azure - Best Practice: Calling separate Web-API Service from Single Page Application (SPA) -


hy all

we discussing around architecture of following scenario:

  • single page application (javascript driven html5 application asp.net webapi)
  • separate rest service (webapi only) businesslogic, dal, database-connectivity
  • security on azure ad (adal)

what the way call rest-service single page application?

at moment seeing possibilities:

1) calling rest-service directly client (browser) via cors:

client (browser) -> rest-service

...like in example: https://github.com/azureadsamples/singlepageapp-webapi-angularjs-dotnet

2) calling webapi-service single page application, calls rest-service:

client (browser) -> webapi spa -> rest-service

for first variant, see security questions. save this? if rest-service in internal network , spa in dmz?

for second variant, best practices here? because need our controllers:

spa controller example:

//get /api/models public iqueryable<model> get() {    // create httpclient instance    var resp = client.getasync("http://localhost:9472/api/models").result;             var result = resp.content.readasasync<ilist<model>>().result.asqueryable();    return result; }

rest-service (localhost:9472) controller example: 

//get /api/models public iqueryable<model> get(){    return _repository.getallmodels(); }

-> right way it?

thanks help!

kind regards, peter

i have finished large enterprise style spa using, nearly, architecture describe in option 1.

generally speaking keep things simple. more points of failure introduce increased risk in terms of maintenance, uptime, scalability etc. if don't need proxy service don't introduce sake of - service no less secure.

can explain security concerns option 1, , can alleviate them you?

-- edit --

i see point on spa being within dmz , restful service being internal, spa able call restful service require way expose outside world. depending on security have in place, case of moving dmz otherwise going need proxy in-between outside world , internal rest service.


Comments

Post a Comment

Popular posts from this blog

javascript - AngularJS custom datepicker directive -

i make custom datepicker directive custom template. but have no idea how start building it... how include date data directive? i appreciate guide or give me advice work on more precisely. it might you! follow below steps html code sample: <label>birth date</label> <input type="text" ng-model="birthdate" date-options="dateoptions" custom-datepicker/> <hr/> <pre>birthdate = {{birthdate}}</pre> <script type="text/ng-template" id="custom-datepicker.html"> <div class="enhanced-datepicker"> <div class="proxied-field-wrap"> <input type="text" ui-date-format="yy-mm-dd" ng-model="ngmodel" ui-date="dateoptions"/> </div> <label> <button class="btn" type="button"><i class="icon-calendar"></i>
Read more

javascript - jQuery date picker - Disable dates after the selection from the first date picker -

<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>jquery ui datepicker - default functionality</title> <link rel="stylesheet" href="//code.jquery.com/ui/1.11.4/themes/smoothness/jquery-ui.css"> <script src="//code.jquery.com/jquery-1.10.2.js"></script> <script src="//code.jquery.com/ui/1.11.4/jquery-ui.js"></script> <link rel="stylesheet" href="/resources/demos/style.css"> <script> $(function () { $("#datepicker1").datepicker(); }); </script> <script> $(function () { $("#datepicker2").datepicker(); }); </script> </head> <body> <p>date 1: <input type="text" id="datepicker1"></p> <p>date 2: <input type="t
Read more