The 201 on Building Web API with ASP.NET Core MVC – Kindle Books

The Kindle version for the paperback book “The 201 on Building Web API with ASP.NET Core MVC” is available now, as two separate books.

The 201 on Building Web API with ASP.NET Core MVC – Book 1: Application Core is a collection of core application related topics selected from the paperback book. By the term “application core”, I mean the basic MVC concepts such as action selection, model binding, serialization, etc. that are fundamental to a web API application.

The 201 on Building Web API with ASP.NET Core MVC – Book 2: Application Infrastructure is a collection of application infrastructure related topics selected from the paperback book. By the term “application infrastructure”, I mean the software infrastructure that supports a web API application – things that are outside the fundamental MVC concepts, such as logging, DI, etc.

The 201 on Building Web API with ASP.NET Core MVC

Happy to announce the availability of my new book “The 201 on Building Web API with ASP.NET Core MVC” in Amazon.

The 201 on Building Web API with ASP.NET Core MVC

The 201 on Building Web API with ASP.NET Core MVC, is an intermediate-level guide on using ASP.NET Core and ASP.NET Core MVC’s extensibility points to solve problems, as you build a web API using ASP.NET Core MVC. ASP.NET Core MVC is a powerful framework and out of box, it gets you far. But there are scenarios where you will want to go even farther to get things done. If you are one of those who has gone through the framework 101 and has a need to see farther, this book is for you. This book employs a problem-solution format so that you can read the topics that are of interest to you, in any order.

  • Action constraints
  • Action results
  • Application model conventions
  • Application parts
  • Authentication middleware
  • Batching messages
  • Binding source value providers
  • Filter factories
  • Filter providers
  • Formatters
  • Localization
  • Loggers and logger Providers
  • Middleware
  • Model binders
  • Request validation
  • Resource, Result, Exception, Action Filters
  • Value providers

Contents

1     HTTP 101
1.1  Exposing API over Web
1.2  Returning a Resource Representation
1.3  Querying for Resources
1.4  Creating/Replacing a Resource
1.5  Adding a New Resource to a Collection
1.6  Deleting a Resource
1.7  Using POST to Tunnel other HTTP Methods

2     ACTION SELECTION
2.1  Using Configuration for Action Selection
2.2  Using Convention for Action Selection
2.3  Using a Controller Resource
2.4  Designing Hierarchical URI
2.5  Controlling Route Template Parameter Matching
2.6  Selecting Action Based on Request Content Type
2.7  Disambiguating between Action Methods
2.8  Using Plugin-based Design
2.9  Differentiating 404 – Not Found

3    MODEL BINDING
3.1  Binding Different Parts of the Request Message
3.2  Filling in the Missing Part of the Model
3.3  Providing a Value to Model Binder on Priority
3.4  Handling XML Requests
3.5  XML Input Formatting on a Per-Request Basis
3.6  Binding the Model from Nonstandard Payloads
3.7  Using Factory Pattern for Model Binding
3.8  Validating Requests
3.9  Using Matrix Parameters

4     SERIALIZATION
4.1  Enabling Content Negotiation
4.2  Disabling Content Negotiation Selectively
4.3  Selecting Content Type on a Per-Request Basis
4.4  Detecting Modifications to the Response Body
4.5  XML Output Formatting on a Per-Request Basis

5     FILTERS
5.1  Preventing Action Method from Running
5.2  Preventing Duplicate HTTP POSTs
5.3  Handling Exceptions
5.4  Specifying Order for the Filters
5.5  Creating a Dynamic Filter Pipeline
5.6  Overriding Filters

6     LOGGING
6.1  Logging Request Body for All Requests
6.2  Logging Request Body Selectively
6.3  Logging Response Body
6.4  Structured Logging
6.5  Logging to Amazon DynamoDB
6.6  Logging Additional Fields in JSON Request Body

7    DEPENDENCIES
7.1  Injecting Dependencies
7.2  Resolving Dependencies by Convention
7.3  Proxying Dependencies
7.4  Sharing Data among ASP.NET Components
7.5  Sharing Context among ASP.NET Components
7.6  Sharing Data across Different Application Layers

8     SCALABILITY AND PERFORMANCE
8.1  Returning a Partial Resource Representation
8.2  Using a Composite Resource
8.3  Caching Responses
8.4  Returning a Representation Only on Changes
8.5  Using a Binary Message Format
8.6  Streaming JSON Response
8.7  Going Asynchronous
8.8  Batching Request Messages

9    MISCELLANEOUS
9.1  Sending Custom Response Headers
9.2  Implementing Custom Authentication
9.3  Creating Middleware versus Filter
9.4  Establishing Current Culture
9.5  Localizing Based on Current Culture
9.6  Using ASP.NET Core MVC Core

Specifying Environment from the Command Line in ASP.NET Core

ASP.NET Core picks up the environment from the environment variable ASPNETCORE_ENVIRONMENT. If you want to set it from Visual Studio, you can do so by double clicking “Properties” in Solution Explorer > Debug > Environment Variables. Just add an entry with a name of “ASPNETCORE_ENVIRONMENT” and a value desired.

If you want to set the environment from the command line, you have to modify the Main method like this.

public static void Main(string[] args)
{
    var config = new ConfigurationBuilder().AddCommandLine(args).Build();

    var host = new WebHostBuilder()
        .UseConfiguration(config)
        .UseKestrel()
        .UseStartup<Startup>()
        .Build();

    host.Run();
}

With that, you can pass the environment, like so.

dotnet run --environment "UAT"

You can also specify server URL using command line.

dotnet run --environment UAT --server.urls http://*:5001

That will set the environment to “UAT” and let Kestrel use port 5001.

Reading Katana Cookie Authentication Middleware’s Cookie from FormsAuthenticationModule

I saw a question in stackoverflow about using the cookie created by FormsAuthenticationModule (FAM) from the Katana Cookie Authentication Middleware. I thought it was a one-off question. But then, here is one more question, similar, but it is about reading the cookie created by CAM from FAM. Though we cannot change FAM’s behavior, it is technically possible to write an HTTP module to read the ticket. So, thought of writing some code to illustrate how to read the CAM cookie.
Continue reading

Web API Model Binding in ASP.NET MVC 6 (ASP.NET 5)

In ASP.NET 5, MVC and Web API have been merged into a single framework called MVC 6. If you are deep into Web API and MVC in the previous versions of ASP.NET, like me, it will take some time to get used to how binding works in MVC 6. Especially, if you are more into Web API in the recent past than MVC, like me, you will actually feel sad to see that the things you are so used to with Web API are all gone and it is different now : (.
Continue reading

Using Thinktecture Hawk Katana Authentication Middleware with ASP.NET 5.0 (ASP.NET MVC 6)

In this post, I have covered Katana middleware versus ASP.NET 5.0 middleware. Calling a normal Katana middleware that accepts AppFunc from ASP.NET 5.0 pipeline is not that difficult. You can just use the UseOwin extension method on IApplicationBuilder, like so.

app.UseOwin(addToPipeline =>
{
    addToPipeline(next =>
    {
        return new MyNormalKatanaMiddleware(next).Invoke;
    });
});

Continue reading

Thinktecture.IdentityModel.Hawk – Nonce Storage for Replay Protection – Redis Example

Thinktecture.IdentityModel.Hawk now stores nonce values and validates the incoming nonce to detect replays. In Hawk authentication, the timestamp (ts) field is the fundamental protection mechanism against replay attacks. By default, Hawk uses a time window of 1 minute and this value is stored in the ClockSkewSeconds property of the Thinktecture.IdentityModel.Hawk.Core.Options class. This basically means the replay window is 2 minutes (accounting +1 and -1). If the server and the client clocks are reasonably in sync, ClockSkewSeconds can be set to a much lower value, say 10 seconds and that will bring the window of opportunity for replay to a very small time period.
Continue reading