Web API Development with ASP.NET Core 8: Learn techniques, patterns, and tools for building high-performance, robust 9781804610954
Develop web API applications using design patterns, advanced customization, and cutting-edge technologies, such as Signa
122 76 34MB
English Pages 935 Year 2024
Table of contents :
Web API Development with ASP.NET Core 8
Contributors
About the author
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Fundamentals of Web APIs
What is a web API?
What is a REST API?
The constraints of REST
A REST API example
Is my web API RESTful?
Designing a REST-based API
Identifying the resources
Defining the relationships between resources
Identifying operations
Designing the URL paths for resources
Mapping API operations to HTTP methods
Assigning response codes
Documenting the API
RPC and GraphQL APIs
What is an RPC-based API?
What is a GraphQL API?
Real-time APIs
The problem with API polling
What is a real-time API?
Which real-time communication technology is best for your application?
Summary
2
Getting Started with ASP.NET Core Web APIs
Technical requirements
Setting up the development environment
Configuring VS Code
Checking the .NET SDK
Creating a simple REST web API project
Building and running the project
Building the project
Running the project
Changing the port number
Hot Reload
Testing the API endpoint
Swagger UI
Debugging
Understanding the MVC pattern
The model and the controller
Creating a new model and controller
Creating a service
Implementing a GET operation
Implementing a CREATE operation
Implementing an UPDATE operation
Dependency injection
Understanding DI
DI in ASP.NET Core
DI tips
Introduction to minimal APIs
Creating a simple endpoint
Using DI in minimal APIs
What is the difference between minimal APIs and controller-based APIs?
Summary
3
ASP.NET Core Fundamentals (Part 1)
Technical requirements
Routing
What is attribute routing?
Mapping HTTP methods to action methods
Route constraints
Binding source attributes
Configuration
Using appsettings.json
Using the options pattern
Other configuration providers
Environments
Understanding the launchSettings.json file
Setting the environment
Understanding the priorities of configuration and environment variables
Checking the environment in the code
Summary
4
ASP.NET Core Fundamentals (Part 2)
Technical requirements
Logging
Using built-in logging providers
Logging levels
Logging parameters
Using third-party logging providers
Structured logging
What should/shouldn’t we log?
Middleware
What is middleware?
Built-in middleware
Creating a custom middleware component
Summary
5
Data Access in ASP.NET Core (Part 1: Entity Framework Core Fundamentals)
Technical requirements
Why use ORM?
Configuring the DbContext class
Creating models
Creating and configuring the DbContext class
Creating the database
Adding seed data
Implementing CRUD controllers
Creating the controller
How controllers work
Basic LINQ queries
Querying the data
Filtering the data
Sorting and paging
Creating an entity
Updating an entity
Deleting an entity
Configuring the mapping between models and database
Mapping conventions
Data annotations
Fluent API
Separating the mapping configurations
Summary
6
Data Access in ASP.NET Core (Part 2 – Entity Relationships)
Technical requirements
Understanding one-to-many relationships
One-to-many configuration
One-to-many CRUD operations
Understanding one-to-one relationships
One-to-one configuration
One-to-one CRUD operations
Understanding many-to-many relationships
Many-to-many configuration
Many-to-many CRUD operations
Understanding owned entities
Summary
7
Data Access in ASP.NET Core (Part 3: Tips)
Technical requirements
Understanding DbContext pooling
Understanding the difference between tracking versus no-tracking queries
Understanding the difference between IQueryable and IEnumerable
Client evaluation versus server evaluation
Using raw SQL queries
FromSql() and FromSqlRaw()
SqlQuery() and SqlQueryRaw()
ExecuteSql() and ExecuteSqlRaw()
Using bulk operations
ExecuteUpdate()
ExecuteDelete()
Understanding concurrency conflicts
Native database-generated concurrency token
Application-managed concurrency token
Handling concurrency conflicts
Reverse engineering
Other ORM frameworks
Summary
8
Security and Identity in ASP.NET Core
Technical requirements
Getting started with authentication and authorization
Creating a sample project with authentication and authorization
Understanding the JWT token structure
Consuming the API
Configuring the Swagger UI to support authorization
Delving deeper into authorization
Role-based authorization
Claim-based authorization
Understanding the authorization process
Policy-based authorization
Managing users and roles
New Identity API endpoints in ASP.NET Core 8
Understanding OAuth 2.0 and OpenID Connect
What is OAuth 2.0?
What is OpenID Connect?
Integrating with other identity providers
Other security topics
Always use Hypertext Transfer Protocol Secure (HTTPS)
Using a strong password policy
Implementing two-factor authentication (2FA)
Implementing rate-limiting
Using model validation
Using parameterized queries
Using data protection
Keeping secrets safe
Keeping the framework up to date
Checking the Open Web Application Security Project (OWASP) Top 10
Summary
9
Testing in ASP.NET Core (Part 1 – Unit Testing)
Technical requirements
Introduction to testing in ASP.NET Core
Writing unit tests
Preparing the sample application
Setting up the unit tests project
Writing unit tests without dependencies
Writing unit tests with dependencies
Using FluentAssertions to verify the test results
Testing the database access layer
How can we test the database access layer?
Creating a test fixture
Using the test fixture
Writing tests for methods that change the database
Parallelism of xUnit
Using the repository pattern
Testing the happy path and the sad path
Summary
10
Testing in ASP.NET Core (Part 2 – Integration Testing)
Technical requirements
Writing integration tests
Setting up the integration test project
Writing basic integration tests with WebApplicationFactory
Testing with a database context
Testing with mock services
Testing with authentication and authorization
Preparing the sample application
Creating a test fixture
Creating the test class
Testing the anonymous API endpoints
Testing the authorized API endpoints
Code coverage
Using data collectors
Generating a code coverage report
Summary
11
Getting Started with gRPC
Technical requirements
Recap of gRPC
Setting up a gRPC project
Creating a new gRPC project
Understanding the gRPC project structure
Creating protobuf messages
Defining a protobuf message
Understanding field numbers
Understanding the field types
Other .NET types
Creating a protobuf service
Defining a unary service
Creating a gRPC client
Defining a server streaming service
Defining a client streaming service
Defining a bidirectional streaming service
Consuming gRPC services in ASP.NET Core applications
Updating proto files
Summary
Further reading
12
Getting Started with GraphQL
Technical requirements
Recap of GraphQL
Setting up a GraphQL API using HotChocolate
Adding mutations
Using variables in queries
Defining a GraphQL schema
Scalar types
Object types
Retrieving related objects using resolvers
Field resolvers
Resolver for a list of objects
Using data loaders
Batch data loader
Group data loader
Dependency injection
Using the Service attribute
Understanding the lifetime of the injected services
Interface and union types
Interfaces
Union types
Filtering, sorting, and pagination
Filtering
Sorting
Pagination
Visualizing the GraphQL schema
Summary
Further reading
13
Getting Started with SignalR
Technical requirements
Recap of real-time web APIs
Setting up SignalR
Building SignalR clients
Building a TypeScript client
Building a Blazor client
Using authentication and authorization in SignalR
Adding authentication and authorization to the SignalR server
Adding a login endpoint
Authenticating the TypeScript client
Authenticating the Blazor client
Managing users and groups
Managing events in SignalR
Sending a message to a specific user
Using strongly typed hubs
Joining groups
Sending a message to a group
Sending messages from other services
Configuring SignalR hubs and clients
Configuring SignalR hubs
HTTP configuration options
Automatically reconnecting
Scaling SignalR
Summary
14
CI/CD for ASP.NET Core Using Azure Pipelines and GitHub Actions
Technical requirements
Introduction to CI/CD
CI/CD concepts and terminologies
Understanding the importance of CI/CD
Containerizing ASP.NET Core applications using Docker
What is containerization?
Installing Docker
Understanding Dockerfiles
Building a Docker image
Running a Docker container
CI/CD using Azure DevOps and Azure Pipelines
Preparing the source code
Creating Azure resources
Creating an Azure DevOps project
Creating a pull request pipeline
Publishing the Docker image to ACR
Deploying the application to Azure Web App for Containers
Configuring settings and secrets
GitHub Actions
Preparing the project
Creating GitHub Actions
Pushing a Docker image to ACR
Summary
15
ASP.NET Core Web API Common Practices
Technical requirements
Common practices of ASP.NET web API development
Using HTTPS instead of HTTP
Using HTTP status codes correctly
Using asynchronous programming
Using pagination for large collections
Specifying the response types
Adding comments to the endpoints
Using System.Text.Json instead of Newtonsoft.Json
Optimizing the performance by implementing caching
In-memory caching
Distributed caching
Response caching
Output caching
What caching strategy should I use?
Using HttpClientFactory to manage HttpClient instances
Creating a basic HttpClient instance
Named HttpClient instances
Typed HttpClient instances
Summary
16
Error Handling, Monitoring, and Observability
Technical requirements
Error handling
Handling exceptions
Health checks
Implementing a basic health check
Monitoring and observability
What is observability?
Summary
17
Cloud-Native Patterns
Technical requirements
Domain-driven design
Ubiquitous language
Bounded context
DDD layers
Clean architecture
Microservices
Web API design patterns
CQRS
Summary
Further reading
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
Web API Development with ASP.NET Core 8
Contributors
About the author
About the reviewers
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Conventions used
Get in touch
Share Your Thoughts
Download a free PDF copy of this book
1
Fundamentals of Web APIs
What is a web API?
What is a REST API?
The constraints of REST
A REST API example
Is my web API RESTful?
Designing a REST-based API
Identifying the resources
Defining the relationships between resources
Identifying operations
Designing the URL paths for resources
Mapping API operations to HTTP methods
Assigning response codes
Documenting the API
RPC and GraphQL APIs
What is an RPC-based API?
What is a GraphQL API?
Real-time APIs
The problem with API polling
What is a real-time API?
Which real-time communication technology is best for your application?
Summary
2
Getting Started with ASP.NET Core Web APIs
Technical requirements
Setting up the development environment
Configuring VS Code
Checking the .NET SDK
Creating a simple REST web API project
Building and running the project
Building the project
Running the project
Changing the port number
Hot Reload
Testing the API endpoint
Swagger UI
Debugging
Understanding the MVC pattern
The model and the controller
Creating a new model and controller
Creating a service
Implementing a GET operation
Implementing a CREATE operation
Implementing an UPDATE operation
Dependency injection
Understanding DI
DI in ASP.NET Core
DI tips
Introduction to minimal APIs
Creating a simple endpoint
Using DI in minimal APIs
What is the difference between minimal APIs and controller-based APIs?
Summary
3
ASP.NET Core Fundamentals (Part 1)
Technical requirements
Routing
What is attribute routing?
Mapping HTTP methods to action methods
Route constraints
Binding source attributes
Configuration
Using appsettings.json
Using the options pattern
Other configuration providers
Environments
Understanding the launchSettings.json file
Setting the environment
Understanding the priorities of configuration and environment variables
Checking the environment in the code
Summary
4
ASP.NET Core Fundamentals (Part 2)
Technical requirements
Logging
Using built-in logging providers
Logging levels
Logging parameters
Using third-party logging providers
Structured logging
What should/shouldn’t we log?
Middleware
What is middleware?
Built-in middleware
Creating a custom middleware component
Summary
5
Data Access in ASP.NET Core (Part 1: Entity Framework Core Fundamentals)
Technical requirements
Why use ORM?
Configuring the DbContext class
Creating models
Creating and configuring the DbContext class
Creating the database
Adding seed data
Implementing CRUD controllers
Creating the controller
How controllers work
Basic LINQ queries
Querying the data
Filtering the data
Sorting and paging
Creating an entity
Updating an entity
Deleting an entity
Configuring the mapping between models and database
Mapping conventions
Data annotations
Fluent API
Separating the mapping configurations
Summary
6
Data Access in ASP.NET Core (Part 2 – Entity Relationships)
Technical requirements
Understanding one-to-many relationships
One-to-many configuration
One-to-many CRUD operations
Understanding one-to-one relationships
One-to-one configuration
One-to-one CRUD operations
Understanding many-to-many relationships
Many-to-many configuration
Many-to-many CRUD operations
Understanding owned entities
Summary
7
Data Access in ASP.NET Core (Part 3: Tips)
Technical requirements
Understanding DbContext pooling
Understanding the difference between tracking versus no-tracking queries
Understanding the difference between IQueryable and IEnumerable
Client evaluation versus server evaluation
Using raw SQL queries
FromSql() and FromSqlRaw()
SqlQuery() and SqlQueryRaw()
ExecuteSql() and ExecuteSqlRaw()
Using bulk operations
ExecuteUpdate()
ExecuteDelete()
Understanding concurrency conflicts
Native database-generated concurrency token
Application-managed concurrency token
Handling concurrency conflicts
Reverse engineering
Other ORM frameworks
Summary
8
Security and Identity in ASP.NET Core
Technical requirements
Getting started with authentication and authorization
Creating a sample project with authentication and authorization
Understanding the JWT token structure
Consuming the API
Configuring the Swagger UI to support authorization
Delving deeper into authorization
Role-based authorization
Claim-based authorization
Understanding the authorization process
Policy-based authorization
Managing users and roles
New Identity API endpoints in ASP.NET Core 8
Understanding OAuth 2.0 and OpenID Connect
What is OAuth 2.0?
What is OpenID Connect?
Integrating with other identity providers
Other security topics
Always use Hypertext Transfer Protocol Secure (HTTPS)
Using a strong password policy
Implementing two-factor authentication (2FA)
Implementing rate-limiting
Using model validation
Using parameterized queries
Using data protection
Keeping secrets safe
Keeping the framework up to date
Checking the Open Web Application Security Project (OWASP) Top 10
Summary
9
Testing in ASP.NET Core (Part 1 – Unit Testing)
Technical requirements
Introduction to testing in ASP.NET Core
Writing unit tests
Preparing the sample application
Setting up the unit tests project
Writing unit tests without dependencies
Writing unit tests with dependencies
Using FluentAssertions to verify the test results
Testing the database access layer
How can we test the database access layer?
Creating a test fixture
Using the test fixture
Writing tests for methods that change the database
Parallelism of xUnit
Using the repository pattern
Testing the happy path and the sad path
Summary
10
Testing in ASP.NET Core (Part 2 – Integration Testing)
Technical requirements
Writing integration tests
Setting up the integration test project
Writing basic integration tests with WebApplicationFactory
Testing with a database context
Testing with mock services
Testing with authentication and authorization
Preparing the sample application
Creating a test fixture
Creating the test class
Testing the anonymous API endpoints
Testing the authorized API endpoints
Code coverage
Using data collectors
Generating a code coverage report
Summary
11
Getting Started with gRPC
Technical requirements
Recap of gRPC
Setting up a gRPC project
Creating a new gRPC project
Understanding the gRPC project structure
Creating protobuf messages
Defining a protobuf message
Understanding field numbers
Understanding the field types
Other .NET types
Creating a protobuf service
Defining a unary service
Creating a gRPC client
Defining a server streaming service
Defining a client streaming service
Defining a bidirectional streaming service
Consuming gRPC services in ASP.NET Core applications
Updating proto files
Summary
Further reading
12
Getting Started with GraphQL
Technical requirements
Recap of GraphQL
Setting up a GraphQL API using HotChocolate
Adding mutations
Using variables in queries
Defining a GraphQL schema
Scalar types
Object types
Retrieving related objects using resolvers
Field resolvers
Resolver for a list of objects
Using data loaders
Batch data loader
Group data loader
Dependency injection
Using the Service attribute
Understanding the lifetime of the injected services
Interface and union types
Interfaces
Union types
Filtering, sorting, and pagination
Filtering
Sorting
Pagination
Visualizing the GraphQL schema
Summary
Further reading
13
Getting Started with SignalR
Technical requirements
Recap of real-time web APIs
Setting up SignalR
Building SignalR clients
Building a TypeScript client
Building a Blazor client
Using authentication and authorization in SignalR
Adding authentication and authorization to the SignalR server
Adding a login endpoint
Authenticating the TypeScript client
Authenticating the Blazor client
Managing users and groups
Managing events in SignalR
Sending a message to a specific user
Using strongly typed hubs
Joining groups
Sending a message to a group
Sending messages from other services
Configuring SignalR hubs and clients
Configuring SignalR hubs
HTTP configuration options
Automatically reconnecting
Scaling SignalR
Summary
14
CI/CD for ASP.NET Core Using Azure Pipelines and GitHub Actions
Technical requirements
Introduction to CI/CD
CI/CD concepts and terminologies
Understanding the importance of CI/CD
Containerizing ASP.NET Core applications using Docker
What is containerization?
Installing Docker
Understanding Dockerfiles
Building a Docker image
Running a Docker container
CI/CD using Azure DevOps and Azure Pipelines
Preparing the source code
Creating Azure resources
Creating an Azure DevOps project
Creating a pull request pipeline
Publishing the Docker image to ACR
Deploying the application to Azure Web App for Containers
Configuring settings and secrets
GitHub Actions
Preparing the project
Creating GitHub Actions
Pushing a Docker image to ACR
Summary
15
ASP.NET Core Web API Common Practices
Technical requirements
Common practices of ASP.NET web API development
Using HTTPS instead of HTTP
Using HTTP status codes correctly
Using asynchronous programming
Using pagination for large collections
Specifying the response types
Adding comments to the endpoints
Using System.Text.Json instead of Newtonsoft.Json
Optimizing the performance by implementing caching
In-memory caching
Distributed caching
Response caching
Output caching
What caching strategy should I use?
Using HttpClientFactory to manage HttpClient instances
Creating a basic HttpClient instance
Named HttpClient instances
Typed HttpClient instances
Summary
16
Error Handling, Monitoring, and Observability
Technical requirements
Error handling
Handling exceptions
Health checks
Implementing a basic health check
Monitoring and observability
What is observability?
Summary
17
Cloud-Native Patterns
Technical requirements
Domain-driven design
Ubiquitous language
Bounded context
DDD layers
Clean architecture
Microservices
Web API design patterns
CQRS
Summary
Further reading
Index
Why subscribe?
Other Books You May Enjoy
Packt is searching for authors like you
Share Your Thoughts
Download a free PDF copy of this book
