Table of contents : Web API Development with ASP.NET Core 8 Contributors About the author About the reviewers Preface Who this book is for What this book covers To get the most out of this book Download the example code files Conventions used Get in touch Share Your Thoughts Download a free PDF copy of this book 1 Fundamentals of Web APIs What is a web API? What is a REST API? The constraints of REST A REST API example Is my web API RESTful? Designing a REST-based API Identifying the resources Defining the relationships between resources Identifying operations Designing the URL paths for resources Mapping API operations to HTTP methods Assigning response codes Documenting the API RPC and GraphQL APIs What is an RPC-based API? What is a GraphQL API? Real-time APIs The problem with API polling What is a real-time API? Which real-time communication technology is best for your application? Summary 2 Getting Started with ASP.NET Core Web APIs Technical requirements Setting up the development environment Configuring VS Code Checking the .NET SDK Creating a simple REST web API project Building and running the project Building the project Running the project Changing the port number Hot Reload Testing the API endpoint Swagger UI Debugging Understanding the MVC pattern The model and the controller Creating a new model and controller Creating a service Implementing a GET operation Implementing a CREATE operation Implementing an UPDATE operation Dependency injection Understanding DI DI in ASP.NET Core DI tips Introduction to minimal APIs Creating a simple endpoint Using DI in minimal APIs What is the difference between minimal APIs and controller-based APIs? Summary 3 ASP.NET Core Fundamentals (Part 1) Technical requirements Routing What is attribute routing? Mapping HTTP methods to action methods Route constraints Binding source attributes Configuration Using appsettings.json Using the options pattern Other configuration providers Environments Understanding the launchSettings.json file Setting the environment Understanding the priorities of configuration and environment variables Checking the environment in the code Summary 4 ASP.NET Core Fundamentals (Part 2) Technical requirements Logging Using built-in logging providers Logging levels Logging parameters Using third-party logging providers Structured logging What should/shouldn’t we log? Middleware What is middleware? Built-in middleware Creating a custom middleware component Summary 5 Data Access in ASP.NET Core (Part 1: Entity Framework Core Fundamentals) Technical requirements Why use ORM? Configuring the DbContext class Creating models Creating and configuring the DbContext class Creating the database Adding seed data Implementing CRUD controllers Creating the controller How controllers work Basic LINQ queries Querying the data Filtering the data Sorting and paging Creating an entity Updating an entity Deleting an entity Configuring the mapping between models and database Mapping conventions Data annotations Fluent API Separating the mapping configurations Summary 6 Data Access in ASP.NET Core (Part 2 – Entity Relationships) Technical requirements Understanding one-to-many relationships One-to-many configuration One-to-many CRUD operations Understanding one-to-one relationships One-to-one configuration One-to-one CRUD operations Understanding many-to-many relationships Many-to-many configuration Many-to-many CRUD operations Understanding owned entities Summary 7 Data Access in ASP.NET Core (Part 3: Tips) Technical requirements Understanding DbContext pooling Understanding the difference between tracking versus no-tracking queries Understanding the difference between IQueryable and IEnumerable Client evaluation versus server evaluation Using raw SQL queries FromSql() and FromSqlRaw() SqlQuery() and SqlQueryRaw() ExecuteSql() and ExecuteSqlRaw() Using bulk operations ExecuteUpdate() ExecuteDelete() Understanding concurrency conflicts Native database-generated concurrency token Application-managed concurrency token Handling concurrency conflicts Reverse engineering Other ORM frameworks Summary 8 Security and Identity in ASP.NET Core Technical requirements Getting started with authentication and authorization Creating a sample project with authentication and authorization Understanding the JWT token structure Consuming the API Configuring the Swagger UI to support authorization Delving deeper into authorization Role-based authorization Claim-based authorization Understanding the authorization process Policy-based authorization Managing users and roles New Identity API endpoints in ASP.NET Core 8 Understanding OAuth 2.0 and OpenID Connect What is OAuth 2.0? What is OpenID Connect? Integrating with other identity providers Other security topics Always use Hypertext Transfer Protocol Secure (HTTPS) Using a strong password policy Implementing two-factor authentication (2FA) Implementing rate-limiting Using model validation Using parameterized queries Using data protection Keeping secrets safe Keeping the framework up to date Checking the Open Web Application Security Project (OWASP) Top 10 Summary 9 Testing in ASP.NET Core (Part 1 – Unit Testing) Technical requirements Introduction to testing in ASP.NET Core Writing unit tests Preparing the sample application Setting up the unit tests project Writing unit tests without dependencies Writing unit tests with dependencies Using FluentAssertions to verify the test results Testing the database access layer How can we test the database access layer? Creating a test fixture Using the test fixture Writing tests for methods that change the database Parallelism of xUnit Using the repository pattern Testing the happy path and the sad path Summary 10 Testing in ASP.NET Core (Part 2 – Integration Testing) Technical requirements Writing integration tests Setting up the integration test project Writing basic integration tests with WebApplicationFactory Testing with a database context Testing with mock services Testing with authentication and authorization Preparing the sample application Creating a test fixture Creating the test class Testing the anonymous API endpoints Testing the authorized API endpoints Code coverage Using data collectors Generating a code coverage report Summary 11 Getting Started with gRPC Technical requirements Recap of gRPC Setting up a gRPC project Creating a new gRPC project Understanding the gRPC project structure Creating protobuf messages Defining a protobuf message Understanding field numbers Understanding the field types Other .NET types Creating a protobuf service Defining a unary service Creating a gRPC client Defining a server streaming service Defining a client streaming service Defining a bidirectional streaming service Consuming gRPC services in ASP.NET Core applications Updating proto files Summary Further reading 12 Getting Started with GraphQL Technical requirements Recap of GraphQL Setting up a GraphQL API using HotChocolate Adding mutations Using variables in queries Defining a GraphQL schema Scalar types Object types Retrieving related objects using resolvers Field resolvers Resolver for a list of objects Using data loaders Batch data loader Group data loader Dependency injection Using the Service attribute Understanding the lifetime of the injected services Interface and union types Interfaces Union types Filtering, sorting, and pagination Filtering Sorting Pagination Visualizing the GraphQL schema Summary Further reading 13 Getting Started with SignalR Technical requirements Recap of real-time web APIs Setting up SignalR Building SignalR clients Building a TypeScript client Building a Blazor client Using authentication and authorization in SignalR Adding authentication and authorization to the SignalR server Adding a login endpoint Authenticating the TypeScript client Authenticating the Blazor client Managing users and groups Managing events in SignalR Sending a message to a specific user Using strongly typed hubs Joining groups Sending a message to a group Sending messages from other services Configuring SignalR hubs and clients Configuring SignalR hubs HTTP configuration options Automatically reconnecting Scaling SignalR Summary 14 CI/CD for ASP.NET Core Using Azure Pipelines and GitHub Actions Technical requirements Introduction to CI/CD CI/CD concepts and terminologies Understanding the importance of CI/CD Containerizing ASP.NET Core applications using Docker What is containerization? Installing Docker Understanding Dockerfiles Building a Docker image Running a Docker container CI/CD using Azure DevOps and Azure Pipelines Preparing the source code Creating Azure resources Creating an Azure DevOps project Creating a pull request pipeline Publishing the Docker image to ACR Deploying the application to Azure Web App for Containers Configuring settings and secrets GitHub Actions Preparing the project Creating GitHub Actions Pushing a Docker image to ACR Summary 15 ASP.NET Core Web API Common Practices Technical requirements Common practices of ASP.NET web API development Using HTTPS instead of HTTP Using HTTP status codes correctly Using asynchronous programming Using pagination for large collections Specifying the response types Adding comments to the endpoints Using System.Text.Json instead of Newtonsoft.Json Optimizing the performance by implementing caching In-memory caching Distributed caching Response caching Output caching What caching strategy should I use? Using HttpClientFactory to manage HttpClient instances Creating a basic HttpClient instance Named HttpClient instances Typed HttpClient instances Summary 16 Error Handling, Monitoring, and Observability Technical requirements Error handling Handling exceptions Health checks Implementing a basic health check Monitoring and observability What is observability? Summary 17 Cloud-Native Patterns Technical requirements Domain-driven design Ubiquitous language Bounded context DDD layers Clean architecture Microservices Web API design patterns CQRS Summary Further reading Index Why subscribe? Other Books You May Enjoy Packt is searching for authors like you Share Your Thoughts Download a free PDF copy of this book