Microsoft’s new framework for writing RESTful web services and web APIs is appropriately enough called ASP.NET Web API. As the name applies, this technology is part of ASP.NET and also inherits its well-known security architecture. But in addition it also supports a number of new extensibility points and a flexible hosting infrastructure outside of IIS. There are a number of ways how to do authentication and authorization in Web API - from Windows to usernames and passwords up to token based authentication and everything in between. This talk explores the various options, and puts special focus on technologies like claims, SAML, OAuth2, Simple Web Tokens and delegation.
While Microsoft is calling their new web framework "MVC 6" and branding it as a unified successor of MVC / Web API / Web Pages, the reality is much more complicated than that. The newASP.NET 5 alone is a completely different managed runtime, which results in plenty of changes, compatibility issues and necessary adjustments when trying to bring your old application over to the new world. On top of that MVC 6 introduces plenty of changes. While controllers in "old" and "new" world may look similarly, a lot of core concepts that you might have been used to when working with Web API projects have changed, and finding corresponding ones is a tricky, and often frustrating, task. This talk will draw parallels between the Web API framework pipeline that you might be used to (MessageHandlers, Filters, Selectors, Formatters etc), to the one which are part of MVC 6, and explore the techniques you can use when migrating a Web API project to MVC 6 - hopefully easing your transition into the next generation of ASP.NET.
Modern applications need to deal with authentication, single sign-on and federation as well as web API access and delegated authorization. Solving both problems required either using a bunch of protocols that often don’t work together really well, or coming up with a proprietary solution. OpenID Connect wants to rectify that situation – it defines an authentication protocol on top of OAuth2 to solve both the authentication as well as the delegated API access problem. Being based on simple HTTP interactions it also allows for true cross-platform. Learn how.
Web frameworks help you build an API quickly but most have little support for dealing with an API that needs to evolve, forcing you to prematurely version your API.
Take back control of the content you send over the wire. API responses are the "user interface" of your API and should be crafted with same attention to detail that cause designers to fret over color choices, shadows and highlights.
In this talk I’ll show you what I have learned about API response design in the last 8 years of building Web APIs. I'll cover issues like structuring for evolution, sizing for optimum caching, the different ways to include metadata, media type selection and many other issues that surface when trying to design an API for the long haul.