Home/ Questions/Q 8124605
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T06:30:30+00:00

As a learning exercise i want to create a simple web api and consume

  • 0

As a learning exercise i want to create a simple web api and consume it using a web client(asp.net mvc) and a desktop client(winform).
The web api must handle categories, products and of course users/roles as follows:

  • everybody can browse categories and products
  • regular users can insert/update/remove products
  • administrators can insert/update/remove categories and products

Regarding first consumer, the asp.net mvc application, i have the following questions:

  1. In controllers, will be anything else than ViewResults, because from what i understood all http requests are made from javascript?

  2. What about authentication and authorization?Since we are talking about a RESTFUL service, there is no connection between calls and the user must send in every request some piece of data to identify himself.

    2.1 Is there any point in using HTTPVerbs ( in ASP.NET MVC apllication) ?

    2.2 What about FormsAuthentication?

    2.3 How do i safely send the credentials to the web.api?

Everything is so blurry for me, is there any example with some web api, hosted in the iis independently and consumed by an website (ASP.NET WebForms or ASP.NET MVC) because all examples i have seen weren’t that clear.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1) In controllers, will be anything else than ViewResults, because from
    what i understood all HTTP requests are made from JavaScript?

    Not necessarily. You could perfectly fine use the HttpClient (the Web API Client classes) to consume your RESTful actions directly from your standard ASP.NET MVC actions. For example you could perfectly fine have a repository which uses the HttpClient to consume an ASP.NET MVC Web API method to fetch the data instead of querying a relational database. You should not necessarily expose your WEB API methods to client side JavaScript. They could serve as a gateway to your data access. There are many possible scenarios of course.

    2) What about authentication?Since we are talking about a RESTFUL
    service, there is no connection between calls and the user must send
    in every request some piece of data to identify himself.

    There are many ways to perform authentication. One of them is to use Forms Authentication which is a well established mechanism involving cookies. So the piece of data that will be sent from the client to identify himself is actually a cookie in this case.

    2.1) Is there any point in using HTTPVerbs?

    Of course. REST is all about HTTP verbs. In the case of ASP.NET Web API it is the HTTP verb that determines which API controller action to invoke by convention. You could of course violate this convention by overriding the default routes setup.

    2.2) What about FormsAuthentication?

    See point 2)

    • 0