6

I am new to ASP.Net MVC and ASP.Net web api.

I have worked on Web services and cosuming them.

But I am not sure how to host ASP.Net web api and consume the same from another ASP.Net MVC application. I found some samples where people are using the api from the same project. In real world I really doubt the usage would be limited to one project.

Can some body please post some examples or links which can explain the same?

Tariqulazam
  • 4,535
  • 1
  • 34
  • 42
Naresh
  • 2,667
  • 13
  • 44
  • 69

1 Answers1

5

Hosting ASP.NET Web API in an MVC web application makes perfect real world sense if you are mostly using the API to make AJAX type calls from your web client. Having the API and web application in the same project eliminates issues with cross-domain Ajax calls, which requires JSONP. But ASP.NET Web API can easily support JSONP if needed with a custom formatter like JsonMediaTypeFormatter available from WebApiContrib.

ASP.NET Web API makes developing REST API's easy. You use the same conventions as developing a controller in MVC. To create it separate from your web application just create an MVC 4 project and create your controllers using an ApiController instead of the standard Controller for rendering Views. Then just deploy your application just like any web application to IIS (you can also self-host ASP.NET Web API's in something like a Windows Service). Here is an example on the official ASP.NET Web API website that calls a REST API developed in ASP.NET Web API from a console application. There are many more examples on this site.

Kevin Junghans
  • 17,475
  • 4
  • 45
  • 62
  • However, in certain business requirements, the web api server need to be on a different access layer to the web server (to satisfy security requirements, for example). In those cases we don't have a choice but using traditional web service consumption? – Hoàng Long Oct 27 '15 at 08:24
  • @HoàngLong - What is "traditional web service consumption"? And what is meant by "different access layer to the web server"? – Kevin Junghans Oct 28 '15 at 12:58
  • @KevinJunghans: I mean that, to adapt to payment security standard (PCI), the web service need to be in a different network to the web server. The web server is usually connected to Internet, so the chance for it to get attacked is high. On another note, the web service resides inside a LAN network, so it is presumably safer.In case the web server is hacked, the attacker still don't have direct access to database, important data... which is not exposed by the web service. – Hoàng Long Oct 29 '15 at 05:58
  • @HoàngLong - You are assuming that the web service and the database need to be on the same server, which is not the case. You could have the web application and web service on a server in a DMZ and the database server behind the firewall between the DMZ and the enterprise or data center network. – Kevin Junghans Oct 29 '15 at 12:36
  • @KevinJunghans: I mean that the web service and the database in the same local network, not need to the same server. Your web service must have access right (eg, as username/password, connection string...) to the database, right? Even if it is encrypted, there's the chance it can be cracked by attacker. With the access right, it can easily bypass any firewall, because the attacker can call the database the same way your web service do it – Hoàng Long Oct 30 '15 at 01:05