Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

[Question] Implementing a Web Service

Options
  • 04-02-2014 4:17pm
    #1
    Aswerty
    Registered Users Posts: 586 ✭✭✭


    I'm building a new web application at work using ASP.NET MVC and there is something I've been wondering for a while which I'm hoping someone can answer.

    If I want to provide a web service that shares a lot of the Model and Controller aspects of the web application is the best approach to this to use the web application Controllers to provide the web service? So a client can request either a full HTML page to view in the browser or it can request JSON data which can be used for anything (e.g. the client requesting the JSON data in this case could be a machine using the web application as a data source).

    Just to note, I've done a fair bit of web development (both server and client) before but it has always been done with the assumption that the client is a web browser being controlled by an actual user.

    Also how do web services usually handle authentication? Does a machine provide a username and password by POSTing a http message to a www.domain.com/login address whose response to the client contains a cookie/token?

    The web service in this case is to be RESTful so I'm not using SOAP.


Comments

  • Options
    #2
    Graham
    Moderators, Society & Culture Moderators Posts: 17,642 Mod ✭✭✭✭Graham


    Aswerty wrote: »
    Also how do web services usually handle authentication? Does a machine provide a username and password by POSTing a http message to a www.domain.com/login address whose response to the client contains a cookie/token?

    The web service in this case is to be RESTful so I'm not using SOAP.

    HTTP headers are quite common for authentication.

    It's probably worth examining some of the larger API providers to get an idea of how they do it. Twitter, YouTube and Parse.com spring straight to mind.


  • Options
    #3
    Aswerty
    Registered Users Posts: 586 ✭✭✭Aswerty


    I'll have a look at what other API providers use. Ideally I'd like to setup authentication to work similarly for users of the web application as it does for consumers of the web service. Traditionally I've gone the cookie route but I'm open to seeing what is common for web services.


  • Options
    #4
    Graham
    Moderators, Society & Culture Moderators Posts: 17,642 Mod ✭✭✭✭Graham


    API authentication doesn't necessarily preclude user authentication for the Web Apps themselves. You may only want your API available to approved Web Apps regardless of the individual users authentication status.


  • Options
    #5
    Aswerty
    Registered Users Posts: 586 ✭✭✭Aswerty


    The service is planned to be available to specific phone/tablet apps. Though I wouldn't be particularly worried about authenticating the application consuming the API, I don't see any potential business risk if the user has access to the API from outside the phone/tablet app. User access will be very restrictive. Anyone given access will have a working business relationships with us. This of course doesn't mean I won't have a secure authentication system for each user but it does mean from a business perspective what they do once authenticated is going to be pretty straight forward.

    In any case after doing a bit more research I'm pretty happy with using the MVC web application as the web service as well. Based on requirements a dedicated web service would be overkill. I even looked at WCF but as I said, overkill. If anyone has any other tips or cautions when building a web service I'm all ears.


  • Options
    #6
    counterpointaud
    Registered Users Posts: 403 ✭✭counterpointaud


    I would definitely check out Web API with token based Auth over SSL, very easy to set up.

    If that is overkill, perhaps you could just return JsonResult from controllers in your MVC app ?

    There is also the possibility of running Web API and MVC in the same app.

    http://odetocode.com/blogs/scott/archive/2013/07/01/on-the-coexistence-of-asp-net-mvc-and-webapi.aspx


  • Advertisement
  • Options
    #7
    Aswerty
    Registered Users Posts: 586 ✭✭✭Aswerty


    Yeah I was checking out Web API. Seems like it sprung out of WCF as a lean API dedicated to RESTful services. I think I'm just going to go with MVC for the minute. If in the future service requirements exceed what I can do with MVC I might look at something else. Currently the service would at most have to service a few dozen clients with infrequent requests, although all request would probably hit the server at similar times.

    An interesting link to odetocode. It addresses the architectural dilemma I was butting heads with and it pretty much sums up what I came to conclue from research over the last few days. I come across that blog every now and again, I must bookmark it at some point.


Advertisement