Facebook auth for web api REST implementation

Similar Messages

• Why is there no WSDL type support for Web Api?

  So I am just getting started with .Net WebApi and one thing that I am noticing straight away is that there is no Contract defining how the Api looks and should be consumed (Request/Responses from each Action), this is usually in the form of a WSDL for WCF/Soap.
  It seems to me like this is something that would be very valuable and make life a lot easier for consumers of your Api.
  Is there a reason there isn't one? Is there a programming paradime or principle that I am unaware of? Is there a way I could create one?

  SOAP, REST AND PEOPLE'S CREATIVITY
  SOAP needs a description document like WSDL because each resource can be consumed with different messages, there are no definition on the protocol about constraints to the possible names/messages that you can manipulate a resource.
  For example, in SOAP your web service that allow clients manipulate an user can expose the operation that create an user in many different messages, like:
  addUser
  createUser
  insertUser
  Of course, these are just few sample messages, because I've see a lot of funny web services method names. There are really creative people out there.
  In other hand, if you are exposing your underlying system using web api that really respect the REST principles, the client just need to know that you have a resource named Users, because there is 99% of chance that you can create an user in this way
  POST /Users
  And this occurs for each operation you want to expose using SOAP or a web api REST.
  Despite being SOAP a protocol, which restricts what you can or can not do, and be REST a style architecture, which leaves many open points of how to do things. There are efforts to define conventions of how to expose and consume REST web apis.
  DESCRIBING A WEB API REST
  In the field of how to describe a web api REST I can cite
  Swagger. It is not a attempt to create a WSDL like to web api REST, but it is a good attempt to create an open standard for describing web apis REST.
  Swagger is a specification and complete framework implementation for describing, producing, consuming, and visualizing RESTful web services.
  I use Swagger a lot and really love it, mainly because
  Swagger UI that allow you generate a nice live console and documentation for your web api.
  There are many implementations of Swagger for most of languages: C#, Java, Python, Ruby, etc.
  If you are using ASP .NET Web API, there a some projects to auto generate the Swagger specification, like
  Swagger.NET
  GENERATING CLIENTS TO A WEB API REST
  Because the constraints of REST, like the limited set of verbs (GET, POST, PUT, DELETE, etc) is not so difficuty to generate a client library to a web api REST.
  Projects like
  WebApiProxy can easily generate clients do C# and Javascript.
  CONVENTIONS FOR WEB API REST
  To keep our lifes as developers easier is good define some conventions of how our web api REST will behave, the best effort I know in this field is the very good
  Apigee - Web Api Design ebook. The e-book is not an attempt to create a bible or a mantra about how to design your api, but rather a collection of conventions observed in large web REST apis, like Twitter, Facebook, Linkedin, Google, etc.

• Using OSB for Public API (REST)

  Hi there,
  Is it a good practice to use Oracle Service Bus to expose a PUBLIC REST API?
  The idea is to have a separeted OSB instance which will be in the WEB so that other partners and applications (Native Mobile, for instance) can access some of our services. The application layer will have many different applications, like SAP, JEE systems, Cobol and others. But the public API will be design in a more RESTful fashion.
  What about security?
  What about performance? (Parsing JMS, XML and others into JSON will probably create extra load into the OSB).
  What are be the advantages of using OSB instead of a more traditional Service Layer?
  P.S.: We are being careful with the design of our API, sometimes the underlying system doesn't help, so some transformation has to happen (more load!) in order to make the API elegant and meaningful.
  Cheers

  Personally, I'd prefer Collections as they are nice to work with. Their only annoying issue is certainly the constant casting as soon as you retrieve Objects from them.
  I do not consider the documentation of what those Collection include too big a problem. Just include a line for each Collection parameter stating "Set of Strings" or the like. I wouldn't even check the type through instanceof, I'd just cast. If a ClassCastException is thrown, I think that's the proper thing to do.
  As you might have noticed, there is a proposal of "Generics" for Java, which would adopt something like those template classes known in C++. There is even a beta implementation available, so you can go ahead and code your Set<String>. Time will tell if this proposal finds its way into the official Java standard, the drawback being a more complex syntax. If you want to know more about it, check out those links:
  http://forum.java.sun.com/forum.jsp?forum=316
  http://www.jcp.org/jsr/detail/14.jsp
  http://developer.java.sun.com/developer/earlyAccess/adding_generics

• Power query to consume azure ad authenticated web api

  Recently I developed an asp .net web api restful service.  It is secured by azure ad using owin middleware to handle the authentication.  When accessed through a web app I developed, everything works as expected.  When I try to consume the
  service through power query, I can't get the required authentication going.  I have tried giving the token I've acquired using the 'key' field, and tried to use an organizational account, but it does not work as power query cannot tell where it should
  try to authenticate.  I know I'm missing something, possibly the way I'm constructing the query, some missing parameters, etc. 

  Greetings, Omar!
  The requirement will most probably be a no-go scenario. But, please check if you can use the Web API as mentioned in the below blog.
  https://cwebbbi.wordpress.com/2014/03/26/working-with-web-services-in-power-query/
  Else, you can try basic authentication (which again I don’t
  think is going to work and we are just giving a try). Basic Authentication is nothing but passing the User Name and Password. The Power Query will Pass the User Name and Password that we enter to the Web Service.
  If the above doesn’t
  work, then there is no other way in Power Query atleast for the moment to achieve this.
  Thank you,
  Arvind

• Why Web API 2 has RouteConfig.cs file?

  I m working on Web API project, and it is using WebApiConfig.cs file
  to defined routs for Web API.
  Web API fold RouteConfig.cs file.
  I have googled and they say RouteConfig.cs is
  for MVC routing. It is actually a confusing statement. Can you please guide why WebAPI has RouteConfig.cs file
  ? Why would one need MVC routing in Web API ? What function it will do ?
  Thanks for your help and guidance.

  The RouteConfig.cs file
  isn't required for Web API. It is included by default in new Web API projects because that template also includes an MVC webpage (for the index page that appears when you open the project in a browser).
  If you delete both the RouteConfig.cs and
  the HomeController.cs file
  (as well as modify Global.asax.cs to
  not call RouteConfig.RegisterRoutes()),
  then your project will still compile and the API controllers will still work fine, you will just be missing a pretty homepage.
  Note also that MVC Areas have their own MVC routing and do not use the global MVC routing, which is why the /Help page
  still works even when RouteConfig.cs has
  been removed.

• Are mutliple database calls really significant with a network call for a web API?

  At one of my employers, we worked on a REST (but it also applies to SOAP) API. The client, which is the application UI, would make calls over the web (LAN in typical production deployments) to the API. The API would make calls to the database.
  One theme that recurs in our discussions is performance: some people on the team believe that you should not have multiple database calls (usually reads) from a single API call because of performance; you should optimize them so that each API call has only
  (exactly) one database call.
  But is that really important? Consider that the UI has to make a network call to the API; that's pretty big (order of magnitude of milliseconds). Databases are optimized to keep things in memory and execute reads very, very quickly (eg. SQL Server loads and
  keeps everything in RAM and consumes almost all your free RAM if it can).
  TLDR: Is it really significant to worry about multiple database calls when we are already making a network call over the LAN? If so, why?
  To be clear, I'm talking about order of magnitude -- I know that it depends on specifics (machine hardware, choice of API and DB, etc.) If I have a call that takes O(milliseconds), does optimizing for DB calls that take an order of magnitude less, actually
  matter? Or is there more to the problem than this?
  Edit: for posterity, I think it's quite ridiculous to make claims that we need to improve performance by combining database calls under these circumstances -- especially
  with a lack of profiling. However, it's not my decision whether we do this or not; I want to know what the rationale is behind thinking this is a correct way of optimizing web API calls.

  But is that really important? Consider that the UI has to make a network call to the API; that's pretty big (order of magnitude of milliseconds). Databases are optimized to keep things in memory
  and execute reads very, very quickly (eg. SQL Server loads and keeps everything in RAM and consumes almost all your free RAM if it can).
  The Logic
  In theory, you are correct. However, there are a few flaws with this rationale:
  From what you stated, it's unclear if you actually tested / profiled your app. In other words, do you actually know that
  the network transfers from the app to the API are the slowest component? Because that is intuitive, it is easy to assume that it is. However, when discussing performance, you should never assume. At my employer, I am the performance lead. When I first joined,
  people kept talking about CDN's, replication, etc. based on intuition about what the bottlenecks must be. Turns out, our biggest performance problems were poorly performing database queries.
  You are saying that because databases are good at retrieving data, that the database is necessarily running at peak performance, is being used optimally, and there is nothing that can be done
  to improve it. In other words, databases are designed to be fast, so I should never have to worry about it. Another dangerous line of thinking. That's like saying a car is meant to move quickly, so I don't need to change the oil.
  This way of thinking assumes a single process at a time, or put another way, no concurrency. It assumes that one request cannot influence another request's performance. Resources are shared,
  such as disk I/O, network bandwidth, connection pools, memory, CPU cycles, etc. Therefore, reducing one database call's use of a shared resource can prevent it from causing other requests to slow down. When I first joined my current employer, management believed
  that tuning a 3 second database query was a waste of time. 3 seconds is so little, why waste time on it? Wouldn't we be better off with a CDN or compression or something else? But if I can make a 3 second query run in 1 second, say by adding an index, that
  is 2/3 less blocking, 2/3 less time spent occupying a thread, and more importantly, less data read from disk, which means less data flushed out of the in-RAM cache.
  The Theory
  There is a common conception that software performance is simply about speed.
  From a purely speed perspective, you are right. A system is only as fast as its slowest component. If you have profiled your code and found that the Internet is the slowest component, then everything else is obviously not the slowest part.
  However, given the above, I hope you can see how resource contention, lack of indexing, poorly written code, etc. can create surprising differences in performance.
  The Assumptions
  One last thing. You mentioned that a database call should be cheap compared to a network call from the app to the API. But you also mentioned that the app and the API servers are in the same LAN. Therefore, aren't both of them comparable as network calls? In
  other words, why are you assuming that the API transfer is orders of magnitude slower than the database transfer when they both have the same available bandwidth? Of course the protocols and data structures are different, I get that, but I dispute the assumption
  that they are orders of magnitude different.
  Where it gets murkey
  This whole question is about "multiple" versus "single" database calls. But it's unclear how many are multiple. Because of what I said above, as a general rule of thumb, I recommend making as few database calls as necessary. But that is
  only a rule of thumb.
  Here is why:
  Databases are great at reading data. They are storage engines. However, your business logic lives in your application. If you make a rule that every API call results in exactly one database call, then your business logic may end up in the database. Maybe that
  is ok. A lot of systems do that. But some don't. It's about flexibility.
  Sometimes to achieve good decoupling, you want to have 2 database calls separated. For example, perhaps every HTTP request is routed through a generic security filter which validates from the DB that the user has the right access rights. If they do, proceed
  to execute the appropriate function for that URL. That function may interact with the database.
  Calling the database in a loop. This is why I asked how many is multiple. In the example above, you would have 2 database calls. 2 is fine. 3 may be fine. N is not fine. If you call the database in a loop, you have now made performance linear, which means it
  will take longer the more that is in the loop's input. So categorically saying that the API network time is the slowest completely overlooks anomalies like 1% of your traffic taking a long time due to a not-yet-discovered loop that calls the database 10,000
  times.
  Sometimes there are things your app is better at, like some complex calculations. You may need to read some data from the database, do some calculations, then based on the results, pass a parameter to a second database call (maybe to write some results). If
  you combine those into a single call (like a stored procedure) just for the sake of only calling the database once, you have forced yourself to use the database for something which the app server might be better at.
  Load balancing: You have 1 database (presumably) and multiple load balanced application servers. Therefore, the more work the app does and the less the database does, the easier it is to scale because it's generally easier to add an app server than setup database
  replication. Based on the previous bullet point, it may make sense to run a SQL query, then do all the calculations in the application, which is distributed across multiple servers, and then write the results when finished. This could give better throughput
  (even if the overall transaction time is the same).
  TL;DR
  TLDR: Is it really significant to worry about multiple database calls when we are already making a network call over the LAN? If so, why?
  Yes, but only to a certain extent. You should try to minimize the number of database calls when practical, but don't combine calls which have nothing to do with each other just for the sake of combining them. Also, avoid calling the database in a loop at all
  costs.

• CS5 save for web bug with slices 1 png, the rest gif

  Do me good forum, this is my first post from 112 degree AZ.
  I'm trying to "save for web" slices in illustrator cs5. I optimize the images to transparent .png in the sidebar in the save for web dialog box. Then I click save. And I do the "user slices" option in the NEXT dialog (hello complicated process, but it makes sense to me). 5 slices should be output. 5 are. But only one is a png. The rest are gif files. And not transparent.
  That makes me to throw an anvil through the floor of the USS(R) Adobe.
  But rather than going through such extreme measures, I'd figure I'd post first.
  I guess in the time I researched and wrote this post, I could have saved each individual slice with the proper optimization settings, but what fun would that be? And maybe I'm just plain missing somthing and someone will say, hey "footheadleg" your a total moron. The checkbox to save ALL the slices for your desired setting is at blah blah blah.
  Do it. Shame me. And then, my problem will be fixed at last. MUwhwhwhwahahahaa.
  FREE GIFT: cmd+shift+d changes illustrators white artboard to transparent pixels. I learned that becasue I thought maybe I had a white layer showing on accident. I didn't. That's because I'm perfect. Perfectly human.

  Footheadleg, you have so much to learn, and so little time. Let me teach you my ways. Though while on Illustrator's main canvas it may seem that you can change settings of each slice, you can't. I know, there are little icons top left of each image, one looks like an email symbol, and it would seem you could just email the slice to a friend.
  Pretty soon you'll be able to "Like" the slice on Facebook. Or post it to your del.i.cious account. Or tweet it. Or 17,000 other VERY VALUABLE shares. But Footheadleg, these symbols mean nothing to you, except that they are slices.
  HOWEVER, when in "save for web" mode, you can in fact change the settings of each slice. Here's what you do. Press k. (slice tool selector thingie) then hop over to the sidebar and click on the settings you want. Do this for EACH slice. I know, it would seem easier if there was a checkbox that said "apply to all slices," but why make things easy?
  Plus, Illustrator is a rad program, so don't knock it, unless you can design something better. And you can't. So get over yourself and enjoy the pain
  Yours truly,
  Yourself.

• WCF Rest Service Vs Web API

  1. What is difference between WCF REST SERVICE(and not WCF) and WebAPI?
  2. When we should one over another?
  Deepak Talele Ph: 91-9158413830 Email: [email protected], [email protected]

  Hi,
  Use WCF to create reliable, secure web services that accessible over a variety of transports. Use ASP.NET Web API to create HTTP-based services that are accessible from a wide variety of clients. Use ASP.NET Web API if you are creating and designing new
  REST-style services. Although WCF provides some support for writing REST-style services, the support for REST in ASP.NET Web API is more complete and all future REST feature improvements will be made in ASP.NET Web API.
  For the difference between WCF REST Service and web api, you could refer to the following links for more information:
  https://msdn.microsoft.com/en-us/library/jj823172(v=vs.110).aspx
  http://www.dotnet-tricks.com/Tutorial/webapi/JI2X050413-Difference-between-WCF-and-Web-API-and-WCF-REST-and-Web-Service.html
  Regards

• Integrate JasperReport Server with C# REST Web Api

  Hi,
  Is anyone able to provide me a step by step example for integrating JasperReport Server with C# through REST V2 web API because I have little experience of Asp.net Web API.
  Thanks,
  Bo

  Please post questions related to third-party products in their forums.  For questions related to ASP.NET please post in the ASP.NET forums (http://forums.asp.net ).

• 5508 loading cert for web auth

  I have web auth enabled on the WLC so when clients connec they get a cert error because it is using the self signed cert.  I was reading up on getting a third part cert and it explains about getting openssl and then generating the cert and sending it to a third party CA etc.
  Any links you can share would be very helpful explaining best practices and method to load a third party cert on the WLC 5508 for web authentication.
  Why can't I just get a cert from them for our domain and simply load it on the WLC?

  Hi Mohammed,
  Here are the two links which are like bible to generate certs..
  http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080a77592.shtml
  http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a00806e367a.shtml
  Depends on whether you are using Chained or Un chained certs.. Following the above link will help you in getting the issue resolved!!
  Lemme know if this answered ur question!!
  Regards
  Surendra

• Where is Solaris OE Implementation for Win32 API Version 1.0.2.?

  the link on page http://soldc.sun.com/ntmigration/tools/jscoretool.html is broken.
  I search and found with no results.
  can anyone help ? or send a copy to my email box: [email protected]
  thanks a lot.

  >
  Try again for olaris[tm] OE Analyzer for C/C++ Source
  Code at
  http://soldc.sun.com/ntmigration/tools/jscoretool.html
  It has a new version now as 1.1.
  Also the Solaris OE Implementation for Win32 APIs
  also has a new version at
  http://soldc.sun.com/ntmigration/nttech/win32emulation
  .html
  Enjoy!The above link is broken. Can anyone please mail me the valid working link at [email protected]
  Would really appreciate your help,
  Thanks and Regards,
  Sanjay

• WCF and WP8.1: Can I only use WCF REST services? Then better WCF or Web API?

  I am trying to create a simple application to test WCF with WP8.1. I have created my service. Later I create my WP8.1 silver light application and I try to add a reference to my service Project. The problem is that I get an error that says that I have only
  add reference to projects that are Windows pone 8.
  I have read some solutions, but all of them are creating a WCF REST service, so my doubt if the WP8.1 applications only can connect to WCF REST services.
  In this case, if this is true, it not would be better to use Web API instead of WCF?
  Thanks so much.

  You can use any type of rest service with windows phone 8.1 because rest services can be called via the httpclient class.  You dont need a service reference.  Personally I prefer the web api but there is no reason you can not use a wcf rest service.

• Authentication for Stream Analytics REST Api

  Hi there,
  I am trying to use the stream analytics rest api from a java client. For other services (storage services for example), I am able to successfully use mutual certificate authorization. I create a management certificate using keytool and upload it through
  the settings tab in azure portal. I then create an SSLContext from this certificate. This all works and I am able to get access to the storage services api.
  The same flow does not seem to work for stream analytics api. When attempting to make an api call, I get 401 error code with the following response authorization header.
  GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.StreamAnalytics/streamingjobs?api-version=2014-10-01-preview
  WWW-Authenticate=[Bearer authorization_uri="https://login.windows.net/{...}", error="invalid_token", error_description="The access token is missing or invalid."]
  The result is the same whether or not I configure the certificate on the client side. So, it seems like the mutual certificate authorization is not supported in stream analytics as it is in the other management APIs. Can you confirm if this feature is not
  supported? If it is not supported, can you please provide some information on how we should be authenticating for stream analytics REST api?
  Thanks

  I did some more investigating. The Azure Stream Analytics REST Api documentation uses
  https://management.azure.com/
  as the base uri for managing stream analytics service. The .NET azure sdk source code on github, however, uses
  https://management.core.windows.net/  
  for the same. So, I have tried accessing some different variations of resources.
  https://management.core.windows.net/{my subscription id}/services/storageservices
  Response: 200 OK
  Here, I am using mutual certificate authorization to successfully reach storage services at management.core.windows.net. This verifies that the certificate authorization flow works for other services in the same subscription. 
  https://management.azure.com/subscriptions/{my subscription id}/resourcegroups/StreamAnalytics-Default-Central-US/providers/Microsoft.StreamAnalytics/streamingjobs?api-version=2014-10-01-preview
  Response: 401 Unauthorized
  Message: {"error":{"code":"AuthenticationFailed","message":"Authentication failed. The 'Authorization' header is not present or provided in an invalid format."}}
  Now I attempt to use the same mutual certificate authorization on the management.azure.com base uri for stream analytics management. The request fails and the error message notes that an expected Authorization header is missing. This leads me to
  believe that mutual certificate authorization is not supported on management.azure.com.
  The Authorization header makes sense for OAuth2 flow, so I am thinking that management.azure.com
  might only support OAuth2. I need server to server management, so OAuth2 flow will not work because it requires interactive browser redirect to work with management api. Active
  Directory only gives delegate permissions to management services, not application permissions. I believe this rules out using OAuth2 / Active Directory for headless
  authorization - please correct me if I am wrong.
  https://management.core.windows.net/subscriptions/{my subscription id}/resourcegroups/StreamAnalytics-Default-Central-US/providers/Microsoft.StreamAnalytics/streamingjobs?api-version=2014-10-01-preview
  Response: 403 Forbidden
  Message: <Error xmlns="http://schemas.microsoft.com/windowsazure" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><Code>ForbiddenError</Code><Message>The server failed to authenticate
  the request. Verify that the certificate is valid and is associated with this subscription.</Message></Error>
  Here I try to use the mangagement.core.windows.net base uri that is used in .net sdk. I get a 403 forbidden response. The error message indicates that the server attempted to complete the mutual certificate authorization. The server complains, though,
  that the certificate is invalid. This is the same certificate used successfully to manage storage services, so I know the certificate is valid and the client flow works.
  It would be great if someone could expand on the discrepancy between the base uri in the documentation vs .net sdk and provide some guidance on server to server authorization to stream analytics management api.
  Thanks,
  Dave

• Implementing authentication for web services

  Hi all,
  I'm struggling trying to guess how to implement basic HTTP authentication as well as using certificates in order to apply HTTPS, for some web services we've created, running on the Oracle Application Server 10.1.12. The web services were implemented using JDeveloper 9.0.4. Any help would be very appreciated.
  Thanks in advanced and regards,
  Luis

  Hi,
  But, I need to develop the web services logon method using WSDL which generated the LogonBindingImpl.java, instead of web services using EJB bean.
  Besides, the Web Service logon method (LogonBindingImpl.java) need to accept the input user name and password to check with the user name and password that stored in database table through the EJB bean. If checking successful, client program is allowed to invoke other WebServices method, else login failed exception need to be thrown when client calling other web services methods.
  Appreciate the advice here on how to achieve that. Thanks.

• Use Web API url for loading an external image in a report

  Hi there,
  I am trying to host an image in a report, which is coming out of a Web API. I am able access the image through a URL in a browser:
  https://companytest.com/api/TestFormImage?id=10358&EntityId=6719&imgMetadataName=TestDiagram
  Can anyone please help me how to include this in a report ? I have tried to include this as an external image with the URL embedded as a string like: 
  =string.Format("https://companytest.com/api/TestFormImage?id=10358&EntityId=6719&imgMetadataName=TestDiagram")
  NOTE: the output of the Web API is an image of MIME type PNG.
  Thanks in advance!
  Regards, Laks

  To add an external image
  In report design view, on the Insert tab, click Image.
  On the design surface, click and then drag a box to the desired size of the image.
  On the General tab of the Image Properties dialog box, type a name in the
  Name text box or accept the default.
  (Optional) In the Tooltip text box, type text to display when the user hovers over the image in a report rendered for HTML.
  In Select the image source, select External.
  For an image on a report server in native mode, type a relative path to the image in the
  Use this image box—for example, ../images/image1.jpg.
  For an image on a report server in SharePoint integrated mode, or any other Web site, type a full URL to the image in the
  Use this image box—for example, http://<SharePointservername>/<site>/Documents/images/image1.jpg.
  For more information, see Specifying Paths to External Items (Report Builder and SSRS).
  (Optional) Click Size, Visibility, Action, or
  Border to set additional properties for the image report item.
      Click OK.
  Andy Tauber
  Data Architect
  The Vancouver Clinic
  Website | LinkedIn
  This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click
  "Mark as Answer" and "Vote as Helpful" on posts that help you. This can be beneficial to other community members reading the thread.