I created some chrome extension that detects a file download event and cancel the download, and gets the download link. Sends the link to myserver.
I want to create a server that recive link to download, download the file, do some manipulation on the file and sends the file back to client.
All the time I developed client side apps (Mainly with c#), and I don't know what to choose for the server side, WCF App or Web API (or something else). the server can be inside the organisation or remote.
What do you think should I pick? any suggestions?
It seems that creating Restful-style services may be more appropriate for this scenario.
You know, both WCF and Asp.net WebAPI can create Restful-style services. WCF could take advantage of the Webhttpbinding to create it.
As for handling file uploads and downloads, I don't think there is any difference between the two techniques. Perhaps the services created by Asp.net WebAPI are a little more mature, such as the ability to deal with form-data stream (multipart/form-data) directly. While WCF service could not directly process the form-data stream.
Here is an example of an upload and download in Asp.net WebAPI.
https://learn.microsoft.com/en-us/aspnet/web-api/overview/advanced/sending-html-form-data-part-2
How to return a file (FileContentResult) in ASP.NET WebAPI
Feel free to let me know if there is anything I can help with.
I have a website written in ASP.NET WebForms, which accesses web services that are written in ASP.NET WebAPI. For security, I closed port 8079 (web services) so that web services could only be accessed via the website, but that it would not be possible to request web services directly from the Internet. When I request a page on a website, through the Fiddler program, I see a request for a website, but I don’t see a request from a website for web services. Everything works well. But now I have made another website written in AngularJS and I want this website to also access my closed web services. Is this possible through AngularJS? Below is the request code for web services via ASP.NET website.
HttpResponseMessage response =
client.GetAsync("http://localhost:8079/api/values/5").Result;
if (response.IsSuccessStatusCode)
{
Task<string> data = response.Content.ReadAsStringAsync();
result += data.Result;
}
As a result, the site(AngularJS) and ASP.Net MVC Web Application should be available on the Internet, and web services (ASP.NET WebAPI) should not be available on the Internet.
Currently, the client accesses the web services directly, but it’s necessary to make the client access the web server and the web server access the web services
Even if you create another ASP.NET app (a kind of 'facade') that handles requests from the client, and invokes web services internally, this alone won't solve the problem:
If the facade accepts requests from any client and just sends them to the web services, it is not different from exposing the web services directly to the internet.
As #Andrei Dragotoniu pointed out, you have to secure your services by only accepting requests from authorized clients.
How to authorize access to web services
A common way of securing access to web services is JSON Web Token (JWT). The token contains encrypted claims that explain the identity (and maybe other aspects) of the client. Typically it works as follows:
A new token is generated on the server upon successful authentication of the client. The authentication can be either manual (a login form), or automatic (for example, with OAuth).
Once the token is generated, it is returned to the client. The client then starts attaching the token as an HTTP header to every request it sends to the web services. On every request, the web services validate the attached token.
This blogpost provides more information and examples of using JWT in C#.
API Gateways
The requirement of limiting access to web services to an internal network is not uncommon. A typical solution here is API Gateway.
(from Wikipedia) Gateway: a server that acts as an API front-end, receives API requests, enforces throttling and security policies, passes requests to the back-end service and then passes the response back to the requester. A gateway often includes a transformation engine to orchestrate and modify the requests and responses on the fly. A gateway can also provide functionality such as collecting analytics data and providing caching. The gateway can provide functionality to support authentication, authorization, security, audit and regulatory compliance.
More on API Gateways in this article. One of the most popular API Gateways is Kong.
Even if you deploy your web service in intranet, you cannot consume the web service from client browser (Angular or JS Applications).
One possible solution could be,
Deploy the web service in intranet web server.
Create a proxy web service in the edge server (they are both intranet & internet facing). Proxy web service should just expose the required methods by obscuring the original web methods.
Consume proxy web service from client-side applications.
Otherwise, client-side applications can never consume the intranet web services.
Optionally, if you create NodeJS, ASP.Net based web applications, it can be deployed on edge web servers that can talk to intranet web services and users (living in the internet) cannot access web services directly.
UPDATE:
Moreover, based on your code above, it looks like you are trying to consume web service from .Net Runtime Managed Code (ASP.Net MVC). Well, in that case, AngularJS will ajax to your controller-action. Then controller, in the edge server, can talk to any intranet web service. AngularJS need not talk to Web Service. It is straight-forward now.
"When I request a page on a website, through the Fiddler program, I see a request for a website, but I don’t see a request from a website for web services"
That statement is true in a very limited context, but the reality is much bigger than that.
The requests from a website to its own API can easily be seen by using browser tools for example ... hit F12 in any browser and look under the Network tab, this is something anyone can do to see what a website ( any website ) is doing.
You need to protect your API somehow. You can use something like OAuth2 or you could do it at server level. You can lock down a server to only accept connections from your website's IP address for example. You can also make it so that the server the API is on is completely locked down. You can lock down the API.
You just need to realize that you do have a security issue if you don't do something. The tech stack you use is irrelevant for this.
I am trying to upload a file from a client to a MVC application, and then have the MVC application pass the upload file to a web api.
So far I overrode the IHostBufferPolicySelector to stream any incoming HTTP requests that are greater than a given size. So any large file uploads made to MVC is being received as a stream.
I thought of two solutions to this problem, but open to any suggestions.
Have MVC temporarily store the file, then send that file over to the web api
Somehow pass the stream of the file that is coming into MVC, over to the web api
Is there a way to achieve option 2? Can I pass an incoming stream to another web service?
I need a structure for send data
i use asp.net mvc 5 and i want to send data to mobile device and wait return response.
how can it ?
(Web api or Mvc) <-----> Mobile Device
I have the following architecture:
Web-Application <-> Web-Service <-> Cloud
The web-application provides a html page for uploading a file which should be placed in the cloud. It is, by design, not possible to upload directly to the cloud (this is really no option here).
What I could do is, to upload it to the web-application and save the file to disk, then upload it to the web-service, save to disk and finally upload it to the cloud. But because the file could be large (4GB+) it would be nice just to pass the stream from the web-application to the web-service and the web-service passes it to the cloud, so it does not get saved to file anywhere instead of the cloud.
Is this possible with C#, .NET 4, ASP.NET and MVC 4?
It was really easy.
Within my Web-Application Action I just created a new HttpWebRequest, copied the file's inputstream to the HttpWebRequest and sent it to the Web-Service. Same thing from Web-Service to the Cloud. So no storage to disk is needed.