10

So I'm creating a new .Net Framework 4.8 Web API in Visual Studio 2019 and I'm wanting to know how to create the API as a windows service? I can't seem to find any examples or online resources to do so. I can run the API locally in VS and it opens Chrome and shows the responses under the local IIS Server it spins up. How do I take this same project and compile it as a windows service while still using HTTPS?

billybob
  • 2,859
  • 6
  • 35
  • 55
user616
  • 783
  • 4
  • 18
  • 44
  • If you're writing a brand new service, why use .NET Framework? Why not .NET Core (the more future proof option)? Web API lives on inside of ASP.NET Core MVC. – mason Nov 20 '19 at 18:52
  • Does this answer your question? [Problems Self-Hosting ASP.NET Web API in a Windows Service Application](https://stackoverflow.com/questions/11854232/problems-self-hosting-asp-net-web-api-in-a-windows-service-application) – Lex Li Nov 20 '19 at 21:00
  • I can't use core because I have dependencies on .net framework. – user616 Nov 22 '19 at 21:04

1 Answers1

9

Web API is fully capable of being self hosted on top of OWIN, and does not require IIS to run.

Web API self hosted is basically just a console app. So the techniques for turning a Web API console app into a Windows Service are the same as for any other .NET console app. You can use a service manager such as NSSM, or create a Windows service project directly (by inheriting from the appropriate classes, pretty messy) or use a library like TopShelf.

Note that it's generally not a good idea to directly expose this self hosted app directly to the public. IIS provides a lot of security benefits out of the box designed to protect against malicious requests. If you're planning to publicly expose it, make sure you stick a proxy in front of it that will fulfill those security needs.

mason
  • 31,774
  • 10
  • 77
  • 121
  • TopShelf take care of the security issues? Also is there a list of the potential security issues when self hosting with OWIN/TopShelf? – user616 Nov 20 '19 at 19:10
  • 3
    @user616 No, TopShelf is simply a library that converts a .NET console app into a Windows Service. It has nothing to do with security. You can research "IIS vs self host" if you want to find out security benefits of IIS. – mason Nov 20 '19 at 19:12
  • So im assuming i would create a new WebAPI project and changes the project output type to console app? – user616 Nov 20 '19 at 20:43
  • It'd probably be easier to create a new console app and then add Web API to it. – mason Nov 20 '19 at 21:02
  • Security issues like? – variable Jan 11 '22 at 18:23
  • @variable Please expand on your question, as I don't understand what you're asking. – mason Jan 11 '22 at 18:25
  • `IIS provides a lot of security benefits out of the box designed to protect against malicious requests`- what kind of security benefits please? – variable Jan 11 '22 at 18:28
  • @variable Honestly, that's something you can research yourself. Request rate limiting, certificates, rapid fail protection, etc. See [Why should I use a proxy server with Kestrel](https://stackoverflow.com/questions/47837048/why-should-i-use-a-proxy-server-with-kestrel) and [When to use a reverse proxy with Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/when-to-use-a-reverse-proxy?view=aspnetcore-6.0) – mason Jan 11 '22 at 18:36
  • Very information. Thanks. `Only the reverse proxy server requires an X.509 certificate, and that server can communicate with the app's servers on the internal network using plain HTTP.` - does this mean that https redirection can be configured on iis and so the httpsredirection configured in my .net apps startup file is useless? – variable Jan 11 '22 at 18:53
  • @variable It depends on whether your reverse proxy server supports that functionality or not. IIS supports it via the [IIS URL Rewrite Module](https://www.ssl.com/how-to/redirect-http-to-https-with-windows-iis-10/). – mason Jan 11 '22 at 19:05
  • Assuming I don't use that IIS url rewrite module, then will the .net core be able to handle httpsredirection by itself (since the startup file has got use httpsredirection)? – variable Jan 11 '22 at 19:11
  • @variable Yes, .NET Core can do anything it wants to the response, including issuing a redirect to tell the client to access the site at a different URL. – mason Jan 11 '22 at 19:14