Tag Archives: WebAPI

VIDEO – Protect WebAPI data endpoint with ADAL (Azure AD)

Wanted to record brief demo of how to protect WebAPI data endpoint with ADAL (Azure Active Directory) Authentication Library.   Azure Portal enables us to register custom SPA (Single Page Application) for secure API calls to backend REST data sources.   OAuth Bearer HTTP headers are applied to provide security with JWT tokens (JSON Web Token).   Video shows all steps from Azure Portal registration to F12 validation of REST data calls.

Cheers  shades_smile

Video

Screenshots

image

image

image

image

image

image

image

image

Code


References

VIDEO – PowerShell automated WebDeploy ZIP install

This video will demonstrate how to test, build, publish, and install WebDeploy ZIP packages.   The example walks through a simple WebAPI HTTP endpoint which echoes back the current date and time.   Fiddler is leveraged for HTTP testing.   Once tested succesful, we publish the project to ZIP for install on IIS hosted infrastructure.

PowerShell cmdlet Restore-WDPackage is used to extract ZIP content and create a permanent home for the API endpoint.

By automating with PowerShell we provide a fast consistent admin experience to ensure the API is always installed the same way for a reliable repeatable procedure.  Thanks for watching.

Cheers!  shades_smile

Video

Code

Add-PSSnapin WDeploySnapin3.0
$package = "C:\temp\Hello\deploy\Hello.zip"
Restore-WDPackage $package -Parameters @{"IIS Web Application Name"="API/Hello"}

Screenshot

image

References

VIDEO – HTTP Header Client Secret protected Web API

Watch the video below to see a demo of protecting WebAPI with HTTP header and a Client Secret.    By default, new Web API projects lack any security mechanism and are open to any anonymous user.    Protecting Dot Net methods with an IF() statement condition provides a simple security mechanism to ensure only users who know the Client Secret are able to run the API and execute the method.

NOTE – Check out https://www.spjeff.com/2017/10/05/video-azure-ad-protected-web-api-in-an-angularjs-spa/ for more complete WebAPI security with Azure AD.

Cheers! shades_smile

Video

Screenshots

image

Code

public bool keyMatch()
{
	// security HTTP header
	string key = "12345678901234567890123456789012345678901234567890";
	IEnumerable headerValues;
	var keyFilter = string.Empty;
	if (Request.Headers.TryGetValues("key", out headerValues))
	{
		// ALLOW - match key
		keyFilter = headerValues.FirstOrDefault();
	}
	if (keyFilter == key)
	{
		return true;
	}
	else
	{
		return false;
	}
}

References

VIDEO – Azure AD protected Web API in an AngularJS SPA

Recently I walked through an Azure AD Web API sample project on GitHub at https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi and recorded a brief 14 minute video of the install and deployment steps.   Watch below and enjoy.  Cheers!  shades_smile

Video

Screenshots

image

image

image

image

Error Message

Could not load type ‘System.IdentityModel.Tokens.TokenValidationParameters’ from assembly ‘System.IdentityModel.Tokens.Jwt, Version=5.0.0.127, Culture=neutral, PublicKeyToken=31bf3856ad364e35’.
( others at IdentityServer3#3017 saw the same with JWT breaking change)

Extra NuGet Package Step

Update-Package
Install-Package Microsoft.AspNet.WebApi.Cors
Install-Package System.IdentityModel.Tokens.Jwt -Version 4.0.2.206221351

References

VIDEO – code JS todo CRUD on Breeze & SQL Express (part 2 of 2)

Our next step in this series is cloud hosting.  Each of the local source components has a Microsoft cloud destination equivalent.   Here is the mapping:

  • SQL Express > SQL Azure
  • WebAPI > Azure Web App
  • Angular SPA > Office 365 SharePoint Content Editor

In the video below I walk through all of these steps to migrate the local “todo” CRUD application created earlier to be fully hosted in Microsoft’s cloud.    From there, we have a fully operational business application running on Office 365 with all custom code hosted in Azure.

Enjoy! shades_smile

 

 

Video

VIDEO – code JS todo CRUD on Breeze & SQL Express (part 2 of 2) from Jeff Jones on Vimeo.

SPAuditAPI – Read SharePoint audit logs from JavaScript over REST

Recently I wanted to query Audit data from the web browser client and learned no native REST api was available.   So I created one.   Below is a demonstration video and link to the full source code.

This web API enables us to execute the server object model SPAuditQuery() method from HTTP POST and provide optional filter parameters.   More filters give a narrow match and faster server response.   We want to be specific, even if only a default time range (example – past 30 days) to improve user experience and reduce system load.

Cheers!  shades_smile

 

 

Source Code

 

Video

 

Context Diagram

image

 

Screen Shots

image

image

image

image

VIDEO – Online WebAPI Generator

I created an online service at https://spjeff.azurewebsites.net/ which generates a MVC WebAPI 2.2 project with the name you enter.   A custom ZIP file is generated server side with your custom name for the Project, Namespaces, Assembly, and sent to the browser for download.   Best practices are already enabled such as:

  • [CORS] decorator
  • [Authorize] decorator
  • Minimal packages and dependency
  • Zero MVC boilerplate
  • Lean mean API ready for dev & prod

From there double click SLN and begin coding.  Enjoy!  shades_smile

 

Video

Online WebAPI Generator from Jeff Jones on Vimeo.

 

Screenshots

 

image

 

image

 

image

VIDEO – Cloud migration of JS todo CRUD to Azure & Office 365 (part 2 of 2)

Live walk through of hosting “Todo List” CRUD application on the Microsoft cloud.   Continued from the first video where we coded a full local application, this video migrates the application front/back end to the cloud.   HTTPS Breeze WebAPI endpoint hosted on Azure for the backend with HTTPS Office 365 SharePoint Content Editor Web Part for the frontend GUI end user experience.

Custom HTTP header was added for extra security as an application “client secret” which is required for the WebAPI middle tier to respond to HTTP traffic.  Missing HTTP header will respond with “null” and not execute any Dot Net code.

Enjoy! shades_smile
 

 

Diagram

breezejs-sharepoint-architecture
 

Video

 

References

VIDEO – code JS todo CRUD on Breeze & SQL Express (part 1 of 2)

Live coding walk through of a locally hosted “Todo List” CRUD application with Breeze WebAPI 2.2 middle tier and SQL Express relational database storage.  This baseline allows developers to be more productive locally with fast feedback loops.   Iterate code changes, reload test, and repeat.   This technology stack can create sophist acted business application with input validation, advanced data schema, workflows, and more bringing in the latest web innovations from NPM and NodeJS.  

Custom HTTP header was added for extra security as an application “client secret” which is required for the WebAPI middle tier to respond to HTTP traffic.  Missing HTTP header will respond with “null” and not execute any Dot Net code.

In this video I used several components and want to share links for each:

 

 

In a future video, I’ll show how this application can then be deployed to Office 365 and SQL Azure to leverage Microsoft’s cloud hosting.

Enjoy!  shades_smile

 

 

Diagram

 

Video

Live code JS todo CRUD on Breeze & SQL Express from Jeff Jones on Vimeo.

 

References

Return to Top ▲Return to Top ▲