I am building the phonegap application and backend i am using Asp.net WebAPi REST,I want secure my Application and WEBApi,I want to know best practice for secure this,Kindly suggest me with any information or best tutroials or any blog which may help me.
Related
First off, I apologise if this is a trivial question but I am getting so confused by the information I am reading. I have put off posting on here as I feel my question is too broad but I can't find a definitive answer. I am a C++ developer by trade but I am wanting to get into web development.
My end goal is to have a web API that is consumed by both a web app and mobile app. I want to get the structure nailed first by developing an web API and web app and then expand it to a mobile platform later on.
My aim is to have 4 separate sections - Database -> WebAPI -> Web App
-> Mobile App
all of which are protected with username/password etc.
I have decided to use ASP.NET Core but when creating an application I am given two options in visual studio - ASP.NET Core Application or Web API. I have tried creating a Web API and a separate Core Application but can't work out how to call the web API. I have also tried creating a Core Application as it seems like I should be able to do everything I want in one project but I am worried that the Web API won't be separated enough to be able to call from a mobile app.
I will be working with a database containing sensitive information so obviously want to protect access to the Web API and Web/Mobile app. I have been watching courses on Pluralsight about Identity but I have read that it doesn't work well with Web API's.
Basically I am getting extremely confused when in my mind my end goal should be relatively simple to achieve. If anyone could give me any pointers as to what technologies I need to use would be fantastic.
ASP.NET Core WebAPI is specifically designed for building REST-ful services.
ASP.NET Core Application is used to create web applications that returns both views and data (it's an analog of Asp.NET MVC from standard Framework).
Which to choose is really depends on kind of WebApp you are going to use. If you plan to use some SPA framework, you don't need mechanisms to generate views on server side - WebAPI is a great choice, otherwise choose Application. Here you can find more details on differences.
As of security concern, there no issues with WebAPI. It provides a lot of mechanisms to secure your API and restrict access to methods based on user's identity. Please look at this article as an example.
I am using ELMAH in a Web API 2 project. I wrote my own IAuthenticationFilter to authenticate against Atlassian's CROWD.
I want to secure ELMAH also against CROWD. Is there any way to achieve this?
Are you wanting to make a secure Web API call that shows the most recent or the most common errors in your ELMAH data store? If so, why not write those data-fetching calls and secure them with your custom filter the same way as your other API calls.
I've used the Codeigniter RESTful framework to make an API for my mobile apps. I would really like to host it on Google's App Engine but there really aren't any tutorials showing how to do this.
Could anybody help in this regard with helping me to get onto app engine?
You can use CodeIgniter modified to run on Google's App Engine (PHP) https://github.com/edwardmp/CodeIgniter-AppEngine
And also follow Tutorial http://blog.programming4design.com/codeigniter-on-google-appengine-for-php/
I am developing a client to access weather information from a RESTful API (http://api.worldweatheronline.com/free/v1/weather.ashx). I am using ASP.NET MVC4 and i have two choices as of my limited knowledge.
using jQuery.ajax({....});
using .NET4.0 HttpClient.
The API requires a key parameter key=xxxxxxxxxxxx as part of the request, and i do not want to reveal the key to the users of the site.
Please guide me someone and also let me know if there are some best practices/standard way of doing this?
If you don't want to reveal the key to users of the site, then you have no choice but to use HttpClient from within your ASP.NET web site. If you allow the call to be made by jQuery in the client browser then it is impossible to hide that key.
i read about the beta version of asp.net MVC 4 web API , i think that it is related to building web services. So are these two frameworks (MVC 4 internet application & Web API) targeting different types of application or they may be used for building similar types of application but using different frameworks?
for example if i need to build an internet application for a registration system for a university or an internet shopping store (which i use to develop using asp.net MVC 3 internet application),, then will these two frameworks be suitable for these types of applications ???
Thanks for any help ...
BR
Those are just 2 templates. No matter which one you choose when creating the application initially you could always later change and add functionality. The MVC 4 internet application template is similar to the ASP.NET MVC 3 internet application template. It creates a default Home and Account controllers, it registers a default route and adds a couple of views.
The Web API template in addition to all this it adds an API route and an ApiController allowing you to expose RESTful APIs in your web application. The Web API is basically a simplified way to build RESTful services. Up until now this was possible with WCF but the Web API makes it really simple. The Web API could be self hosted. You don't need to put it in an ASP.NET MVC application.
The webapi makes it simple to create HTTP services. I have only used them to return json. You can use either for the types of applications you are building.
Take a look at this blog article from Scott Guthrie http://weblogs.asp.net/scottgu/archive/2012/02/23/asp-net-web-api-part-1.aspx
Web Api basically lets you create HTTP REST full services. The API also gives one full access to the http requests and responses in a type safe way.