I am using the new ASP.net 5 Web Application and Web Api templates (I've created two seperate applications).
App 1 is going to be a Single Page Application (SPA) and pull its
data from App 2.
App 2 is a Web Api, it will server data to App 1.
Nothing crazy in this approach so far. When I chose to build an SPA, I was stepping away from what I'd traditionally do with MVC. But I like some MVC features, in particular the AntiForgeryToken security (security is very important to me).
What I am planning to do is have my initial index page (App 1) loaded via MVC (so have a index.cshtml and controller). Then write my antiforgerytoken onto the index page when its delivered to the client. At that point Angular takes over and all my calls will be to App 2. I was going to pass the AntiForgeryToken to each service call so it can be verified BUT i have a feeling it wont work because I generated it within App 1 (who will now be expecting it) and App 2 wont know anything about this.
Approach is outlined in my terrible diagram below:
Firstly, is my assumption correct? - I wont be able to use the AntiForgeryToken on the web app because this app didnt generate it?
Secondly, is a better approach to remove MVC from the equation in App 1, and instead create a web api controller method (in App 2), that will generate me a token on the web api, then I can get it and keep track of that in Angular in App 1 - passing it to each request going back to App 2?
OR is there a better way (I am using Angular after all)
OR is this just pointless? :-)
Thanks for advice!
Related
I have made an angularjs app and I want to use it in another web application (eg. C# .Net,JAVA). I have another web app (which does not use angularjs) and when I click a button it should be redirected to my angularjs app to use the functionalities. How can I achieve this? Thanks!
IMO, for C# Web App, you can use RedirectPermanent("<AngularJsApplicationFeaturePageUrl>"); spend time in AngularJs application and when it completes, AngularJs Web Application is responsible for redirecting us to appropriate page in C# Web App.
For Example,
You might have experienced it in e-commerce apps. For buying\ checking-out items, you will be redirected to Bank's fund transfer page. When you are done, Bank website will redirect you to original e-commerce app.
You are seeing in Identity Module Providers like Azure Active Directory, Google Single Sign On,.. redirects you to its login page to challenge your identity and posts you back to original website.
You can find a ton of examples for above use cases.
I am new to asp.net mvc world. So I have a question
I have already developed a web app using Asp.net MVC (also deployed on production).
Currently I am working on mobile apps. For this I need web services (restful).
For Restful web services do I have to make a new project (within existing solution) or can I incorporate Restful webservices into my existing (Asp.net MVC) project ? (I prefer 2nd option if possible)
If I have to make new project for Web Api, then how will I deploy both projects on production knowing that Web Api project is dependent on Asp.net-MVC project ?
One thing you need to understand first is whether it's a web service,wcf service or a Web API the only thing you need is to get a json/xml output which you can use in your mobile app.
Let say you have and asp.net mvc application which has some action methods, but you might be returning a View or PartialView which is not you want for a mobile app to parse. So you need to create an action method which returns JsonResult.
If you want to use all the RESTFul verbs like POST,PUT,GET,DELETE you can add another controller which inherits from APIController and write methods there, but either ways output is same.
So it's up to you what to do and how to proceed, only thing is with an APIController you will have some more verbs and code ahve some special returns like "Ok" e.t.c
We are starting a project which will consist in:
Web project (ASP.NET MVC)
IOS app
and both will consume data from a .NET WEB API service.
The WEB API service will expose a POST Method with the url "user/create". But i don't know how can i avoid another apps for making post to this url? I know i need a security protocol, but i wanted to know which one you recommend me, and if you have, an article where is it explained.
Thanks
web api 2 provides oauth authentication. You will need to get a token from the token end point of web api and pass that token in subsequent requests.
You should find lot of online resources if you search for web api 2 oauth.
We did something similar recently using OWIN OAuth 2.0 Authorization Server
Reference this ASP.NET page for details. Sample code is included as well for several different implementations.
For our purposes, we used the Client Credentials Grant section about half-way down the page. Our implementation involved server-server OAuth (Web API to MVC), but I bet it's pretty similar to have iOS connect. The only thing I would caution is to somehow encrypt the login credentials on the iOS side, and I'm sure there is a way to do that.
So you want the WebAPI to only be used by the MVC page? The best architectural method is to separate the two rather than leave both in one project. Why? Because the MVC app is a experience layer for humans. The WebAPI is an experience layer for the MVC app. Move it back where it can't be accessed.
You can add on tokens, etc, but the MVC app sits on the server, but is accessed on the client computer. The wider the scope of the application (ie, intranet or internet or something in between?), the more difficult the problem and the harder it is for your users to access the application. Moving the WebAPI internal and leaving the MVC app exposed guarantees external users cannot use the API.
The main reason WebAPI and MVC exist together in a single project (still a mistake in most instances, IMO) is you are exposing both to the same audience. If that is not your intent, don't do it.
I currently have an Aurelia single page application I'm developing in WebStorm, and a backing Web API I'm developing in Visual Studio. In the dev environment, everything works fine, I just host my client application using WebStorm's server and point it towards my local web api url.
When I deploy the application, I need a way to initiate my client, however. Is it common practice to have my Web API's default route return my index.html page? For some reason it seems very strange to me. Is there a better way to first serve up my index.html? I haven't been able to find much online regarding the subject.
Thanks for any guidance.
What I've done in several projects is to build a single MVC + WebApi project.
This way you will be able to serve both the MVC part for your "index.html" and the WebApi for all your API needs.
So the MVC part is basically just a DefaultController with a Index method that returns the View that initializes my SPA.
In other words, the View for the Index method returns the content you normally would have put in your index.html file.
I'm about to start a new project in ASP.NET MVC5, which has a bit of Web API too. I'll also need a Windows Forms client which will call the API. This client has a file system watcher that detects when a file has been changed, and will post the contents to the API.
When the API receives the data, it does some calculations, and ideally will send the results through SignalR to the browser and update the display.
I'm getting rather stuck trying to work out the authentication. I want to use Individual User Accounts, so the user can log in with the Windows Forms client (and get a token) and in the browser to view the data.
I've got as far as File -> New -> Project, and tried an MVC project with the Web API box checked, and a Web API with the MVC box checked. Looking at the two AccountController classes that these generate, they seem quite different.
I guess the options are
Try to get these two controllers working together
Call the MVC controller from the Windows Forms client
Have two projects in the solution and try to work out how to use SignalR to talk between them.
A better way?
I suspect the last one. I've not used Web API before, so I could be doing this all wrong. What approach should I take?
I would say, create 2 different projects, 1 for MVC 1 for API.
Use 1 BLL which is referenced in both of them and carries the logic for both of them and will not be dealing with separate controllers.
Of course if you need other layers like DataAccess or Repository, you have to create them once and they will be referenced in the BLL which is later referenced in both MVC and API interfaces.