18

First off, I apologise if this is a trivial question but I am getting so confused by the information I am reading. I have put off posting on here as I feel my question is too broad but I can't find a definitive answer. I am a C++ developer by trade but I am wanting to get into web development.

My end goal is to have a web API that is consumed by both a web app and mobile app. I want to get the structure nailed first by developing an web API and web app and then expand it to a mobile platform later on.

My aim is to have 4 separate sections - Database -> WebAPI -> Web App -> Mobile App all of which are protected with username/password etc.

I have decided to use ASP.NET Core but when creating an application I am given two options in visual studio - ASP.NET Core Application or Web API. I have tried creating a Web API and a separate Core Application but can't work out how to call the web API. I have also tried creating a Core Application as it seems like I should be able to do everything I want in one project but I am worried that the Web API won't be separated enough to be able to call from a mobile app.

I will be working with a database containing sensitive information so obviously want to protect access to the Web API and Web/Mobile app. I have been watching courses on Pluralsight about Identity but I have read that it doesn't work well with Web API's.

Basically I am getting extremely confused when in my mind my end goal should be relatively simple to achieve. If anyone could give me any pointers as to what technologies I need to use would be fantastic.

CraigWake
  • 307
  • 1
  • 3
  • 7

1 Answers1

13

ASP.NET Core WebAPI is specifically designed for building REST-ful services.

ASP.NET Core Application is used to create web applications that returns both views and data (it's an analog of Asp.NET MVC from standard Framework).

Which to choose is really depends on kind of WebApp you are going to use. If you plan to use some SPA framework, you don't need mechanisms to generate views on server side - WebAPI is a great choice, otherwise choose Application. Here you can find more details on differences.

As of security concern, there no issues with WebAPI. It provides a lot of mechanisms to secure your API and restrict access to methods based on user's identity. Please look at this article as an example.

Alex Riabov
  • 8,655
  • 5
  • 47
  • 48
  • Thanks for your reply. My aim is to host the web api through Azure. I have already got a domain for the web app and will be using Azure to host it but I imagine they will be on different servers so from what you are saying I should be creating a web api and then use an SPA framework for the web app? As the web api and view will sit on different severs. – CraigWake Jun 21 '18 at 10:41
  • @CraigWake actually you can host SPA in the same WebAPI. Here is [one of the articles](https://malcoded.com/posts/angular-backend-asp-core) how to do that – Alex Riabov Jun 21 '18 at 10:46