.NET Core API

Cookie authentication---AccountController.cs

<!-- We get redirected to this page when trying to access some [Authorize] controller element
	I think Login page name is default.
 -->

@model ConfArch.Web.Models.LoginModel

<div class="login-page">
    <div class="page-header">
        <h1>Login</h1>
    </div>

    <div class="row">
        <div class="col-sm-6">
            <div class="panel panel-default">
                <div class="panel-heading">
                    <h3 class="panel-title">Please enter your credentials</h3>
                </div>
                <div class="panel-body">

                    <form asp-route="Login">
                        <input type="hidden" asp-for="ReturnUrl" />

                        <fieldset>
                            <div class="form-group">
                                <label asp-for="Username"></label>
                                <input class="form-control" placeholder="Username" asp-for="Username" autofocus>
                            </div>
                            <div class="form-group">
                                <label asp-for="Password"></label>
                                <input type="password" class="form-control" placeholder="Password" asp-for="Password" autocomplete="off">
                            </div>
                            <div class="form-group login-remember">
                                <label asp-for="RememberLogin">
                                    <input asp-for="RememberLogin">
                                    <strong>Remember Me</strong>
                                </label>
                            </div>
                            <div class="form-group">
                                <button class="btn btn-primary">Login</button>
                            </div>
                        </fieldset>
                    </form>
                </div>
            </div>
        </div>
        <div class="col-sm-4">
            <p>Or login with an account you already have:</p>
            <a class="btn btn-primary" asp-action="LoginWithGoogle" 
               asp-route-returnUrl="@Model.ReturnUrl">Login with Google</a>
        </div>
    </div>
</div>

Cookie authentication---HomeController.cs

// WITH THIS DECORATOR WE MAKE SURE THAT USER WILL ONLY BE ABLE
// TO USE THIS CONTROLLER IF HE IS AUTHORIZED!
[Authorize]	// checks default scheme
// [Authorize(SchemaName)]	-	 can also specify name if we used another than default one		
public class HomeController : Controller
{
	private readonly IHomeRepository _homeRepo;

	public HomeController(IHomeRepository homeRepo)
	{
		_homeRepo = homeRepo;
	}

	[Authorize]	// can be also used on individual actions!
	public async Task<IActionResult> Index(int homeId)
	{
		var home = await Repo.GetById(homeId);
		return home;
	}
}

// allowing anonymous access

[AllowAnonymous]	// no authorization required with this decorator
public class WorkController : Controller
{
	private readonly IWorkRepository _workRepo;

	public HomeController(IWorkRepository workRepo)
	{
		_workRepo = workRepo;
	}

	[AllowAnonymous]	// can be also used on individual actions!
	public async Task<IActionResult> Index(int workId)
	{
		var work = await workRepo.GetById(Id);
		return work;
	}
}

Cookie authentication---IUserRepository.cs

public interface IUserRepository
{
    User GetByUsernameAndPassword(string username, string password);
    User GetByGoogleId(string googleId);
}

Cookie authentication---Login.cshtml

<!-- We get redirected to this page when trying to access some [Authorize] controller element
	I think Login page name is default.
 -->

@model ConfArch.Web.Models.LoginModel

<div class="login-page">
    <div class="page-header">
        <h1>Login</h1>
    </div>

    <div class="row">
        <div class="col-sm-6">
            <div class="panel panel-default">
                <div class="panel-heading">
                    <h3 class="panel-title">Please enter your credentials</h3>
                </div>
                <div class="panel-body">

                    <form asp-route="Login">
                        <input type="hidden" asp-for="ReturnUrl" />

                        <fieldset>
                            <div class="form-group">
                                <label asp-for="Username"></label>
                                <input class="form-control" placeholder="Username" asp-for="Username" autofocus>
                            </div>
                            <div class="form-group">
                                <label asp-for="Password"></label>
                                <input type="password" class="form-control" placeholder="Password" asp-for="Password" autocomplete="off">
                            </div>
                            <div class="form-group login-remember">
                                <label asp-for="RememberLogin">
                                    <input asp-for="RememberLogin">
                                    <strong>Remember Me</strong>
                                </label>
                            </div>
                            <div class="form-group">
                                <button class="btn btn-primary">Login</button>
                            </div>
                        </fieldset>
                    </form>
                </div>
            </div>
        </div>
        <div class="col-sm-4">
            <p>Or login with an account you already have:</p>
            <a class="btn btn-primary" asp-action="LoginWithGoogle" 
               asp-route-returnUrl="@Model.ReturnUrl">Login with Google</a>
        </div>
    </div>
</div>

Cookie authentication---LoginModel.cs

public class LoginModel
{
    public string Username { get; set; }
    public string Password { get; set; }
    public bool RememberLogin { get; set; }
    public string ReturnUrl { get; set; }
}

Cookie authentication---Startup.cs

public Startup()
{
	public void ConfigureServices(IServiceCollection services)
	{
		// this line makes sure that every controller will demand authorization from user
		// we can set it up manually if we only want some controllers / methods to use it
		services.AddControllersWithViews(o => o.Filters.Add(new AuthorizeFilter()));

		...
		// If we don't specify scheme name, 'Cookies' will be used.
		services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
			.AddCookie("SchemeName");

		// alternative with changed login path
		services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
			.AddCookie(o => o.LoginPath = "account/signin");
		...
	}


	public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
	{
		...
		app.UseRouting();
		app.UseAuthentication(); 	// ONLY LINE WE ADD
		app.UseAuthorization();
		// ORDER IS IMPORTANT WHEN USING AUTHORIZATION AND AUTHENTICATION
		// we should put it before UseEndpoints, because if we put if we put it after it
		// then authentication will happen after the request!!

		...
	}
}

Cookie authentication---User.cs

public class User
{
	public int Id { get; set; }
    public string Name { get; set; }
    public string Password { get; set; }
    public string FavoriteColor { get; set; }
    public string Role { get; set; }
    public string GoogleId { get; set; }
}

Cookie authentication---UserRepository.cs

public class UserRepository : IUserRepository
{
	// list of available users
    private List<User> users = new List<User>
    {
		// we define only one for testing
        new User { Id = 3522, Name = "roland", Password = "K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=",
            FavoriteColor = "blue", Role = "Admin", GoogleId = "101517359495305583936" }
    };

	// method for checking if user exists on user list with username/password check
    public User GetByUsernameAndPassword(string username, string password)
    {
        var user = users.SingleOrDefault(u => u.Name == username &&
            u.Password == password.Sha256());
        return user;
    }

    public User GetByGoogleId(string googleId)
    {
        var user = users.SingleOrDefault(u => u.GoogleId == googleId);
        return user;
    }
}

Error Handling---customValidationAttributes.cs

We can create custom validation attributes which will be applied to properties by creating classes in ValidationAttributes folder.

public class CourseTitleMustBeDifferentFromDescriptionAttribute : ValidationAttribute
{
	protected override ValidationResult IsValid(object value, ValidationContext validationContext)
	{
		// return base.IsValid(value, validationContext);
		var ex = (ExampleDTO)validationContext.ObjectInstance;

		if (ex.FirstName == ex.LastName)
		{
			return new ValidationResult(
			"The provided first name should be different from last name.",
			new[] {"ExampleDTO"}); 
		}
		return ValidationResult.Success;
	}
}

// it still will not occour if controller level validation fails

Error Handling---errorMessagesProperties.cs

We can set custom error method in decorator itself.

[Required(ErrorMessage = "LOL TESTING")]
public string FirstName { get; set; }

public class CourseTitleMustBeDifferentFromDescriptionAttribute : ValidationAttribute
{
	protected override ValidationResult IsValid(object value, ValidationContext validationContext)
	{
		// return base.IsValid(value, validationContext);
		var ex = (ExampleDTO)validationContext.ObjectInstance;

		if (ex.FirstName == ex.LastName)
		{
			return new ValidationResult(
			ErrorMessage,
			new[] {nameof(ExampleDTO)}); 
		}
		return ValidationResult.Success;
	}
}

Error Handling---validationErrors.cs

For defining validation rules we can use:
a) Data Annotations
b) IValidatableObject 

We should validate input, not output

We should use separate DTOs for separate operations.

For checking validation rules we use ModelState, which:
a) it is a dictionary containing both the state of the model and model binding validation (one for each property)
b) it contains a collection of error messages for each property value submitted
There is a method called ModelState.IsValid which checks these rules, if one of them doesn't check out, valid state will be false.

When validation error happens we should return 422 Unprocessable entity error, which means that server understands the content type of the request entity
and the syntax of entity is correct but it wasn't able to process it (the semantics could be off for example).

Response body should contain validation errors.

When a controller is annotated with the ApiController attribute it will automatically return a 400 BadRequest on validation errors.

Data annotations are limited.

public class ExampleDTO
{
	[Required]
	[MaxLength(100)]
	public int Id { get; set; }

	[Required]
	[MinLength(5)]
	public string FirstName { get; set; }

	[Required]
	[MaxLength(100)]
	public string LastName { get; set; }
}

If we would like to ensure that FirstName and LastName have different values from each other then we would need to write a custom rule.
That's where IValidatableObject comes in!!

It is an interface that our class DTO can implement.

// class level validation
public class ExampleDTO : IValidatableObject
{

	[Required]
	[MaxLength(100)]
	public int Id { get; set; }

	[Required]
	[MinLength(5)]
	public string FirstName { get; set; }

	[Required]
	[MaxLength(100)]
	public string LastName { get; set; }

	// New method to implement!
	public IEnumerable<ValidationResult> Valdiate(ValidationContext validationContext)
	{
		 if (FirstName == LastName)
		 {
		 	yield return new ValidationResult(
			"The provided first name should be different from last name.",
			new[] {"ExampleDTO"}); 
		 }
	}
}

Customly defined validation rules aren't executed when any of the data annotations already resulted in the object being invalid.

Versioning---addingVersioningToProject.cs

1. Install Microsoft.AspNetCore.Mvc.Versioning


// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
	...
	// basic
	services.AddApiVersioning();

	// advanced
	services.AddApiVersioning(opt => 
	{
		opt.DefaultApiVersion = new ApiVersion(1,1);
		opt.AssumeDefaultVersionWhenUnspecified = true;
		opt.ReportApiVersions = true;
		
		// parameter name!
		opt.ApiVersionReader = new QueryStringApiVersionReader("ver");
	
	services.AddMvc(opt => opt.EnableEndpointRouting = false)
	.SetCompabilityVersion(CompabilityVersion.Version_2_2);
}

// 1.0 is a default version
http://localhost:5001/api/events/all?api-version=1.0

// applying version to controller

[ApiVersion("1.0")]
[ApiVersion("1.1")]
public class XController : Controller
{
	[MapToApiVersion("1.0")]
	public async Task<ActionResult<CampModel>> Get(string moniker)
	{

	}
}

Versioning---headerVersioning.cs

// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
	...
	// basic
	services.AddApiVersioning();

	// advanced
	services.AddApiVersioning(opt => 
	{
		opt.DefaultApiVersion = new ApiVersion(1,1);
		opt.AssumeDefaultVersionWhenUnspecified = true;
		opt.ReportApiVersions = true;

		// this changed!
		// instead of parameter we will expect header now
		opt.ApiVersionReader = new HeaderApiVersionReader("X-Version");
	
	services.AddMvc(opt => opt.EnableEndpointRouting = false)
	.SetCompabilityVersion(CompabilityVersion.Version_2_2);
}

Versioning---multipleVersioningMethods.cs

// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
	...
	// basic
	services.AddApiVersioning();

	// advanced
	services.AddApiVersioning(opt => 
	{
		opt.DefaultApiVersion = new ApiVersion(1,1);
		opt.AssumeDefaultVersionWhenUnspecified = true;
		opt.ReportApiVersions = true;

		// get paramters and headers for specifying api version
		// that the user wants to use
		opt.ApiVersionReader = new ApiVersionReader.Combine(
		new HeaderApiVersionReader("X-Version"),
		new QueryStringApiVersionReader("ver));
	
	services.AddMvc(opt => opt.EnableEndpointRouting = false)
	.SetCompabilityVersion(CompabilityVersion.Version_2_2);
}

// even with multiple options you shouldnt use all of the
// available options, select one of them!

Versioning---urlVersioning.cs

// http://localhost/v1/api/camps
// There is no optionality here
// hard to change in apps

// Startup.cs
public void ConfigureServices(IServiceCollection services)
{
	...
	// basic
	services.AddApiVersioning();

	// advanced
	services.AddApiVersioning(opt =>
	{
		opt.DefaultApiVersion = new ApiVersion(1,1);
		opt.ReportApiVersions = true;
		opt.ApiVersionReader = new UrlSegmentApiVersionReader();

	services.AddMvc(opt => opt.EnableEndpointRouting = false)
	.SetCompabilityVersion(CompabilityVersion.Version_2_2);
}

// deriving api version from url
[Route("api/v{version:apiVersion}/[controller]")]
[ApiVersion("1.0")]
[ApiVersion("1.1")]
public class XController : Controller
{
	[MapToApiVersion("1.0")]
	public async Task<ActionResult<CampModel>> Get(string moniker)
	{

	}
}

Versioning---versioningConventions.cs

private async void Search_Click(object sender, RoutedEventArgs e)
{
	...
	
	// By using Task.Run we can execute code that is not asynchronous-friendly
	// on different thread so it wont block our main UI for example.
	await Task.Run(() =>
	{
		var lines = File.ReadAllLines(@"path");

		var data = new List<StockPrices>();

		foreach (var line in lines.Skip(1))...

		// different thread that we need to communicate in
		// that's where dispatcher comes in, it lets us communicate with our UI
		Dispatcher.Invoke(() =>
		{
			Stocks.ItemSource = data.Where(price => price.Ticker == Ticker.Text);
		});
	});

	...
}