I am working on an enterprise application which has several modules.
I want to go with REST web service and JSF but i don't know What is best way to consume REST web service with JSF?
What is the best way to authenticate request for REST API web service?
Do we need to authenticate every client request before processing it?
Related
I have an API that runs on an Azure app service which is exposed through Azure API Management. Is there a way to tell if any requests are hitting the app service URL directly without going through the API Management service?
In my opinion, apim can't record those requests which hitting the app service url directly because these requests have no relationship with apim. If you want to record these requests, you need to modify the api in your code.
For example, you can add a parameter with a specific value in api management and when your code recieve this parameter, you can check the value to know if it comes from apim.
I assume that you want to prevent calling the app service url directly. So I suggest you adding White list on your server so that only apim request can visit your server.
For adding access restriction, if you're using azure app service, you can learn about this ms document.
I believe if you were to enabled Application Insights on both the API Management and APP Service you can view the requests on Application Insights for the APP Service to tell which ones were direct calls and which ones came from API Management.
Let's say, I have an enterprise application runs on Azure Web App Service. Among 100+ pages, I have 3-5 pages needs to be served real-time. to benefit from real-time capabilities of Azure SignalR Service, I want to make clients land on my SignalR application (which runs on RignalR Service). But I couldn't find any related example-article about it. How can I invoke a Hub method outside of the code? Any other approach to solve my problem is more than welcome. My main concern here is the performance of real-time pages.
If you have an ASP.NET Core SignalR Server (i.e. you have classes deriving from Hub in your application), you can't directly send messages to clients via the Azure SignalR Service. You'd have to provide an API in your ASP.NET Core application that does that.
Azure SignalR does also support a "serverless" mode in which you don't have a Hub on the server at all. In that model, clients connect directly to the service (instead of first connecting to your app) and then you can send messages to those clients using the REST API. This is a relatively new scenario so there isn't a lot of documentation. There are some blog posts and videos online on the subject, but not a lot of documentation.
If you already have an ASP.NET Core app, I'd suggest doing this by adding a REST API to your own application that allows other services in your application to send messages by calling this API. In the implementation of this API, you can use IHubContext<T> to send the messages.
When I have an ASP.NET web app with some API controllers that has a route /api for example, I can publish the app to Azure Web App and use the api by accessing someproject.azurewebsites.net/api/controller.
However, when I separate a web API part from the web app project, I have to publish the web API project to new domain like someapiproject.azurewebsites.net. I want to integrate the web API project to the web app just as I did with one combined project.
Is this possible?
If you want to combine multiple APIs, you should take a look at Azure API Management.
I doubt that you can publish multiple APIs into a single Web API since both requires a startup where you configure the host.
What you can do to cleanup your code is to outsource the controller into different assemblies and configure them in the middleware. Here is an example.
Martin Brandl's answer is spot on. But if you want to go the poor man's route, you can create a reverse proxy from your ASP.NET Web App and map app traffic from someproject.azurewebsites.net/apiV2 to someapiproject.azurewebsites.net. This is not a HTTP 30x redirect - the URL will not change for users hitting your /apiV2. I've personally used this approach because the Azure API Management service can get a little pricey. If you don't need the sexy features like throttling, this can be a good way to go.
I have a rest service that I need to use in a browser web application using a JS MVC client framework like Backbone or Angular. But I need to ensure that my rest services are not exposed or anyone else may not be able to use my rest service to build apps on any device/client. Earlier I thought of protecting my web service using authentication credentials and hiding it behind a proxy and let the proxy serve html instead of service.
But I would like to know how can I secure my web service if I have to use it directly from front-end using ajax calls.
I have a Windows Azure Mobile Service up and running, however, there is a need for that service to consume some data expose through an external SOAP service and store that information in the mobile service database.
I would like to set up a worker in the mobile service, so the calls to the external SOAP service are executed in a fixed period of time.
I've been looking for a solution to this problem, but haven't found anything yet. So any help that would get me in the right direction would be appreciated.
Unfortunately there isn't an easy way to talk to a SOAP service from your Mobile Service backend. The backend is based on Node.js, and even though there are some Node modules for talking to SOAP services, they are currently not supported in Mobile Services. We are working on a solution that will enable you to use any Node module in your service, but it is not out yet.
If you control the SOAP service and it is written using WCF, you may be able to easily add a REST endpoint to the service with just a few config changes and then consume it from your Mobile Service via plain HTTP requests by using the "request" module.