WEB API 2.X

What’s new and …..

Ugo Lattanzi

Head of Technolgies @ Gaia

Microsoft MVP, MCP

Twitter: @imperugo

Blog (en): http://tostring.it

Blog (it): http://imperugo.tostring.it

E-mail: imperugo@gmail.com

Agenda

• Who am I?

• What’s ASP.NET Web API?

• What’s a RESTfull service?;

• Routing old and new;

• Global Error Handling;

• Help Page;

• CORS;

• BSON serialization;

• Ignore route;

• …. caching;

WHO AM I?

Who am I?

• Head of Technologies at Gaia (www.gaia.is.it);

• Microsoft MVP (ASP.NET / ISS);

• Speaker / Trainer;

• Book / Article author;

• “Opensourcer”;

• Github lover;

• Everything about Web Dev;

Important message

We are looking for

some good (and

crazy) guys to join our

team.

Contact me –

imperugo@gmail.com

What’s ASP.NET Web API?

Web API and REST

• When you speak about Web API, probably you should

know REST, but was doesn it mean?

• RESTfull= REpresentational State Transfer

RESTfull what????

Web API and REST

It is not a WebService (SOAP), a patter or a protocol,

but is a style of software architecture for distributed

systems such as the World Wide Web

Web API and REST

ASP.NET Web API is a framework (FW 4.x) for processing

data and returning data, tipically in json or xml (RESTful

services);

It seems MVC but is not and, if you need both, use both.

What is similar to MVC?

• Released with NuGet;

• Routing;

• Controllers and Actions;

• Filters;

• ModelBindings;

• Dependency Injection;

What is different from MVC?

• Dispatching (based on http verbs);

• Formatters;

• Async everywhere;

• Self host (no need IIS);

• Content negotiation;

• Everything is under System.Web.Http;

RESTfull

• Stateless architecture based on HTTP;

• Each url is a resources (no transaction between two

requests);

• Base on HTTP Verbs (GET, POST, PUT, DELETE);

• The status of the response is based on HTTP Status code

(401, 200, 404 and so on);

DEMO

ROUTING

Attribute Routing

Allows you to override the default routing for a single action/controller;

/customers/1/orders/api/v1/products/api/v2/products

Good Article: http://bit.ly/1dwdc2D

GLOBAL ERROR

HANDLING

Global error handling (the problem)

There’s no easy way in Web API to log or handle errors globally (prev v2.x);

I.E.:

• Exceptions thrown from controller constructors

• Exceptions thrown from message handlers

• Exceptions thrown during routing

• Exceptions thrown during response content serialization

Good Article: http://bit.ly/1eiUvBB

Global error handling (the solution)

WEB API (2.x) provides two new user-replaceable services,

IExceptionLogger and IExceptionHandler, to log and

handle unhandled exceptions. The services are very

similar, with two main differences:

Global error handling (the solution)

Global error handling (CatchBlock)

DOCUMENTATION

There is a specific endpoint to call

API Documentation (thx to @shanselman for that slide)

Is there someone who want to write the

API Documentation? (thx to @shanselman for that slide)

Help Page

• “Automatic” API Documentation;

• Base on MVC (all via nuget);

• Template on top of Bootstrap

• Support validation attributes;

• Code comments;

• Support complex types also for GET Methods (new);

• Support for Enums;

Help Page (Document your code)

Help Page (Enable the XML output)

Help Page (Specify the documentation

file)

Do you know postman?

CORS

CORS - Cross-Origin Resource Sharing -

(the problem)By default it's not possible to make HTTP requests using

Javascript from a source domain that is different from the

called endpoint.

For example, this means that it's not possible to call the

URL http://mysite.com/api/myrestendpoint from a domain

http://yoursite.com

This limitation has been introduced for security reasons: in

fact, without this protection, a malicious javascript code

could get info from another site without noticing the user.

CORS (the problem)

CORS (the problem)

Ok, but sometimes we need to do this. How can we do

that?

• JSONP is easy to use and it's supported by all browsers;

the only problem is that the only HTTP VERB supported is

GET, which has a limitation on the lenght of the string that

can be passed as query parameter.

• Otherwise, if you need to send lot of information we can't

use this way, so the soulution could be to "proxy" the

request locally and forward the data server side or to use

CORS.

CORS (the solution)

Basically CORS communication allow you to overtake the

problem by defining some rules that makes the request

more "secure".

Of course the first thing we need is a browser that support

CORS: fortunately all the latest browsers support it.

Anyway, we have to consider that, looking at the real world,

there are several clients that are still using Internet Explorer

8 which, among other things, doesn't support CORS.

CORS (the solution)

http://caniuse.com/cors

•Internet Explorer 10/11

•Chrome (all versions)

•Firefox 3.5+

•Safari 4.x

CORS

CORS

CORS

CACHING

CACHING

• Do you know the HTTP support caching?

• Do we really need to use server side cache?

• What I’ve to do in my code?

Caching

How does it work?

The client will ask the server if it has an updated copy of

the resource by sending some information about the

cached resources it holds using a request header

called ETag

If there are no updates, the server return 304 with an empty

body, otherwise a 200 with the new data

Caching

Cache Cow

It’s an open source library available on nuget (the source

code is on github) that allows you to enable caching in you

APIs;

Support differents providers to store the cache (memcache,

ravendb, azure caching, Redis and so on);

Cache cow

GRAZIE!

Ugo Lattanzi

Head of Technolgies @ Gaia

Microsoft MVP, MCP

Twitter: @imperugo

Blog (en): http://tostring.it

Blog (it): http://imperugo.tostring.it

E-mail: imperugo@gmail.com