dotnetConf 11/17/2018 11:06 AM © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Building Secure Web APIs with ASP.NET Core dotnetConf 11/17/2018 11:06 AM Building Secure Web APIs with ASP.NET Core Daniel Roth Senior Program Manager © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Outline Overview Getting started Routing Formatting Swagger Security dotnetConf 11/17/2018 11:06 AM Outline Overview Getting started Routing Formatting Swagger Security © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ASP.NET Core (previously ASP.NET 5) A new open-source and cross-platform framework for building modern cloud-based Web applications using .NET
ASP.NET frameworks - similar, but different Web Pages MVC Web API Razor HTML Helpers HTML Helpers Controllers Controllers Actions Actions Filters Filters Model binding Model binding DI DI
MVC + Web API + Web Pages = ASP.NET Core MVC
ASP.NET Core MVC One set of concepts – remove duplication Web UI and Web APIs Part of ASP.NET Core Supports .NET Core Runs on IIS or self-hosted Deep integration with DI
Web API features Attribute routing Model binding and validation Link generation Formatting (JSON, XML) and content negotiation Metadata generation (ex. Swagger) Authorize access with JWT bearer tokens JSON Patch CORS
Getting started with ASP.NET Core Install .NET Core from https://dot.net Docs and tutorials at https://docs.asp.net Source code at https://github.com/aspnet
Let’s get started! dotnetConf 11/17/2018 11:06 AM Getting started Installed from https://dot.net. File -> New Project -> ASP.NET Core Web API (or use Yeoman on a Mac) Attribute routing Route tokens (rename ValueController to TodoController) Route constraints Implement Post, link generation, [FromBody] Add Swagger Formatters [Produces], [Consumes] Add Range data annotation and validate a request Azure AD org auth Create new projects with work and school accounts (i.e. Office 365) Show that the app and the middleware is preconfigured Show the controller with the [Authorize] attribute Switch to prebuilt app Talk to sample todo list UI and sample on GitHub Show update controller Show angular client code and usage of ADAL Run the application © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Thanks for watching! Get started: https://dot.net dotnetConf 11/17/2018 11:06 AM Thanks for watching! Get started: https://dot.net Docs: https://docs.asp.net Join us on GitHub: https://github.com/aspnet/home © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
dotnetConf 11/17/2018 11:06 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.