perform behind the scenes.

11:42:15 PST Question: Will it find the controller action? Answer: If you decorate Foo with [HttpDelete] it's going to, by default, just route all Delete verbs to the Foo method

for that controller

11:45:25 PST Question: hi Christopher just saw that replied with "I'd say the best way to handle special characters is to send it in

the header information instead." do you mind elaborating on that (or share a link) Answer: Sorry - send it up as a post if needed.

12:10:55 PST Question: I remember buying the Vic-20 when it came out.

Answer: Nice!

12:11:23 PST Question: will passing Date javascript object to WebAPI will require any specific handling Answer: The JSON serializer handles it for you, but you can modify that as needed.

12:24:03 PST Question: Will a recording of this be available later? Answer: in about two weeks

12:54:49 PST Question: Christopher, Congrats on your new position!!! About a year ago, I was in an online class (MS-20486) that

you taught from home, but due to technical problems you had switch back to the office. Remember? LOL. Answer: I do! That was rough. I did get my internet in my house fixed after that.

12:54:54 PST Question: CHUGGA CHUGGA CHUGGA I LOVE ASP.NET Web API!

Answer:

12:56:47 PST Question: Is there ever a time in an MVC application when it would be better to use WebAPI rather than just using a

regular MVC Action method that returns a JSON result?? Answer: I generally prefer to use Web API for all calls like that. However, the call is specific to that controller or that

page then I'll put it into that controller.


Q&A Log


12:57:04 PST Question: hello, its lunch time Answer: It is. We'll be starting back up in a few minutes.

13:00:21 PST Question: what is the difference in using GlobalConfiguration.Configuration.Formatters.JsonFormatter to configure

formatting of Json results as to adding [JsonProperty] attributes to the properties on the objects I want to return? Answer: Using that attribute can allow you control for JSON serialization on specific properties, rather than global

defaults.

13:00:33 PST Question: Peeking "What's New with ASP.NET 5" while waiting 4 u guys :p Answer: Hope you're enjoying it!

13:01:39 PST Question: Ok, was trying to do something with AngularJS and thought the call had to be done with WebAPI but

discovered that it could be done through a regular Action Method as well. Answer: Yup - you can just use that type

13:03:59 PST Question: Is it possible to open a Flash project in Visual studio? Sorry for the random question, I would just like to

know.

Answer: I haven't done Flash in more years than I care to admit.

13:04:19 PST Question: How couldn't I, It's ASP WEB API

Answer:

13:07:04 PST Question: @ChristopherHarrison, Oh, okay, but is it possible to import a Flash project into Visual Studio?

Answer: I'm not sure.

13:08:34 PST Question: How to implement a CRUD MVC App using WEB API, AngularJS, and EF for more than one Entyity? let

say for employees and Orders entities? Answer: We're doing the Web API part today. Check out the AngularJS MVA for the Angular part.

13:11:01 PST Question: ok thanks. is this recording already available on demand? Answer: It'll be available in about two weeks

13:11:24 PST Question: Hi, will you cover how to configure routing to have these nested URI segments like in Twitter case:

/resource/{id}/somotherresource/{nestedid} mapped to controller actions? Answer: We covered that in the routing module, which was our last module.

13:13:08 PST Question: I miss code 500

Answer:


Q&A Log


13:14:47 PST Question: This is great!

Answer:

13:23:34 PST Question: when to use [FromBody], [FromUri], or neither? Answer: There you go!

13:24:00 PST Question: Thanks for the info on downloading the package. It was a much better experience than the last class.

Answer: Awesome! I'm going to write a blog post about the basics of using GitHub in the near future.

13:24:45 PST Question: question about testing Web API: do you know how to setup accessing localhost from outside PC or VM..

i.e. developing inside VMware (Win 8 + Visual studio).. would like to call Web API from outside the VM Answer: You need to host it and allow external connections; localhost won't work there.

13:27:44 PST Question: like IIS installed and debugging against that with Visual Studio? Answer: Visual Studio typically uses IIS Express, but you can configure the project to use IIS.

13:28:44 PST Question: When accepting models, do we need custom model binding when content type is application/xml? I've

noticed that this only works by default with JSON. Answer: It should work just fine with XML. I'd suggest using JSON, but XML should work out of the box.

13:31:14 PST Question: There is a great package on CodePlex called FluentValidation - it is worth to look at! Answer: And that really is the key, there are a lot of solutions for those types of challenges. It's a problem that

everyone needs to solve.

13:31:23 PST Question: Great info about the helpers, that is just awesome.. I'll start to use them tomorrow

Answer:

13:31:25 PST Question: is the demo code (being shown) available for download ? Answer: https://github.com/MicrosoftLearning/WebAPIDesign

13:37:37 PST Question: do you have a list of the client api calls for each of the projects in the github (I just wanted to be sure that

my client call the webapi correctly)

Answer: I don't.

13:37:54 PST Question: Returning IHttpActionResult vs HttResponseMessage?? Answer: More flexibility.



Q&A Log


3:40:01 PST Question: when would i return IHttpActionResult / HttpResponseMessage / just my own model ? Answer: The default Web API implementation will handle a lot of the statuses for you if you just return the object, but

if you need to send down specific types of messages you can use the different helpers.

13:41:10 PST Question: Kind of weird, but I a super interested in formatting the JSON returned by my web api so that it's more

human readable. I know you covered it earlier. Is there a quick link you can give me where that process is described? Answer: Check the deck on Module 3. https://github.com/MicrosoftLearning/WebAPIDesign

13:42:08 PST Question: I notice that most controllers in the demo return IHttpResult. Any particular reason to not return the actual

return type? Answer: It gives us the ability to control the return types.

13:42:38 PST Question: what is the design pattern you are following for this demo project? Answer: There isn't a pattern here as we're just trying to simulate exceptions.

13:45:13 PST Question: is filtering structured similar to using try catch with catching from most specific to most generic exception Answer: You don't have to list them that way, the runtime will automatically do that.

14:07:11 PST Question: are you guys having technical problems.... or is just me? Answer: Do a Ctl-F5

14:08:19 PST Question: What would an Audit Filter inherit or implement? Ex: I want to log activity calls from a user or another

application. Answer: ActionFilter would work

14:08:25 PST Question: Great Description Answer: Thanks!!

14:09:33 PST Question: Don't think I got the Log reference, it wasn't the Log Lady in Twin Peaks was it?

Answer: Ren & Stimpy.

14:13:13 PST Question: Will this authorization/authentication section cover the use of client certificates? Answer: We won't hit certificates in this module.

14:15:26 PST Question: For open public may be, but B2B don't think so Answer: Absolutely! And I would never suggest this for B2B. I'd use some form of a certificate or otherwise.

14:19:15 PST Question: Are you going to be covering using Web API as a standalone service (eg: hosted on a different server to

my web app), that my web app can call to authenticate users?? Answer: We're getting there



Q&A Log


14:20:00 PST Question: if you have individual accounts in a mvc project and create a web api project as a another project can you

use the identity from the mvc project? or do you need to add web api to the existing mvc project? Answer: You can. You will need to update the context to point to the shared database.

14:20:23 PST Question: How does the auth work when sending a request using jquery? Answer: we're sort of digging into that. we're talking about the server-side now, and how to implement the controller.

14:25:26 PST Question: Busted

Answer:

14:26:11 PST Question: Are we able to connect the template created with the individiual accounts to our in house SQL Server

database. We don't want to put up the created database by the template for new users, we want to compare to users that already exist in our system. We may have to make a new table, but I want it to be in our database. Is this possible? Answer: Short answer - yes

14:27:05 PST Question: How does this approach compare to deriving from AuthorizeAttribute? Answer: I'm not sure what you mean by this question.

14:32:34 PST Question: Do i have to implement anything on the client side manually? (That means, login, request, response, .. ) Answer: This demo here.

14:32:48 PST Question: Are you recommending SSL from the start of the project? Can't we add it after some level of

development? Answer: You can, but I'd say just do it right from the start.

14:33:39 PST Mark E. posted: I was wondering why to use the DelegatingHandler for the custom "naïve" auth, versus deriving

from AuthenticationAttribute (previous topic). No worries though. Answer: Oh! I gotcha. He was just showing the fact that you can really handle authentication anyway you might like.

14:34:07 PST Question: so we can just get ssl certificates from microsoft and dont need to buy it from a 3rd party like verisign? Answer: Sorry - for development the self-signed certificate works just fine. For anything that's public you want a

proper certificate.

14:34:38 PST Question: Can you use ADFS? Answer: You can. Just configure the project to use Organization Accounts

14:36:05 PST Question: Now I just have to wire it up to hit the Yammer API

Answer: We should have an MVA on that in the future.


Q&A Log


14:37:06 PST Question: what's the complete path to POSTMAN? Answer: It's a Chrome plugin. You can https://chrome.google.com/webstore/detail/postman-rest-

client/fdmmgilgnpjigdojojpjoooidkmcomcm

14:37:10 PST Question: so /token/ is a built in route? Answer: It is

14:37:30 PST Question: It's a pain that the "would you like to add this certificate" box has a "don't ask again" checkbox that doesn't

work. Answer: Hmmm.... :-/ It works for me.

14:37:49 PST Question: so far every request I need to set the auth header first Answer: Correct, but you can centralize that method call.

14:38:06 PST Question: Can we manipulate the Claims inside the token if we create our own token from WebAPI (not third party)? Answer: You could

14:38:09 PST Question: every time i run my mvc app i asks again, even if i check the box Answer: That's weird

14:39:09 PST Question: i have an existing app, using peta poco, custom authentication and also data transfer objects... can you

outline how to do all this without entity framework etc. Answer: We did an earlier demo about doing a custom authentication provider. As for the classes without EF, you'd

put that code into your controllers and actions.

14:39:40 PST Question: Are there any web.config settings that need to be set to enable authorization? Answer: There is an <authentication> element

14:40:16 PST Question: Some web services use an API-Key in addition to user name/password. Is that just an extension of this? Answer: It is.

14:40:50 PST Question: it looks like if I create a empty project with checkbox of "Web API" only, the "Change Authentication" is

disabled. but if I choose both "MVC" and "Web API", the "Change Authentication' is enabled. is it supposed to be this way? Answer: The reason is that the MVC project template has all of the components for the authentication. You can still

do this without MVC, but you just need to add that in on your own.

14:41:50 PST Question: gotta run! thanks for doing this! Answer: Thank you!

https://chrome.google.com/webstore/detail/postman-rest-client/fdmmgilgnpjigdojojpjoooidkmcomcm

https://chrome.google.com/webstore/detail/postman-rest-client/fdmmgilgnpjigdojojpjoooidkmcomcm


Q&A Log


14:42:49 PST Question: i don't know is some asked before, but i will like to see all this with the new web api using upcoming vNext Answer: Check out Modules 2 & 3 here: http://www.microsoftvirtualacademy.com/training-courses/what-s-new-with-

asp-net-5

14:43:19 PST Question: I assume these "handlers" are registered somewhere in app_start, WebAPIConfig? Answer: These filters are added on to the specific controller/action. You can register them globally if you like.

14:44:17 PST Question: Can you show us <authentication> element in the current example? Answer: There you go

14:44:42 PST Question: Can we have Windows Auth AND another too and the same time? (internally authorization over domain,

externally e.g. via user/pwd) Answer: Absolutely!

14:44:52 PST Question: must be the chugga chugga chugga method thats authorized

Answer:

14:45:35 PST Question: Sorry I missed it. So where the Authentication section goes, if not in the web.config file. Answer: Inside the startup files

14:46:45 PST Question: What is the advantage of one approach vs the other one (besides being more specific like it was just

mentioned) attribute vs handler. Performance considerations maybe? Answer: No performance, but rather where you need things. If you need people to always login then you can register

the filter globally, otherwise you'd put it on the controllers/actions.

14:50:00 PST Question: can this be integrated into AD groups Answer: It can be. If you're using AD the groups become Roles.

14:50:39 PST Question: Why would you map claims into roles? Answer: Same reason you'd use groups. Roles are just groups. So if you had a set of admins, you can create a role

and configure your permissions appropriately.

14:51:18 PST Question: how the hook is created in the filters? Answer: Sorry, I'm not sure what your question is.

14:54:09 PST Question: what I saw was filter "admin", which is kind of hardcoded, at runtime how do I hookup into AD group

dynamically OR it has to be Hard Coded in the attribute filter ? Answer: Unfortunately the attribute needs the name of the group up front. You can build your own

AuthorizationAttribute however where you look that up, say from a config file.

http://www.microsoftvirtualacademy.com/training-courses/what-s-new-with-asp-net-5

http://www.microsoftvirtualacademy.com/training-courses/what-s-new-with-asp-net-5


Q&A Log


14:56:30 PST Question: if I only have a webAPI project (with no MVC) how can I take advantage of the the AntiForgery token

goodness? Answer: Absolutely - that's what we're showing now.

15:06:18 PST Question: Can I tell the app how to authenticate? My intention is, the more possibilites, the bigger the attack vector?

So, can I say, it should only be possible through a bearer token? Answer: You can

15:06:57 PST Question: so how do I get my client app (non mvc) to get the @Html.AntiForgeryToken() ? Answer: You'd need to send that token down and build the app to expect that. A simple way to do that would be a

global handler and send it in the header information.

15:07:24 PST Question: can you talk about rolling together: token based auth with antiforgery... eg. when making a banking mobile

app which talks to a bank's api Answer: Those are two separate things. You need to send up both tokens as a two-factor auth if you will.

15:08:10 PST Question: Hi Guys! In a cloud environment, how we can guarantee that the token will be the same, independent of

which machine will get the request? Answer: Azure automatically manages that for you

15:08:18 PST Question: can we get a copy of that project samples ? Answer: https://github.com/MicrosoftLearning/WebAPIDesign

15:08:40 PST Question: Is there an example somewhere of doing windows auth and falling back to some other auth

(basic/digest/token/etc.) when that isn't presented? I've seen a bunch of examples online that discuss one auth mechanism, but none for two. Windows in particular seem to override everything

Answer: I don't have one. Sorry.

15:10:47 PST Question: new {controller="Forgery"} is acting as a default value? in the HttpRoute helper Answer: Exactly.

15:11:32 PST Question: Should you always use Dependency Injection to push behaviors off to separate class and then used by

Controller. Or its matter of choice of how you code. Answer: You can absolutely do that, but it sort of depends on what you're trying to do.

15:12:17 PST Question: Is it possible to have the Authentication type be configured in the Web.config file, instead of in the

Application? Answer: You could, but that is the old-style way of doing things.

15:15:01 PST Question: Where can I download your presentation? Answer: The presentation will be available in two weeks at the same URL.



Q&A Log


15:15:54 PST Question: btw: I like your work! Thanks Answer: Thanks!

15:18:15 PST Question: Christopher are we going to have these videos available somewhere ? that would be great Answer: It'll be available here in about two weeks. You'll get an email when it's available.

15:19:22 PST Question: by default is it fromURI or fromBody? Answer: Simple types are from URI, complex types are from Body

15:21:17 PST Question: GitHub link for this code...please?? Answer: https://github.com/MicrosoftLearning/WebAPIDesign

15:22:17 PST Question: Is the authentication and roles auth the same on OWIN self host with no reliance on ASP.NET libraries?

Or is ASP.NET libraries required to use "build-in" auth? Answer: You can use whatever authentication mechanism you'd like

15:23:49 PST Question: i hope you mention how to databind params with a list of ids.... i've done some dirty hacks previously Answer: You could use this type converter here

15:25:26 PST Question: I thought there is a built in way to validate the anti forgery token? ValidateAntiForgeryToken Attribute or

something similar? Answer: That's only available for MVC. The way that works is by adding the data into a hidden form field. You need

to manage this on your own with Web API as there isn't a traditional form.

15:25:52 PST Question: Do you know where I can find a resource for setting up the authroization on our own SQL server? Answer: This is probably a good starting point: http://www.microsoftvirtualacademy.com/training-

courses/customizing-asp-net-authentication-with-identity although there are numerous articles out there.

15:26:07 PST Question: does model binding work in web api same way as in mvc.

Answer: It does. We're walking through that now.

15:27:32 PST Question: Can a Web API application simultaneously use Organization Accounts and Individual Accounts

authorization? Answer: It can because ASP.NET supports that.

15:28:03 PST Question: Can a Web API application use multiple types of Authentication simultaneously. (e.g. On premises and

Cloud based) Answer: It can because it's ASP.NET

15:29:24 PST Question: Can't stay awake any longer, good night and thanks for a great course. Answer: Thanks for sticking around! Have a good night!


http://www.microsoftvirtualacademy.com/training-courses/customizing-asp-net-authentication-with-identity

http://www.microsoftvirtualacademy.com/training-courses/customizing-asp-net-authentication-with-identity


Q&A Log


15:31:12 PST Question: FYI - MSDN says you cannot use Windows + anything else. Can use AAD, ADFS, or just about anything

else, as long as it's not Windows Auth. Link that explains it: http://stackoverflow.com/questions/2610377/how-can-i-provide-an-asp-net-forms-authentication-ux-while-using-active-director/2634718 Answer: Sorry. I misread the question. My understanding of the question was using multiple back-end providers. If

you're looking for integrated authentication and something that's going to prompt you can't do that. But you can implement ADFS, which will give you the ability to use AD as the beck-end. Sorry for any confusion.

15:32:11 PST Question: why would you use a modelBinder over a TypeConverter? Answer: There you go

15:34:15 PST Question: So, there is no fallback to provide a login if integrated authentication isn't available for a user? Answer: You can fall back to Basic authentication, but no. The reason is based on the way the browser is going to

send the data and the server is going to accept it.

15:34:37 PST Question: > Quoted question: So, there is no fallback to provide a login if integrated authentication isn't available for a user? > Quoted answer: You can fall back to Basic authentication, but no. The reason is based on the way the browser is going to send the data and the server is going to accept it. Answer: And I should clarify that to say there isn't a way to fall back to an HTML form.

15:36:31 PST Question: Would SOLID class design help with versioning concepts? Answer: To a certain extent, yes.

15:38:51 PST Question: Ok. But it is possible to use windows authentication and form authentication in one app - and in the

settings I configure which I want to use?! Answer: It's possible to use AD as a backend authentication provider, but it's not possible to use integrated

authentication and "forms" authentication together.

15:41:02 PST Question: With versioning: How easy is it to re-factor an existing API (that was not designed with this kind of

forethought) to now include this? Answer: Hard to answer as that depends on the existing API.

15:44:07 PST Question: Thanks. So it is possible indeed. If I configure integrated authentication, it matches the ad and if I use ad

as backend I can use a "form" an validate against ad?

Answer: OK - we're really digging deep here. Short answer, no. If you use "forms" authentication (or Identity if

you will), you can use multiple back-ends, such as ADFS, SQL Server, Facebook, etc. But, all of those will require the user to punch in their username and password via a form. Integrated won't work in that scenario. Now, even that answer is over-simplified.

15:46:33 PST Question: This versioning magic is... magic

Answer:

http://stackoverflow.com/questions/2610377/how-can-i-provide-an-asp-net-forms-authentication-ux-while-using-active-director/2634718

http://stackoverflow.com/questions/2610377/how-can-i-provide-an-asp-net-forms-authentication-ux-while-using-active-director/2634718


Q&A Log


15:52:51 PST Question: What that load on a cassette? Answer: load *, 8, 1

15:55:49 PST Question: Hi, would you have the code to claim MVA points? thanks Answer: It's on the FAQ page

15:55:53 PST Question: thanks Answer: Thank you!

15:56:05 PST Question: thanks so much guys! awesome topic! Answer: Thank you!

15:56:13 PST Question: thanks to harrison and jeremy Answer: And thank you!

15:56:18 PST Question: thank u Answer: Thanks!

15:56:26 PST Question: Thank you great as usual Answer: Glad you enjoyed it!

15:56:33 PST Question: Thank you so much for such a good stream Answer: Thank you!

15:56:37 PST Question: Thanks Guys! Answer: Thank you!

15:56:48 PST Question: Thanks for the great info Answer: You are very welcome!

15:56:55 PST Question: Thanks for a very informative event Answer: Thank you!

15:57:03 PST Question: you're on a roll. Answer: Dinner!

Documents

Web API Design Jump Start Q&A Logdownload.microsoft.com/download/6/3/6/636926B9-D17A-4CF8-927… · Web API Design Jump Start Q&A Log Live Event Date: February 4, ... given all the