I have a server side (which i did not create) RESTful API that uses ASP.Net
I want to place that API inside the same server as my site so that when I call that API, all i have to do is call the Resource.
For example:
instead of,
$http("http://localhost/API/post");
i would like it to be,
$http(".../API/post");
Thank You
Related
If browsers use http to connect to server ,and in any web application when we hit the URL and the request is received by a controller mapped to the URL ,can we say browsers are also rest client
That would depend entirely on what you use as a browser but generally no, a browser lacks meaningful tooling to probe a RESTful server out of the box, and comes with features that otherwise would not be needed by a REST client application, so would not be considered a REST client. A browser might be considered as a more generic HTTP client, but even that does not fully describe the problem domain of a browser (rendering, scripting, etc.). Even if you build a web interface to probe a REST service by submitting forms, that does not make the browser a REST client, but instead your website/web application would be the REST client application.
Yes,
the protocol the browser uses to communicate with the webserver clearly initially is a restful protocol.
Nothing more is necessary.
But it can get a bit more complicated.
The browser can fetch application code (javascript) in a restful way (e.g. GET) and execute that code which further can be communicating (Ajax) restful.
We currently have a node web server that does authentication of users including oauth2 to google and facebook. We would like for it to handle the serving of web pages while a stateless .NET web api handles the serving of the actual data (which is all requested asynchronously). My question is how to handle authentication to the web api?
I mean should the client even authenticate to the api (and if so how do we do the pass through authentication so that it is authenticated to both once authenticating against the web server) or should the web server authenticate the user and then just forward all api requests to the api along with a user id? What is the standard scheme used for this?
Thanks in advance.
This answer is late, but I'll post my thoughts for the heck of it. I would place a dummy api in your node app, just a simple pass-through for everything that is in your data api (the .net one). Then I'd lock down the data api so only your node server can talk to it. The short answer is that any api that you expose to the internet has to be locked down. If you do the above, you don't have to expose your data api to the internet. You get the added benefit of not having to deal with CORS - you can have a simple /api folder hanging off of your domain. You can also use this pass-through api to aggregate calls to multiple business apis if your solution ever grows. It's a very scalable architecture.
If you don't want to do the above, then you'll need to either place the data api on the same domain as the other site, or setup CORS so javascript/AJAX from one can call into the other. Once your data api can see cookies written by the other site, you'll need to authenticate them, probably very manually, in your .net api, since .net didn't write the auth cookie - node did.
We are planning to use EXTJS framework for presentation layer which would be calling WCF based Rest Service or WebAPI Service(Http services) . My requirement is to have 3 tier architecture (physical separation) so my understanding is that we need to put Service layer on another server and host services on IIS there to be consumed by presentation layer hosted on different IIS server.
I am getting few doubts regarding this architecture.
Should we use Webform approach to host EXTS libraries as in this case ASP.Net MVC would be irrelevant considering that all the rendering logic is done by EXTJS.
If we host services on another server which service authentication should be used .In this case I think we can’t use Form Authentication as the web and service are hosted separately.
Is it really required to host Service layer on another server to make it three tier ,considering the third tier is the Database server. Isn’t browser a tier considering EXTJS library directly renders on the browser.
Since no body answered i will try to answer myself based on my research and response i got from another forum.
We can use MVC approach as well, the Controller method can be used to return JSON result for the EXTJS API to consume. But the downside is with this approach we cannot use strongly typed model in views along with other features like use of Html helper and automatic validation based on the models.
With this approach we can still use MVC routing or can go entirely with a Single View and ExtJs Routing.
Place the services your Ext.js needs on the web tier, where your Webforms/MVC application also runs. Separate your business logic/data logic via other services on another server if needed (second tier). Don't call these directly from your Ext.js. Keep presentation in the first/Web tier.We can use Form Authentication to call service in web-tier and Windows authentication to call the service from Webtier to second tier.
From the server side perspective a browser's not really considered a tier.However with modern approaches it's debatable.
I have a web based application that uses lot of client side requests in various .asmx files.
I am wondering if I can use those web services only from client side and restrict the requests from other sources.
The reason for this is because I want to use those web services only from the current application and to restrict requests from other sources. For security reasons I could use soap authentication but since I requested the services from client side, I don't think the authentication it matters.
I'll appreciate any comments.
Thanks
The webservices are by definition public, publicly visible and available (unless they run on private network or standalone computer). I.e. anybody can access them. So, just deploying a webservice and hoping for the best is not a good approach.
And how do you intend to restrict other access?
I'm using jquery ajax to fetch data from an asp.net webservice. I'm wondering how I can secure it and have it work with jquery ajax. The service is part of my web application and to access it you have to be logged in to the application. However I'd like to further secure it. For example a consultant looking up all their customers in an autocomplete box is good, but they can instead send in some other consultant's id. What's the best way to secure this?
I've looked at this article here http://msdn.microsoft.com/en-us/library/w67h0dw7%28VS.71,classic%29.aspx . However, I don't know how to make this work with jquery ajax. Any help would be appreciated.
As far as I understand you want to make sure that you know the identity of the person using your service. If the web service is part of your application this should not be a problem by using cookies (assuming the web service is on the same domain as the site). See this e-book for some ideas.
Otherwise you could hand out temporary identifiers to the logged in members of your site which would be used in the webservice calls - this way even if the identifier is stolen, it can only be used for a limited time.
I made it more secure by using encryption. I encrypt the consultant's id when passing it via ajax, and decrypt it on the server side. Obviously I do the encryption on server side and pass it to client when rendering the page. And then ajax makes the call using that encrypted id.