Exmaple web app with WebAPI, Owin and middlewares, e.g. OWIN Basic Authentication
-
HeaderFilterMiddleware - requires an configured HTTP header (e.g.
X-my-sample-header) to be preset in every request configured inStartup -> app.UseHeaderFiltering(...).Configuration in
web.configAppSettings["TokenHeaderName"]: the required header name AppSettings["TokenHeaderValue"]: the required header's value AppSettings["TokenHeaderFilteringEnabled"]: enable/disable header filtering. You can disable it for debug and enable for release. -
IpFilterMiddleware - disabled, configured in
Startup -> app.UseIpFiltering(...)
- BasicAuthenticationMiddleware -
A resource that is protected by basic authentication -
[Authorize]attribute - requires incoming requests to include the Authorization HTTP header using the basic scheme. This scheme uses a base64 encoded username and password separated by a colon (base64 encoding is used to avoid characters that would cause issues when sent over HTTP). OWIN Basic Authentication
Plain text
Authorization: Basic username:password
Encoded
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
Configuration in web.config
AppSettings["ApiUserName"]: user name for authentication
AppSettings["ApiPassword"]: password for authentication
Example of using correct HTTP method in API:
GET- get single or allPOST- create or create lazy. ReturnLocationheader with URL to newly created object (status code: 201 Created) or where the object will be created when cannot be created immediatelly - the lazy option (status code: 202 Accepted) withLocationheaderPUT- update an objectPATCH- update only one propertyHEAD- check if an object exists without returing dataDELETE- delete an object
Database used is LiteDB - Embedded NoSQL database for .NET, stored in a single file.
The database is initially setup in DatabaseSetup.cs