Index

A

acceptance criteria, Acceptance Criteria, Acceptance Criteria for the New Features
access tokens, Accessing Protected Resources
action filters, Action filters
action invocation, Action invocation
action result converter, Action invocation
action selection
default vs. custom, Action selection
matched vs. attribute-based routes, Action selection
refinements to, Action selection
actions, Authorization
active authentication, Active and Passive Authentication Middleware
Advanced Research Projects Agency Network (ARPANET), The Internet, the World Wide Web, and HTTP, Media Type
affordances, Hypermedia (RMM Level 3), Hypermedia (RMM Level 3)
agile software development, Why Evolvable?
Amazon Simple Storage Service (S3), Token-Based Authentication
Amundsen, Mike, Hypermedia (RMM Level 3)
API contracts
breaking vs. nonbreaking changes to, Why Not Just Version?
link relation types
extended link relation types, Semantics
indirection layer, Indirection Layer
link hints, Semantics
reference data, Reference Data
semantics, Semantics
standard registry of, Semantics
static vs. embedded resources, Replacing Embedded Resources
syntax, Syntax
workflow, Workflow
media types
fear of new types, Media Type Explosion
generic media types/profiles, Generic Media Types and Profiles–Generic Media Types and Profiles
hypermedia types, Hypermedia Types
new formats, New Formats
new hypermedia types, Other Hypermedia Types
platform-independence of, Types of Contracts
popular formats, Popular Formats
primitive formats, Primitive Formats
new link relations design
basic characteristics, Designing New Link Relations
embedded, Embedded Link Relations
extension, Extension Link Relations
registration, Registering the Link Relation
standard, Standard Link Relations
new media type design
basic characteristics, Designing a New Media Type Contract
conveying semantics, Optional, Mandatory, Omitted, Applicable
embedded vs. external metadata, Embedded Versus External Metadata
enabling hypermedia, Enabling Hypermedia
extensibility and, Extensibility
format selection, Selecting a Format
registration, Registering the Media Type
self-description in, Self-Description
API styles
HTTP verbs (RMM level 2), HTTP VERBS (RMM Level 2)
hypermedia (RMM level 3), Hypermedia (RMM Level 3)
resource-centric, Crossing the Chasm Toward Resource-Centric APIs
resources (RMM level 1), Resources (RMM Level 1)
REST, REST
REST constraints, REST Constraints
Richardson Maturity Model (RMM), The Richardson Maturity Model
RPC (remote procedure call), RPC (RMM Level 0)
API wrappers (see wrapper libraries)
ApiController class, ValuesController, The ApiController Base Class, ApiController
AppHarbor PaaS (platform as a service), The OAuth 2.0 Authorization Framework
applicability, Optional, Mandatory, Omitted, Applicable
application delegates, OWIN
application element, Applications
application keys, Change Auditing
application state, Issue and Issue Store
application-level profile semantics (ALPS), Generic Media Types and Profiles
ArrayModelBinder, The ModelBindingParameterBinder Implementation
artifacts, Token-Based Authentication
ASP.NET infrastructure
application element, Applications
global configuration, Global Configuration
handler element, Handlers
hosting architecture, The Web API ASP.NET Handler
module element, Modules
processing access tokens in, Processing Access Tokens in ASP.NET Web API
routing in, ASP.NET Routing
Web API message translation, The Web API ASP.NET Handler
web hosting with, Web Hosting
ASP.NET MVC, Core Scenarios
ASP.NET Web API
authentication filters in, Web API Authentication Filters
benefits of, Core Scenarios
code-based configuration mode of, No More “Coding with Angle Brackets”
CORS support on, CORS Support on ASP.NET Web API
creating a new project, Getting Started with ASP.NET Web API
expressiveness of, First-Class HTTP Programming
flexible format support in, Flexible Support for Different Formats
Hello Web API example, “Hello Web API!”–The Host
integration tests in, Integration Tests in ASP.NET Web API
key goals of, Core Scenarios
model binding infrastructure in, Formatters and Model Binding
multiple hosting options in, Multiple Hosting Options
NuGet package management for, Getting Started with ASP.NET Web API
processing architecture (see processing architecture)
routing, Web API Routing
strongly typed HTTP views in, First-Class HTTP Programming
symmetric client/server programming in, Symmetric Client and Server Programming Experience
TLS protocol in, Using TLS in ASP.NET Web API
unit test for ActionFilterAttribute, Unit Testing an ActionFilterAttribute
unit test for ApiController, Unit Testing an ASP.NET Web API Implementation
unit test for HttpMessageHandler, Unit Testing an HttpMessageHandler
unit testability in, Unit Testability
ValuesController.cs file, ValuesController
WebApiConfig.cs file, WebApiConfig
.aspx files, Handlers
assertions, Token-Based Authentication
asymmetric cryptography, Public-Key Cryptography and Certificates
asymmetric signature mechanisms, Token-Based Authentication
Asynchronous Programming Model (APM), The HTTP Programming Model
Atom media type definition, The FormatterParameterBinder Implementation
attribute groups, Attribute Groups
attribute-based routing, Supporting attribute-based routes
auditing (see change auditing)
authentication
active/passive middleware, Active and Passive Authentication Middleware
authentication context, Web API Authentication Filters
authentication manager, Active and Passive Authentication Middleware
basics of, Authentication
challenge context, Web API Authentication Filters
claims model, The Claims Model–The Claims Model
client authentication, Client Authentication–Client Authentication
current principal retrieval/assignment, Retrieving and Assigning the Current Principal
filters, Authentication filters
for change auditing, Change Auditing
Hawk authentication scheme, The Hawk Authentication Scheme
HTTP authentication framework, The HTTP Authentication Framework
HTTP authentication implementation, Implementing HTTP-Based Authentication
in OAuth 2.0 framework, OAuth 2.0 and Authentication
Katana project, Katana Authentication Middleware
public-key authentication, Public-Key Cryptography and Certificates
schemes for, Authentication Schemes
server authentication, Server Authentication
server vs. client-side, Authentication
signature-based, Token-Based Authentication
token-based, Token-Based Authentication
transport-based, Transport-Based Authentication
Web API authentication filters, Web API Authentication Filters
workflows for, Authentication Workflows–Authentication Workflows
authorization
authorization code, Obtaining Access Tokens
authorization decisions, Authorization
authorization enforcement, Authorization–Authorization Enforcement
authorization grant, Obtaining Access Tokens
authorization policies, Authorization
basic model of, Authorization
cross-origin resource sharing, Cross-Origin Resource Sharing
OAuth 2.0 framework
accessing protected resources, Accessing Protected Resources
authentication, OAuth 2.0 and Authentication
authorization code grant, Obtaining Access Tokens, Authorization Code Grant
basics of, The OAuth 2.0 Authorization Framework
client applications, Client Applications
code flow example, Authorization Code Grant
front channel vs. back channel, Front Channel Versus Back Channel
obtaining access tokens, Obtaining Access Tokens
overview of, Conclusion
processing access tokens in ASP.NET, Processing Access Tokens in ASP.NET Web API
refresh tokens, Refresh Tokens
resource server/authorization server, Resource Server and Authorization Server
RFC 6819, Front Channel Versus Back Channel
scope, Scope
scope-based authorization, Scope-Based Authorization
authorization code grant, Authorization Code Grant
authorization filters, Authorization filters
authorization servers, The OAuth 2.0 Authorization Framework, Resource Server and Authorization Server
automated testing, Testability
AWS authentication, Additional Authentication Schemes
Azure Blob Service, Token-Based Authentication
Azure Service Bus, Azure Service Bus Host
Azure Service Management REST API, Client Authentication
Azure Storage services, Additional Authentication Schemes

B

back channel vs. front channel, Front Channel Versus Back Channel
basic authentication scheme, Authentication Schemes, The HTTP Authentication Framework
BDD (behavior-driven development), Building the Implementation Using BDD
bearer tokens, Token-Based Authentication, Accessing Protected Resources
Berners-Lee, Tim, The Internet, the World Wide Web, and HTTP, HTTP, Hypermedia (RMM Level 3)
boilerplate code, Client Libraries
bookmarks, links as, Links as bookmarks
bootstrap authentication, Token-Based Authentication
browser contexts, Client State

C

cachable methods, Method properties
caching
adding tests for output caching, Adding the Tests for Output Caching
benefits of, Caching, Implementing the Output Caching Support
cache behaviors, Cache behaviors
cache revalidation, Implementing Cache Revalidation
client dictation of, Lifetime
conditional GETs for cache revalidation, Implementing Conditional GETs for Cache Revalidation
ETags, ETags
expiration, Expiration
illustration of, Caching in Action–Caching in Action
implementation steps, Implementing the Output Caching Support
invalidation, Invalidation
negotiated responses, Caching and negotiated responses
stale responses, Validation
validation, Validation
certificates
certificate pinning, Server Authentication
certificate revocation lists (CRL), Revocation
creating for testing, Creating Test Keys and Certificates
public key certificates, Public-Key Cryptography and Certificates
self-issued, Public-Key Cryptography and Certificates
stores system for, Public-Key Cryptography and Certificates
Windows certificate management system, Public-Key Cryptography and Certificates
certification authorities (CA), Server Authentication, Public-Key Cryptography and Certificates
Certification Practice Statements, Public-Key Cryptography and Certificates
challenge context, Web API Authentication Filters
change auditing
application key authentication, Change Auditing
HAWK authentication, Implementing Change Auditing with Hawk Authentication–Implementing Change Auditing with Hawk Authentication
HMAC authentication, Change Auditing
security token authentication, Change Auditing
changes, breaking vs. nonbreaking, Why Not Just Version?
channel stack layer, WCF Architecture
channels, WCF Architecture
chunked transfer encoding, Content length and streaming, The Web API ASP.NET Handler
claims authorization managers, Authorization Enforcement
claims model, The Claims Model–The Claims Model
classical cryptography, Public-Key Cryptography and Certificates
client application state, Client State
client authentication, Authentication, Client Authentication–Client Authentication, Client Applications
(see also authentication)
client credentials grant, Obtaining Access Tokens
client development
application workflow
adapting to change, Change is inevitable
adding/removing resources, Application Workflow
client state, Client State
feature detection, Handle all the versions
interactive missions, Clients with Missions
workflow control, Need to Know
client libraries
ease of use vs. quality, Building the Client
links as functions, Links as Functions–Links as bookmarks
purpose of, Client Libraries
wrapper libraries, Wrapper Libraries–Hypermedia hostile
loose vs. tight coupling, Building the Client, Conclusion
cloud-hosted infrastructure, Azure Service Bus Host
code refactoring, Code refactoring
collection resources, HTTP VERBS (RMM Level 2), Collection Resources
Collection+Json, Collection+Json
common names, Server Authentication
conditional requests, Conditional requests
confidential clients, Client Applications
conflict management, Conflict Detection–Implementing Conflict Detection
constrained authorization, The OAuth 2.0 Authorization Framework
content delivery networks (CDNs), Types of Intermediaries
content negotiation
basics of, Content Negotiation
FormatterParameterBinder+ implementation, Conclusion
media type preferences and, Domain-Specific Media Types
proactive, Proactive Negotiation
reactive, Reactive Negotiation
server-driven approach to, Flexible Support for Different Formats, Creating Message Content
controller dispatcher handler, Route Dispatching
controller pipeline
action invocation, Action invocation
action selection, Action selection
ApiController, ApiController
controller activation, Controller Activation
controller selection, Controller Selection
custom controller selectors, Plugging in a custom controller selector
diagram of, HTTP Message Flow Overview, ApiController Processing Model
filters, Filters
HttpControllerDispatcher, HttpControllerDispatcher
model binding/validation, Model binding and validation
responsibilities of, The Controller Pipeline
Russian doll structure, ApiController Processing Model
cool URIs, Cool URIs
coupling
decoupling, Application Workflow
loose vs. tight, Building the Client, Conclusion
Cross-Origin Resource Sharing (CORS), Cross-Origin Resource Sharing–CORS Support on ASP.NET Web API
cross-site request forgery (CSRF) attacks, Cross-Origin Resource Sharing, Front Channel Versus Back Channel
CRUD (create-read-update-delete), Acceptance Criteria
cryptographic hash functions, Token-Based Authentication
current identity, Retrieving and Assigning the Current Principal
current principal, The Claims Model, Retrieving and Assigning the Current Principal
current state attributes, Item Resources
custom message handlers, Dispatcher

D

data model, Issue and Issue Store
data volatility, Item Resources
deadlock, Client Message Handlers
debugging
Fiddler tool for, A read-only greeting service
tracing, Tracing
(see also testability)
Defense Advanced Research Projects Agency (DARPA), The Internet, the World Wide Web, and HTTP
delegated constrained authorization, The OAuth 2.0 Authorization Framework
DELETE method, HTTP Methods
demultiplexing, Using TLS with IIS Hosting
dependency injection, Dependency injection and mocking
descriptive attributes, Item Resources
digest access authentication scheme, The HTTP Authentication Framework
digest authentication scheme, Authentication Schemes
dispatcher, Dispatcher
dynamic types, Feature: Creating Issues

E

e-government Web APIs, Client Authentication
electronic identity initiatives, Client Authentication
encoders, WCF Architecture
endpoints, Handlers
entity bodies, HTTP Message Exchange
entity-tags (ETags), ETags, The Message Handler Pipeline
environment dictionary, OWIN
evolvability
barriers to, Barriers to Evolution
Issue Tracker example API, Walking the Walk–Item Resources
need for, Why Evolvable?
price of, The Application, What Is the Cost?
vs. overspecification, What Is the Cost?
vs. versioning, Why Not Just Version?
exception filters, Exception filters
expiration, Expiration
extended link relation types, Semantics
extensibility, Extensibility, Model Validation

F

feature detection, What Is the Cost?, Handle all the versions
Fiddler debugging tool, A read-only greeting service
Fielding, Roy, HTTP, Hypermedia (RMM Level 3), REST
filter pipeline
conversion into HttpResponseMessage, Conversion into an HttpResponseMessage
filter interfaces, Filters
overview of, The ApiController Base Class
parameter binding, Parameter binding
filters
action, Action filters
authentication, Authentication filters, Web API Authentication Filters
authorization, Authorization filters
creating new, Filters
exception, Exception filters
filter classes, Filters
in model validation, Querying the Validation Results
ordering/execution of, Filters
storage of, Filters
Flickr API, Resources (RMM Level 1)
FormatterParameterBinder, The FormatterParameterBinder Implementation
formatters/model binding
benefits of models, The Importance of Models in ASP.NET Web API
built-in model binders
architecture of, The ModelBindingParameterBinder Implementation
HttpParameterBinding, Default HttpParameterBinding Selection
model binding against URIs only, Model Binding Against URIs Only
ModelBindingParameterBinder, The ModelBindingParameterBinder Implementation
overview of, Built-In Model Binders
role of, Model Binders
value providers, Value Providers
controller pipeline and, Model binding and validation
default formatters, Consuming Message Content
formatters
role of, The ModelBindingParameterBinder Implementation, The FormatterParameterBinder Implementation
synchronous formatters, The FormatterParameterBinder Implementation
JSONMediaTypeFormatter, The FormatterParameterBinder Implementation
media type formatters, Consuming Message Content, The FormatterParameterBinder Implementation
model binding operation, How Model Binding Works
model validation
applying data annotation attributes, Applying Data Annotation Attributes to a Model
importance of, Model Validation
querying validation results, Querying the Validation Results
overview of, Conclusion
use in mapping, Formatters and Model Binding
XmlMediaTypeFormatter, The FormatterParameterBinder Implementation
forms, Hypermedia (RMM Level 3)
front channel vs. back channel, Front Channel Versus Back Channel

G

gateways, Types of Intermediaries
geolocated resources, Indirection Layer
GET method
basics of, HTTP Methods
conditional, The Message Handler Pipeline
Gherkin syntax, Building the Implementation Using BDD, Acceptance Criteria
GitHub API, HTTP VERBS (RMM Level 2)
Google Web Accelerator incident, Paying Attention to the Web

H

H-factors, Hypermedia (RMM Level 3)
Hammer, Eran, Additional Authentication Schemes
handler element, Handlers
handshake subprotocol, Transport Security
HAWK authentication, Additional Authentication Schemes, Implementing Change Auditing with Hawk Authentication–Implementing Change Auditing with Hawk Authentication, The Hawk Authentication Scheme
HEAD method, HTTP Methods
Hello World example API
client for, The Client
configuration details, A read-only greeting service
content negotiation, Content negotiation
controller addition, A read-only greeting service
creating, “Hello Web API!”
error handling, Handling errors
greeting addition, Add a greeting
host for, The Host
method addition, A read-only greeting service
testing, Testing the API
testing with Fiddler, A read-only greeting service
HMAC (hash-based message authentication code), Change Auditing, Token-Based Authentication
holder-of-key authentication, Token-Based Authentication
homogeneous APIs, Media Types in the Issue Tracking Domain
hosting
Azure Service Bus host, Azure Service Bus Host
hosting layer responsibilities, Hosting
in-memory
basics of, Hosting
diagram of, In-Memory Hosting
HttpClient/HttpServer instances, In-Memory Hosting
in Issue Tracker API, Feature: Retrieving Issues
OWIN hosting
authentication in, Implementing HTTP-Based Authentication
basics of, The Hosting Layer, Hosting
interface for, OWIN
Katana project, The Katana Project, Katana Authentication Middleware
open standard for, Hosting Web API with OWIN and Katana
OWIN ecosystem, The OWIN Ecosystem
Web API configuration, Web API Configuration
Web API middleware, Web API Middleware
self-hosting
basics of, The Hosting Layer, Hosting
flexibility of, Multiple Hosting Options
HttpSelfHostConfiguration class, The HttpSelfHostConfiguration Class
HttpSelfHostServer class, The HttpSelfHostServer Class, The HttpSelfHostServer Class
in Issue Tracker API, Self-Host
typical code for, Self-Hosting
URL reservation and access control, URL Reservation and Access Control
WCF architecture, WCF Architecture
web hosting
ASP.NET infrastructure, Web Hosting
ASP.NET routing, ASP.NET Routing
basics of, The Hosting Layer, Hosting
global configuration, Global Configuration
Web API ASP.NET handler, The Web API ASP.NET Handler
Web API routing, Web API Routing
HTTP (Hypertext Transfer Protocol)
authentication, Authentication, The HTTP Authentication Framework, Implementing HTTP-Based Authentication
basics of, HTTP
cache behaviors, Cache behaviors
caching, Caching
common methods, HTTP Methods
conditional requests, Conditional requests
content negotiation, Content Negotiation
ETags, ETags
expiration, Expiration
header types, Headers
httpbis, Moving Beyond HTTP 1.1
intermediaries, Intermediaries
invalidation, Invalidation
media type identifiers, Versioning the media type
message exchange, HTTP Message Exchange
method properties, Method properties
negotiated responses, Caching and negotiated responses
status codes, HTTP Status Codes
validation, Validation
HTTP headers
basics of, HTTP Message Exchange
consumption/production of, Headers
content header collection, Headers
header container classes/properties, Headers, Headers
list of, HTTP Headers
registry for, Headers
specifications for, Headers
types of, Headers
HTTP methods, HTTP Message Exchange
HTTP Over TLS (HTTPS), Transport Security
HTTP programming model
assembly availability, The HTTP Programming Model
earlier models, The HTTP Programming Model
goals for new model, The HTTP Programming Model
headers
consumption/production of, Headers
content header collection, Headers
header container classes/properties, Headers, Headers
registry for, Headers
specifications for, Headers
message abstraction
composition of, Messages
diagram of, Messages
message classes, Messages
requests, Messages
responses, Messages
message content
base class for, Message Content
consuming, Consuming Message Content
creating, Creating Message Content–Custom content classes
HTTP verbs (RMM level 2) API style, HTTP VERBS (RMM Level 2)
HttpClient library
client message handlers
chaining capability, Client Message Handlers
fake response handlers, Fake Response Handlers
HttpMessageHandler, Client Message Handlers
HttpMethodOverrideHandler, Client Message Handlers
MessageProceesingHandler, Client Message Handlers
proxying handlers, Proxying Handlers
reusable response handlers, Creating Resuable Response Handlers
history of, HttpClient
HttpClient Class
content access with, Content Is Everything
exceptions and, Completed Requests Don’t Throw
GetAsync method, Peeling Off the Layers
helper methods for, Helper Methods
lifecycle of, Lifecycle
multiple instances of, Multiple Instances
request cancellation, Cancelling the Request
SendAsync method, SendAsync
simplicity of, HttpClient Class
thread safety in, Thread Safety
wrapper for, Wrapper
HttpControllerDispatcher, HttpControllerDispatcher
HttpMessageInvoker, The Message Handler Pipeline
HttpParameterBinding
configuration with a rule, How Model Binding Works
default selection of, Default HttpParameterBinding Selection
implementation of, How Model Binding Works
selection of, How Model Binding Works
hydrating, The ModelBindingParameterBinder Implementation
hypermedia
affordances, Hypermedia (RMM Level 3)
benefits of, Hypermedia (RMM Level 3), Primitive Formats, Hypermedia Types
client support for, Hypermedia hostile
Collection+Json, Collection+Json, Retrieving All Issues as Collection+Json
definition of, Hypermedia (RMM Level 3)
enabling in media type design, Enabling Hypermedia
H-factors, Hypermedia (RMM Level 3)
implementation of, Hypermedia (RMM Level 3)
origins of, Hypermedia (RMM Level 3)
proper place to handle, Retrieving All Issues
Siren, Siren
workflow definition with, Workflow
Hypermedia Application Language (HAL), Generic Media Types and Profiles
hypertext, Hypermedia (RMM Level 3)

I

IANA (Internet Assigned Numbers Authority)
Internet-related specification, Semantics
media type registration, Media type registration, Domain-Specific Media Types, Registering the Media Type
public media type catalog, Flexible Support for Different Formats
idempotent methods, Method properties
identity providers, The Claims Model
IETF (Internet Engineering Task Force)
dynamic registration of clients, Client Applications
header approval by, Headers
httpbis working body, Moving Beyond HTTP 1.1
Internet-related specifications, Semantics
IHttpController, ApiController, IHttpActionResult in Web API 2
in-memory hosting
basics of, Hosting
diagram of, In-Memory Hosting
HttpClient/HttpServer instances, In-Memory Hosting
in Issue Tracker API, Feature: Retrieving Issues
indirection layer, Indirection Layer
information model
attribute group collections, Collections of Attribute Groups
attribute groups, Attribute Groups
basic design, Information Model
diagram of, Information Model Versus Media Type
media types vs. list capabilities, Collections of Issues
related resources, Related Resources
subdomains of, Subdomains
vs. media types, Information Model Versus Media Type
integration tests, in ASP.NET Web API, Integration Tests in ASP.NET Web API
intermediaries, Intermediaries
Internet, The Internet, the World Wide Web, and HTTP
Internet Information Services (IIS), Multiple Hosting Options
Internet media types, Consuming Message Content
Internet protocol suite (TCP/IP), The Internet, the World Wide Web, and HTTP, Transport Security
invalidation, Invalidation
ISAM (indexed sequential access method) databases, Primitive Formats
Issue Tracker example API
building the API
acceptance criteria, Acceptance Criteria–Acceptance Criteria
design overview, The Design
downloading implementation/unit tests, Getting the Source
issue creation, Feature: Creating Issues–Feature: Creating Issues
issue deletion, Feature: Deleting Issues–Deleting an Issue That Does Not Exist
issue retrieval, Feature: Retrieving Issues–Searching Issues
issue updating, Feature: Updating Issues–Updating an Issue That Does Not Exist
models and services, Models and Services–IssueLinkFactory
navigating the solution, Navigating the Solution
packages and libraries, Packages and Libraries
self-host for, Self-Host
using behavior-driven development, Building the Implementation Using BDD
improving the API
acceptance criteria, Acceptance Criteria for the New Features
auditing, Change Auditing–Implementing Change Auditing with Hawk Authentication
caching, Implementing the Output Caching Support–Implementing Conditional GETs for Cache Revalidation
conflict management, Conflict Detection–Implementing Conflict Detection
tracing, Tracing–Implementing Tracing
information model
attribute group collections, Collections of Attribute Groups
attribute groups, Attribute Groups
basic design, Information Model
diagram of, Information Model Versus Media Type
issue collections, Collections of Issues
related resources, Related Resources
subdomains, Subdomains
vs. media types, Information Model Versus Media Type
media types in
discovery resources, Discovery Resource
item resources, Item Resources
list resources, List Resources
search resource, Search Resource
objectives for
challenges faced by, Opportunity
goals, Application Objectives
resource models
collection resources, Collection Resources
diagram of, Item Resources
goals of, Resource Models
item resources, Item Resources
root resource, Root Resource
search resources, Search Resources
item resources, HTTP VERBS (RMM Level 2)

J

JSON numeric values, Extensibility
JSON Web Token (JWT), Token-Based Authentication
JSONMediaTypeFormatter, The FormatterParameterBinder Implementation

K

Katana project, The Katana Project, Katana Authentication Middleware, Active and Passive Authentication Middleware, Processing Access Tokens in ASP.NET Web API
kernel-mode device drivers, URL Reservation and Access Control

L

leaf certificates, Server Authentication
link relation types
designing new
basic characteristics, Designing New Link Relations
embedded, Embedded Link Relations
extension, Extension Link Relations
registration, Registering the Link Relation
standard, Standard Link Relations
extended link relation types, Semantics
indirection layer, Indirection Layer
link hints, Semantics
purpose of, Link Relation Types
reference data, Reference Data
semantics, Semantics
standard registry of, Semantics
static vs. embedded resources, Replacing Embedded Resources
syntax, Syntax
workflow, Workflow
links
as bookmarks, Links as bookmarks
as functions
deserializing links, Deserializing links
link relation type, Links as Functions
request/response separation, Separating request and response
service antipattern, Service antipattern
hypermedia affordance, Hypermedia (RMM Level 3)
media type profiles and, Media Type Profiles
load balancing, Indirection Layer
loose coupling, Building the Client, Conclusion

M

MAC tokens, Token-Based Authentication, Accessing Protected Resources
MAC-then-Encrypt design, Transport Security
man in the middle (MITM) attacks, Server Authentication, Public-Key Cryptography and Certificates
management certificates, Client Authentication
mandatory properties, Optional, Mandatory, Omitted, Applicable
media types
catalog of, Flexible Support for Different Formats
dedicated vs. multiple, Media Types in the Issue Tracking Domain
definition of, Media Type
designing new contracts
basic characteristics, Designing a New Media Type Contract
conveying semantics, Optional, Mandatory, Omitted, Applicable
embedded vs. external metadata, Embedded Versus External Metadata
enabling hypermedia, Enabling Hypermedia
extensibility and, Extensibility
format selection, Selecting a Format
registration, Registering the Media Type
domain-specific, Domain-Specific Media Types, New Formats
fear of new types, Media Type Explosion
generic media types/profiles, Generic Media Types and Profiles–Generic Media Types and Profiles
hypermedia types, Hypermedia Types
Internet media types, Consuming Message Content
list capabilities of, Collections of Issues
list of, Media Types
new formats, New Formats
new hypermedia types, Other Hypermedia Types
opaque identifiers, Versioning the media type
origin of, Media Type
out-of-band knowledge and, Media Types
parts of, Media Type
popular formats, Popular Formats
primitive formats, Primitive Formats
profile link relation, Media Type Profiles
purpose of, Types of Contracts
registration of, Media type registration
service-specific, New Formats
specification for application/issue+json, Media Type Specification for application/issue+json
versioning and, Versioning the media type
vs. information models, Information Model Versus Media Type
MediaTypeFormatter, The FormatterParameterBinder Implementation, Unit Testing a MediaTypeFormatter
message authentication codes (MAC), Transport Security
message exchange protocol, HTTP Message Exchange
message flow (see routing)
message handler pipeline
attribute-based routes, Supporting attribute-based routes
conditional GET requests with Etags, The Message Handler Pipeline
controller activation, Controller Activation
controller selection, Controller Selection
custom controller selectors, Plugging in a custom controller selector
custom message handler, Dispatcher
default services, Plugging in a custom controller selector
diagram of, HTTP Message Flow Overview, The Message Handler Pipeline
dispatcher, Dispatcher
HttpMessageInvoker, The Message Handler Pipeline
initializing, The Message Handler Pipeline
role of, Message Handler Pipeline
route-specific, Dispatcher
Russian doll model, The Message Handler Pipeline
task-based guidelines, The Message Handler Pipeline
message headers, Headers
message representatives, Token-Based Authentication
messaging
brokered, Azure Service Bus Host
relayed, Azure Service Bus Host
self-descriptive, What Is the Cost?, Self-Description
WCF architecture for, WCF Architecture
methods
additional properties, Method properties
basics of, HTTP Message Exchange
types of, HTTP Methods
middleware, Intermediaries, OWIN, Katana Authentication Middleware, Active and Passive Authentication Middleware, Processing Access Tokens in ASP.NET Web API
MIME (Multipurpose Internet Mail Extensions), Media Type
missions, Clients with Missions
mocking, Dependency injection and mocking
model binding infrastructure, Formatters and Model Binding
(see also formatters/model binding)
ModelBindingParameterBinder, The ModelBindingParameterBinder Implementation
module element, Modules
MVC 4 Web Application project, Getting Started with ASP.NET Web API

N

negotiated responses, Caching and negotiated responses
.NET Framework HTTP programming model (see HTTP programming model)
Nielsen, Henrik Frystyk, HTTP
nonce, Token-Based Authentication
nontransforming proxies, Types of Intermediaries
noun-centric/non-object-oriented style, Crossing the Chasm Toward Resource-Centric APIs
NuGet package management application, Getting Started with ASP.NET Web API

O

OAuth 2.0 authorization framework
accessing protected resources, Accessing Protected Resources
authentication, OAuth 2.0 and Authentication
authorization code grant, Obtaining Access Tokens, Authorization Code Grant
basics of, Additional Authentication Schemes, The OAuth 2.0 Authorization Framework
change auditing with, Change Auditing
client applications, Client Applications
code flow example, Authorization Code Grant
front channel vs. back channel, Front Channel Versus Back Channel
obtaining access tokens, Obtaining Access Tokens
overview of, Conclusion
processing access tokens in ASP.NET, Processing Access Tokens in ASP.NET Web API
refresh tokens, Refresh Tokens
resource server/authorization server, Resource Server and Authorization Server
RFC 6819, Front Channel Versus Back Channel
scope, Scope
scope-based authorization, Scope-Based Authorization
object relational mapping (ORM) libraries, Lifetime
omitted properties, Optional, Mandatory, Omitted, Applicable
online certificate status protocol (OCSP), Revocation
opaque identifiers, Versioning the media type
OpenID Connect, OAuth 2.0 and Authentication, Conclusion
optional properties, Optional, Mandatory, Omitted, Applicable
OPTIONS method, HTTP Methods
origin concept, Cross-Origin Resource Sharing
out-of-band knowledge, Media Types
output caching, Adding the Tests for Output Caching
overspecification, What Is the Cost?
OWIN (Open Web Interface for .NET) hosting
authentication in, Implementing HTTP-Based Authentication
basics of, The Hosting Layer, Hosting
interface for, OWIN
Katana project, The Katana Project
open standard for, Hosting Web API with OWIN and Katana
OWIN ecosystem, The OWIN Ecosystem
Web API configuration, Web API Configuration
Web API middleware, Web API Middleware

P

parameter binding, Parameter binding
passive authentication, Active and Passive Authentication Middleware
passwords, Token-Based Authentication
PATCH method, HTTP Methods
payload-based versioning, Payload-based versioning
peers, Transport Security
per-route message handlers, Dispatcher
pinsets, Server Authentication
policy providers, CORS Support on ASP.NET Web API
POST method, HTTP Methods
preflight requests, Cross-Origin Resource Sharing
processing architecture
ApiController base class, The ApiController Base Class
controller handling, Controller Handling
hosting layer, The Hosting Layer
hosting layer alternatives, The Hosting Layer
HTTP request sample message, Processing Architecture
message handler pipeline, Message Handler Pipeline
overview of, Processing Architecture
route dispatching, Route Dispatching
sample controller, Processing Architecture
profile link relation, Media Type Profiles
programming model (see ASP.NET Web API; HTTP programming model)
properties, applicability of, Optional, Mandatory, Omitted, Applicable
protected internal calls, The Message Handler Pipeline
proxies, Types of Intermediaries
public clients, Client Applications
public key infrastructure (PKI), Client Authentication
public key pinning extension for HTTP, Server Authentication
public-key cryptography, Public-Key Cryptography and Certificates–Creating Test Keys and Certificates
pull/push-style messaging, Consuming Message Content
PUT method, HTTP Methods

Q

query strings, URI
querying, Search Resource, Retrieving All Issues as Collection+Json, Service antipattern
QueryStringMapping, The FormatterParameterBinder Implementation
queues, Azure Service Bus Host

R

reactive behavior, Handle all the versions, Creating Resuable Response Handlers
record subprotocol, Transport Security
red and green (failure/success) cycle, The red and green cycle
reference data, Reference Data
reference-based tokens, Token-Based Authentication
refresh tokens, Refresh Tokens
rehydrating, The ModelBindingParameterBinder Implementation
relying party, The Claims Model
representation headers, Headers
request context, The Web API ASP.NET Handler
request headers, Headers
RequestHeaderMapping, The FormatterParameterBinder Implementation
resource class, Collection Resources
Resource Description Framework (RDF), Generic Media Types and Profiles
resource models
attribute subsets, Item Resources
collection resources, Collection Resources
diagram of, Item Resources
goals of, Resource Models
item resources, Item Resources
root resource, Root Resource
search resources, Search Resources
resource owner password credentials grant, Obtaining Access Tokens
resource servers, The OAuth 2.0 Authorization Framework, Resource Server and Authorization Server
resource state, Issue and Issue Store
resource-centric APIs, Crossing the Chasm Toward Resource-Centric APIs
resources
accessing protected, Accessing Protected Resources
collection resources, HTTP VERBS (RMM Level 2)
concept vs. implementation of, Collection Resources
cross-origin resource sharing, Cross-Origin Resource Sharing
definition of, Resource
discovery resources, Discovery Resource
in authorization model, Authorization
item resources, HTTP VERBS (RMM Level 2), Item Resources
list resources, List Resources
multiple representations, Multiple Representations
related resources in information model, Related Resources
representations, Representation
search resources, Search Resource
static vs. embedded, Replacing Embedded Resources, Change is inevitable
typelessness and, Feature: Creating Issues
resources (RMM level 1) style, Resources (RMM Level 1)
response headers, Headers
REST (Representational State Transfer)
constraints of, REST Constraints
definition of, REST
hypermedia and, Hypermedia (RMM Level 3)
RESTful APIs vs. REST architectural style, The Application
REST architectural style
application workflow, Workflow
breaking vs. nonbreaking changes, Why Not Just Version?
vs. RESTful APIs, The Application
revalidation, Implementing Cache Revalidation
RFC (Request for Comments)
RFC 181, Transport Security
RFC 2104, Token-Based Authentication
RFC 2617, The HTTP Authentication Framework
RFC 4366, Using TLS with IIS Hosting
RFC 4949, Authentication, Token-Based Authentication
RFC 5246, Transport Security
RFC 5861, Validation
RFC 6454, Cross-Origin Resource Sharing
RFC 6749, The OAuth 2.0 Authorization Framework
RFC 6750, Token-Based Authentication
RFC 6819, Front Channel Versus Back Channel
Richardson Maturity Model (RMM), The Richardson Maturity Model–Hypermedia (RMM Level 3)
Richardson, Leonard, The Richardson Maturity Model
root certification, Server Authentication
root resource, Root Resource
route-specific message handlers, Dispatcher
routing
ASP.NET routing classes, ASP.NET Routing
configuration in ASP.NET, ASP.NET Routing
controller pipeline
action invocation, Action invocation
action selection, Action selection
ApiController, ApiController
diagram of, ApiController Processing Model
filters, Filters
model binding/validation, Model binding and validation
responsibilities of, The Controller Pipeline
Russian doll structure, ApiController Processing Model
HTTP message flow overview, HTTP Message Flow Overview
message handler pipeline
controller activation, Controller Activation
controller selection, Controller Selection
dispatcher, Dispatcher
HttpControllerDispatcher, HttpControllerDispatcher
HttpMessageInvoker, The Message Handler Pipeline
initializing, The Message Handler Pipeline
Russian doll model, The Message Handler Pipeline
route declaration methods, WebApiConfig
RouteConfig, WebApiConfig
routing dispatcher handler, Route Dispatching
unit testing of, Unit Testing Routes
Web API routing adaptation classes, Web API Routing
Web API routing classes, Web API Routing
RPC (remote procedure call) style, RPC (RMM Level 0)
RSS media type definition, The FormatterParameterBinder Implementation

S

safe methods, Method properties
same-origin security policies, Cross-Origin Resource Sharing
SAML (Security Assertion Markup Language), Token-Based Authentication, Front Channel Versus Back Channel
scalability, Implementing the Output Caching Support
scope
authorization constraint definition, Scope
scope-based authorization, Scope-Based Authorization
search resources, Search Resources
searching, Search Resource, Searching Issues
Secure Socket Layer protocol (SSL), Transport Security
security issues
auditing, Change Auditing–Implementing Change Auditing with Hawk Authentication
authentication
active/passive middleware, Active and Passive Authentication Middleware
claims model, The Claims Model–The Claims Model
client authentication, Client Authentication–Client Authentication
current principal retrieval/assignment, Retrieving and Assigning the Current Principal
Hawk authentication scheme, The Hawk Authentication Scheme
HTTP authentication framework, The HTTP Authentication Framework
HTTP authentication implementation, Implementing HTTP-Based Authentication
Katana project, Katana Authentication Middleware
server authentication, Server Authentication
server vs. client-side, Authentication
token-based, Token-Based Authentication
transport-based, Transport-Based Authentication
Web API authentication filters, Web API Authentication Filters
authorization
authorization decisions, Authorization
authorization enforcement, Authorization–Authorization Enforcement
authorization policies, Authorization
basic model of, Authorization
cross-origin resource sharing, Cross-Origin Resource Sharing
exception filters, Exception filters
OAuth 2.0 framework
accessing protected resources, Accessing Protected Resources
authentication, OAuth 2.0 and Authentication
authorization code grant, Authorization Code Grant
basics of, The OAuth 2.0 Authorization Framework
client applications, Client Applications
code flow example, Authorization Code Grant
drawbacks of, Conclusion
front channel vs. back channel, Front Channel Versus Back Channel
obtaining access tokens, Obtaining Access Tokens
overview of, Conclusion
processing access tokens in ASP.NET, Processing Access Tokens in ASP.NET Web API
refresh tokens, Refresh Tokens
resource server/authorization server, Resource Server and Authorization Server
RFC 6819, Front Channel Versus Back Channel
scope, Scope
scope-based authorization, Scope-Based Authorization
tracing, Tracing–Implementing Tracing
Transport Layer Security (TLS)
in ASP.NET Web API, Using TLS in ASP.NET Web API
subprotocols of, Transport Security
with IIS hosting, Using TLS with IIS Hosting
with self-hosting, Using TLS with Self-Hosting
transport security
bearer tokens, Accessing Protected Resources
goals of, Transport Security
HTTPS, Transport Security
security tokens, Token-Based Authentication
self-descriptive messaging, What Is the Cost?, Self-Description
self-hosting
basics of, The Hosting Layer, Hosting
flexibility of, Multiple Hosting Options
HttpSelfHostConfiguration class, The HttpSelfHostConfiguration Class
HttpSelfHostServer class, The HttpSelfHostServer Class
in Issue Tracker API, Self-Host
TLS configuration, Using TLS with Self-Hosting
typical code for, Self-Hosting
URL reservation and access control, URL Reservation and Access Control
WCF architecture, WCF Architecture
serialization, The Importance of Models in ASP.NET Web API
server authentication, Authentication, Server Authentication
(see also authentication)
Server Name Indication (SNI), Using TLS with IIS Hosting
Service Bus, Azure Service Bus Host
service interruptions, Reliability
service model layer, WCF Architecture
service objects, The Web API ASP.NET Handler
session keys, Public-Key Cryptography and Certificates
sessions, Lifetime
Should library, Understanding the tests
signature-based authentication, Token-Based Authentication
Single Responsibility Principle, The Tests
single-page applications (SPA), Client Applications
Siren, Siren
smartcards, Client Authentication
SOAP web services, What About SOAP Web Services?, First-Class HTTP Programming, Why Evolvable?, Feature: Creating Issues
software development models
classic browser-based applications, The Application
conventional vs. agile, Why Evolvable?
design by URL, Item Resources
evolvable APIs, Why Evolvable?
homogeneous APIs, Media Types in the Issue Tracking Domain
loosely vs. tightly-coupled clients, Building the Client, Conclusion
performance-critical systems, Hypermedia Types
representation design, Change is inevitable
versioning, Why Not Just Version?
waterfall approach, Why Evolvable?
SPDY protocol, Moving Beyond HTTP 1.1
stale responses, Expiration
state model, IssueState
status codes, HTTP Message Exchange, HTTP Status Codes
stream writers, Creating Message Content
strong wildcards, URL Reservation and Access Control
style, definition of, API Styles
(see also API styles)
Subject Alternative Names, Using TLS with IIS Hosting, Server Authentication
subjects, Authorization
subtypes, Media Type
symmetric cryptography, Public-Key Cryptography and Certificates
symmetric signature mechanisms, Token-Based Authentication
syntax, Syntax
system entities, Authentication

T

Task Asynchronous Pattern (TAP), The HTTP Programming Model
task-based message handlers, The Message Handler Pipeline
tasks, Clients with Missions
TDD (test-driven development), Building the Implementation Using BDD, The Role of Unit Testing in Test-Driven Development
temporary service interruptions, Reliability
test keys, creating, Creating Test Keys and Certificates
testability
automated testing, Testability
fake response handlers, Fake Response Handlers
Fiddler debugging tool, A read-only greeting service
integration tests in ASP.NET Web API, Integration Tests in ASP.NET Web API
overview of, Conclusion
support in ASP.NET Web API, Unit Testability
tracing, Tracing
unit testing routes, Unit Testing Routes
unit tests
frameworks for, Unit Testing Frameworks
in Visual Studio, Getting Started with Unit Testing in Visual Studio
organization of, Unit Tests
role in test-driven development (TDD), The Role of Unit Testing in Test-Driven Development
with xUnit.NET, xUnit.NET
unit tests for ASP.NET Web APIs
ActionFilterAttribute, Unit Testing an ActionFilterAttribute
ApiController, Unit Testing an ASP.NET Web API Implementation
HttpMessageHandler, Unit Testing an HttpMessageHandler
MediaTypeFormatter, Unit Testing a MediaTypeFormatter
Thinktecture Authorization Server (T.A.S.), The OAuth 2.0 Authorization Framework, Resource Server and Authorization Server
tight coupling, Building the Client
timestamps, Token-Based Authentication
token-based authentication
access tokens, Obtaining Access Tokens
artifacts vs. assertions, Token-Based Authentication
bearer tokens, Accessing Protected Resources
bearer vs. holder-of-key, Token-Based Authentication
JSON Web Token (JWT), Token-Based Authentication
passwords, Token-Based Authentication
refresh tokens, Refresh Tokens
SAML (Security Assertion Markup Language), Token-Based Authentication
security tokens, Token-Based Authentication
top-level media types, Media Type
topics, Azure Service Bus Host
TRACE method, HTTP Methods
tracing, Tracing–Implementing Tracing
transactions, Clients with Missions
transforming proxies, Types of Intermediaries
Transport Layer Security (TLS)
goals of, Transport Security
in ASP.NET Web API, Using TLS in ASP.NET Web API
subprotocols of, Transport Security
with IIS hosting, Using TLS with IIS Hosting
with self-hosting, Using TLS with Self-Hosting
Travis CI continuous integration service, The OAuth 2.0 Authorization Framework
troubleshooting (see testability)
trust stores, Public-Key Cryptography and Certificates
tunnels, Types of Intermediaries
TypeConverterModelBinder, The ModelBindingParameterBinder Implementation
typelessness, Feature: Creating Issues

U

unconstrained authorization, The OAuth 2.0 Authorization Framework
unit of work, Lifetime
unit tests
for ASP.NET Web APIs
ActionFilterAttribute, Unit Testing an ActionFilterAttribute
ApiController, Unit Testing an ASP.NET Web API Implementation
HttpMessageHandler, Unit Testing an HttpMessageHandler
MediaTypeFormatter, Unit Testing a MediaTypeFormatter
frameworks for, Unit Testing Frameworks
in Visual Studio, Getting Started with Unit Testing in Visual Studio
organization of, Unit Tests, Unit Tests
role in test-driven development (TDD), The Role of Unit Testing in Test-Driven Development
unit testing routes, Unit Testing Routes
with xUnit.NET, xUnit.NET
URI templates, ASP.NET Routing
UriPathExtensionMapping, The FormatterParameterBinder Implementation
URIs (uniform resource identifiers), URI
URLs (Universal Resource Locators)
design by URL, Item Resources
URL reservation/access control, URL Reservation and Access Control
versioning in, Versioning in the URL
vs. URNs, URI
URNs (Universal Resource Names), URI
user-client-server authorization model, The OAuth 2.0 Authorization Framework

V

validation, Validation
value providers, Value Providers
Valuescontroller class, ValuesController
vCards, Domain-Specific Media Types
versioning
benefits of avoiding, Versioning in the URL
breaking changes and, Why Not Just Version?
of media type identifiers, Versioning the media type
payload-based, Payload-based versioning
URL versioning, Versioning in the URL
version number coordination in clients, Handle all the versions
Visual Studio, unit testing in, Getting Started with Unit Testing in Visual Studio

W

W3C (World Wide Web Consortium) , Headers
waterfall approach, Why Evolvable?
WCF (Windows Communication Foundation)
architecture of, WCF Architecture
benefits of, Core Scenarios
channel stack creation, The HttpSelfHostServer Class
message channel configuration, The HttpSelfHostConfiguration Class
self-hosting and, Self-Hosting
Web APIs
API styles, API Styles–Conclusion
basics of, What Is a Web API?
core jobs of, Controllers and Routing
domain-specific media types, Domain-Specific Media Types
evolution of, Paying Attention to the Web
explosion of, The Web API Revolution Begins
guidelines for, Guidelines for Web APIs
media type profiles, Media Type Profiles
multiple representations, Multiple Representations
origins of, Origins of Web APIs
vs. SOAP web services, What About SOAP Web Services?, First-Class HTTP Programming, Why Evolvable?, Feature: Creating Issues
web clients (see client development)
web hosting
ASP.NET infrastructure, Web Hosting
application element, Applications
handler element, Handlers
module element, Modules
ASP.NET routing, ASP.NET Routing
basics of, Hosting
global configuration, Global Configuration
Web API ASP.NET handler, The Web API ASP.NET Handler
Web API routing, Web API Routing
Web Service Description Language (WSDL), What About SOAP Web Services?, Media Type Selection and Design, Feature: Creating Issues
WebApiConfig class, WebApiConfig
Windows Azure Blob Service, Token-Based Authentication
Windows Azure Service Bus, Azure Service Bus Host
Windows Azure Service Management REST API, Client Authentication
Windows Azure Storage services, Additional Authentication Schemes
Windows Identity Foundation, The Claims Model
workflow
defining with hypermedia, Workflow
in client applications, Application Workflow–Client State
REST-based vs. RPC-based, Workflow
World Wide Web
cool URIs, Cool URIs
core concepts of, Web Architecture, Hypermedia (RMM Level 3)
invention of, The Internet, the World Wide Web, and HTTP
media types, Media Type
representations, Representation
resources, Resource
typelessness of, Feature: Creating Issues
URIs, URI
wrapper libraries
basic appearance of, Wrapper Libraries
fundamental problems with, Wrapper Libraries
individual protocol states, Everyone has his or her own style
lack of hypermedia support in, Hypermedia hostile
lifetime scope, Lifetime
reliability issues, Reliability
response types, Response types

X

X.509 certificate specification, Using TLS with IIS Hosting, Server Authentication
XBehave.NET, Understanding the tests
XML serialization, Creating Message Content
XmlMediaTypeFormatter, The FormatterParameterBinder Implementation
xUnit.NET, unit testing with, xUnit.NET

Y

Yahoo’s Flickr API, Resources (RMM Level 1)

Get Designing Evolvable Web APIs with ASP.NET now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial