19. Creating RESTful Web Services

Question 1

What are RESTful Web Services?

Answer 1

Web services provide access to an application’s data, typically expressed in the JSON format.

Question 2

Why are RESTful Web Services useful?

Answer 2

Web services are most often used to provide rich client-side applications with data.

Question 3

How are RESTful Web Services used?

Answer 3

The combination of the URL and an HTTP method describes an operation that is handled by an action method defined by an ASP.NET Core controller.

Question 4

Are there any pitfalls or limitations with RESTful Web Services?

Answer 4

There is no widespread agreement about how web services should be implemented, and care must be taken to produce just the data the client expects.

Question 5

Are there any alternatives to RESTful Web Services?

Answer 5

There are a number of different approaches to providing clients with data, although RESTful web services are the most common.

Question 6

What does REST stand for?

Answer 6

Representational State Transfer

Question 7

What are 5 HTTP methods and operations?

Answer 7

GET, POST, PUT, PATCH, DELETE

Question 8

What does the GET HTTP Method do?

Answer 8

This method is used to retrieve one or more data objects

Question 9

What does the POST HTTP Method do?

Answer 9

This method is used to create a new object.

Question 10

What does the PUT HTTP Method do?

Answer 10

This method is used to update an existing object.

Question 11

What does the PATCH HTTP Method do?

Answer 11

his method is used to update part of an existing object.

Question 12

What does the DELETE HTTP Method do?

Answer 12

This method is used to delete an object.

Question 13

What does a Web Service define an API through?

Answer 13

A combination of URLs and HTTP methods such as GET and POST, which are also known as the HTTP verbs. The method specifies the type of operation, while the URL specifies the data object or objects that the operation applies to.

Question 14

How do RESTful web services format the response data?

Answer 14

Most RESTful web services format the response data using the JavaScript Object Notation (JSON) format.

Question 15

Name two alternatives to RESTful Web Services

Answer 15

GraphQL and gRPC

Question 16

What is GraphQL and how does it work?

Answer 16

GraphQL is most closely associated with the React JavaScript framework, but it can be used more widely. Unlike REST web services, which provide specific queries through individual combinations of a URL and an HTTP method, GraphQL provides access to all an application’s data and lets clients query for just the data they require in the format they require. GraphQL can be complex to set up—and can require more sophisticated clients—but the result is a more flexible web service that puts the developers of the client in control of the data they consume. GraphQL isn’t supported directly by ASP.NET Core, but there are .NET implementations available. See https://graphql.org for more detail.

Question 17

What is gRPC and how does it work?

Answer 17

A new alternative is gRPC, a full remote procedure call framework that focuses on speed and efficiency. At the time of writing, gRPC cannot be used in web browsers, such as by the Angular or React framework, because browsers don’t provide the fine-grained access that gRPC requires to formulate its HTTP requests.

Question 18

What is the conventional URL prefix for web services?

Answer 18

URLs start with /api, which is the conventional URL prefix for web services.

Question 19

What is over-binding?

Answer 19

When the client sets properties to object that were not supposed to be set by the client. Or if the client sets an unexpected value for a property. Also a well-known attack (grant users more access than they should have)

The Product data model class needs a ProductId property, but the model binding process doesn’t understand the significance of the property and adds any values that the client provides to the objects it creates, which causes the exception in the SaveProduct action method.
This is known as over-binding, and it can cause serious problems when a client provides values that the developer wasn’t expecting. At best, the application will behave unexpectedly, but this technique has been used to subvert application security and grant users more access than they should have.

The safest way to prevent over-binding is to create separate data model classes that are used only for receiving data through the model binding process. Where the class defines only the properties that the application wants to receive from the client when storing a new object. The model binding process will then ignore and discard values for read-only properties.

Question 20

How does the update action work?

Answer 20

The UpdateProduct action is similar to the SaveProduct action and uses model binding to receive a Product object from the request body.

Question 21

How does the delete action work?

Answer 21

The DeleteProduct action receives a primary key value from the URL and uses it to create a Product that has a value only for the ProductId property, which is required because Entity Framework Core works only with objects, but web service clients typically expect to be able to delete objects using just a key value.

Question 22

What is CORS?

Answer 22

Supporting Cross-Origin Requests

If you are supporting third-party JavaScript clients, you may need to enable support for cross-origin requests (CORS). Browsers protect users by only allowing JavaScript code to make HTTP requests within the same origin, which means to URLs that have the same scheme, host, and port as the URL used to load the JavaScript code. CORS loosens this restriction
by performing an initial HTTP request to check that the server will allow requests originating from a specific URL, helping prevent malicious code using your service without the user’s consent.

Question 23

How do asynchronous actions work?

Answer 23

It allows ASP.NET Core threads to process other requests when they would otherwise be blocked, increasing the number of HTTP requests that the application can process simultaneously.
Asynchronous actions don’t produce responses any quicker, and the benefit is only to increase the number of requests that can be processed concurrently.
Not all operations can be performed asynchronously, like update and remove.

Question 24

How does ASP.NET Core platform process requests?

Answer 24

The ASP.NET Core platform processes each request by assigning a thread from a pool. The number of requests that can be processed concurrently is limited to the size of the pool, and a thread can’t be used to process any other request while it is waiting for an action to produce a result.
Actions that depend on external resources can cause a request thread to wait for an extended period. A database server, for example, may have its own concurrency limits and may queue up queries until they can be executed. The ASP.NET Core request thread is unavailable to process any other requests until the database produces a result for the action, which then produces a response that can be sent to the HTTP client.

Question 25

What is a controller?

Answer 25

A controller allows a web service to be defined in a single class. Controllers are part of the MVC Framework, which builds on the ASP.NET Core platform and takes care of handling data in the same way that endpoints take care of processing URLs.
a controller, which allows a web service to be defined in a single class. Controllers are part of the MVC Framework, which builds on the ASP.NET Core platform and takes care of handling data in the same way that endpoints take care of processing URLs.

Controllers are classes whose methods, known as actions, can process HTTP requests. Controllers are discovered automatically when the application is started. The basic discovery process is simple: any public class whose name ends with Controller is a controller, and any public method a controller defines is an action.

Question 26

What does the base class provide? And what are the most useful properties provided by the base class?

Answer 26

Controllers are derived from the ControllerBase class, which provides access to features provided by the MVC Framework and the underlying ASP.NET Core platform.
A new instance of the controller class is created each time one of its actions is used to handle a request, which means the properties below describe only the current request.

HttpContext, ModelState, Request, Response, RouteData and User

Question 27

What does HttpContext return? (ControllerBase Property)

Answer 27

This property returns the HttpContext object for the current request.

Question 28

What does ModelState return? (ControllerBase Property)

Answer 28

This property returns details of the data validation process, as demonstrated in the “Validating Data” section later in the chapter and described in detail in Chapter 29.

Question 29

What does Request return? (ControllerBase Property)

Answer 29

This property returns the HttpRequest object for the current request.

Question 30

What does Response return? (ControllerBase Property)

Answer 30

This property returns the HttpResponse object for the current response.

Question 31

What does RouteData return? (ControllerBase Property)

Answer 31

This property returns the data extracted from the request URL by the routing middleware, as described in Chapter 13.

Question 32

What does User return? (ControllerBase Property)

Answer 32

This property returns an object that describes the user associated with the current request, as described in Chapter 38.

Question 33

Describe LINQ queries

Answer 33

LINQ queries do not include related data.

Question 34

How is the URL for the controller specified?

Answer 34

The URL for the controller is specified by the Route attribute, which is applied to the class, like this:
…
[Route(“api/[controller]”)]
public class ProductsController: ControllerBase {
…
The [controller] part of the attribute argument is used to derive the URL from the name of the controller class. The Controller part of the class name is dropped, which means that the attribute in Listing 19-7 sets the URL for the controller to /api/products.

Question 35

How are the HTTP methods and URLs supported by the action methods, determined for the controller?

Answer 35

The HTTP methods and URLs supported by the action methods are determined by the combination of attributes that are applied to the controller

Question 36

How is the HTTP method for the action specified? And example?

Answer 36

Each action is decorated with an attribute that specifies the HTTP method that it supports, like this:
…
[HttpGet]
public Product[] GetProducts() {
…
The name given to action methods doesn’t matter in controllers used for web services.

The attributes applied to actions to specify HTTP methods can also be used to build on the controller’s base URL.
…
[HttpGet(“{id}”)]
public Product GetProduct() {
…
This attribute tells the MVC framework that the GetProduct action method handles GET requests for the URL pattern api/products/{id}.

Example: The HttpGet attribute tells the MVC framework that the GetProducts action method will handle HTTP GET requests.

Question 37

What does the HttpGet attribute specify?

Answer 37

This attribute specifies that the action can be invoked only by HTTP requests that use the GET verb.

Question 38

What does the HttpPost attribute specify?

Answer 38

This attribute specifies that the action can be invoked only by HTTP requests that use the POST verb.

Question 39

What does the HttpDelete attribute specify?

Answer 39

This attribute specifies that the action can be invoked only by HTTP requests that use the DELETE verb.

Question 40

What does the HttpPut attribute specify?

Answer 40

This attribute specifies that the action can be invoked only by HTTP requests that use the PUT verb.

Question 41

What does the HttpPatch attribute specify?

Answer 41

This attribute specifies that the action can be invoked only by HTTP requests that use the PATCH verb.

Question 42

What does the HttpHead attribute specify?

Answer 42

This attribute specifies that the action can be invoked only by HTTP requests that use the HEAD verb.

Question 43

What does the AcceptVers attribute specify?

Answer 43

This attribute is used to specify multiple HTTP verbs.

Question 44

What are benefits of controller?

Answer 44

One of the main benefits provided by controllers is that the MVC Framework takes care of setting the response headers and serializing the data objects that are sent to the client. You can see this in the results defined by the action methods, like this:
…
[HttpGet(“{id}”)]
public Product GetProduct() {
…
When I used an endpoint, I had to work directly with the JSON serializer to create a string that can be written to the response and set the Content-Type header to tell the client that the response contained JSON data. The action method returns a Product object, which is processed automatically.

Question 45

What is dependency injection in controllers?

Answer 45

A new instance of the controller class is created each time one of its actions is used to handle a request. The application’s services are used to resolve any dependencies the controller declares through its constructor and any dependencies that the action method defines. This allows services that are required by all actions to be handled through the constructor while still allowing individual actions to declare their own dependencies.
The constructor declares a dependency on the DataContext service, which provides access to the application’s data. The services are resolved using the request scope, which means that a controller can request all services, without needing to understand their lifecycle.

Question 46

Explain the action method that responds to POST requests.

Answer 46

The model binding feature can also be used on the data in the request body, which allows clients to send data that is easily received by an action method.

The new action relies on two attributes. The HttpPost attribute is applied to the action method and tells the MVC Framework that the action can process POST requests. The FromBody attribute is applied to the action’s parameter, and it specifies that the value for this parameter should be obtained by parsing the request body. When the action method is invoked, the MVC Framework will create a new Product object and populate its properties with the values in the request body.

Question 47

Explain the HTTP PUT request.

Answer 47

It replaces objectcs. The UpdateProduct action is similar to the SaveProduct action and uses model binding to receive a Product object from the request body.
The command sends an HTTP PUT request whose body contains a replacement object. The action method receives the object through the model binding feature and updates the database.

Question 48

Explain the HTTP DELETE request

Answer 48

It deletes objects.
The DeleteProduct action receives a primary key value from the URL and uses it to create a Product that has a value only for the ProductId property, which is required because Entity Framework Core works only with objects, but web service clients typically expect to be able to delete objects using just a key value.
The DeleteProduct action receives a primary key value from the URL and uses it to create a Product that has a value only for the ProductId property, which is required because Entity Framework Core works only with objects, but web service clients typically expect to be able to delete objects using just a key value.

Question 49

What are action result methods?

Answer 49

Action methods can direct the MVC Framework to send a specific response by returning an object that implements the IActionResult interface, which is known as an action result. This allows the action method to specify the type of response that is required without having to produce it directly using the HttpResponse object.
The ControllerBase class provides a set of methods that are used to create action result objects, which can be returned from action methods.
ok
NoContent
BadRequest
File
NotFound
StatusCode 
osv.

Question 50

What is a redirect method?

Answer 50

Method that directs the client to another URL.
You can redirect to another action method using the RedirectToAction method (for temporary redirections) or the RedirectToActionPermanent method (for permanent redirections).

Question 51

What is Validating data? Explain attributes.

Answer 51

When you accept data from clients, you must assume that a lot of the data will be invalid and be prepared to filter out values that the application can’t use.
The Required attribute denotes properties for which the client must provide a value and can be applied to properties that are assigned null when there is no value in the request. The Range attribute requires a value between upper and lower limits and is used for primitive types that will default to zero when there is no value in the request.
The ModelState property is inherited from the ControllerBase class, and the IsValid property returns true if the model binding process has produced data that meets the validation criteria. If the data received from the client is valid, then the action result from the Ok method is returned. If the data sent by the client fails the validation check, then the IsValid property will be false, and the action result from the BadRequest method is used instead. The BadRequest method accepts the object returned by the ModelState property, which is used to describe the validation errors to the client.

Question 52

Explain the API controller attribute.

Answer 52

The ApiController attribute can be applied to web service controller classes to change the behavior of the model binding and validation features. The use of the FromBody attribute to select data from the request body and explicitly checking the ModelState.IsValid property is not required in controllers that have been decorated with the ApiController attribute. Getting data from the body and validating data are required so commonly in web services that they are applied automatically when the attribute is used, restoring the focus of the code in the controller’s action to dealing with the application features.
Using the ApiController attribute is optional, but it helps produce concise web service controllers.

Question 53

Explain Projecting Selected Properties

Answer 53

Return just the properties that the client requires. Can be done by: The properties that the client requires are selected and added to an object that is passed to the Ok method.