today I read a lot about ASP.net Web API. Do I understand it right, that if I need a WebService that only needs HTTP as transport, I can go for ASP.net API and don't need WCF? So far it looks as if Web API is much easier to use than WCF.
Best Thomas
Add a comment
|
1 Answer
The answer to your question is basically yes. If you a) just want to use HTTP, b) want your content returned as XML or JSON, c) want to use a RESTful API and d) don't need any advanced messaging functionality, then web API is your best bet. As you point out, it is much easier to use than WCF.
When you create a web service you have two basic option: a SOAP-based service or a RESTful API. If you are using a SOAP-based service you should use WCF. If you are using a RESTful service you should use the Web API. You can see this blog posting for further discussion about this: http://blogs.microsoft.co.il/blogs/idof/archive/2012/03/05/wcf-or-asp-net-web-apis-my-two-cents-on-the-subject.aspx
As an aside, whether you choose SOAP or REST depends upon the details of your situation. Some general guidelines are as follows:
Factors that favor SOAP service:
- You are only consumer of service, or there are limited universe of consumers
- Advanced functionality such as transactions, WS-Security, reliable messaging, etc., are required
- Service must be exposed over other transports besides HTTP, such as TCP, MSMQ, named pipes, etc.
- Functionality to be exposed does not easily map to CRUD operations on entities or collections
- You need support for strong-typing of complex types
- Network bandwidth issues not a problem
Factors that favor RESTful service:
- Service must be consumed by a large number of clients (i.e. the internet)
- Advanced functionality such as transactions, WS-Security, reliable messaging, etc., NOT required
- Acceptable for service to be exposed only via HTTP
- Functionality easily maps to CRUD operations on entities or collections
- You need support for other media types such as JSON or YAML
- Network bandwidth issues a consideration
Edit: In response to your comment, if you use WCF/SOAP, you get to use the wide range of functionality that is supported by SOAP. This includes things like transactions, reliable messaging, various messaging patterns (one-way, duplex, etc) and WS-Security. These standards are maintained by the OASIS standard body and are commonly referred to as WS-*. A list of the WS-* standards can be found here.
If you are using Web API/REST, you cannot use any of the WS-* functionality. However, it is still possible to authenticate and authorize access to RESTful services using standard authentication techniques available in IIS and ASP.Net. For more information on this, see the following links:
http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/
http://stevescodingblog.co.uk/basic-authentication-with-asp-net-webapi/
and some of these blog postings.
3 Comments
Thomas
You write that REST lacks WS-Security. How much does this impact the goal to implement an API with Authentication/Authorization?
Joe Alfano
I added some information to my post based on your comment. If you are using Web API/REST, you cannot use any WS-* functionality, since that is specific to SOAP. However, you can authenticate and authorize Web API services using other techniques available in IIS/ASP.Net
Thomas
Thanks a lot, very helpful. I think for my application Web API will be sufficient, and at the same time, as our application will have heavy traffic, I think Web AIP will better perform.