/api/v1/TodoItems
- root path for a collection of API endpoints implement a todo list app/api/v1/login
- login endpoint
Without logging in, the TodoItems
endpoint is inaccessible:
$ curl --insecure -v https://localhost:5001/api/v1/TodoItems
...
> GET /api/v1/TodoItems HTTP/2
> Host: localhost:5001
> User-Agent: curl/7.58.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 401
< date: Tue, 10 Nov 2020 02:35:08 GMT
< server: Kestrel
< content-length: 0
<
* Connection #0 to host localhost left intact
Now, login:
$ curl --insecure -X POST https://localhost:5001/api/v1/login -H "Content-Type: application/json" -d '{ "UserName": "admin", "Password": "nimda" }' --cookie-jar cookie-jar.txt
You can examine cookie-jar.txt
to see the cookie that was set as a result of logging in.
Now we can use the cookie to access the todo list:
$ curl --insecure https://localhost:5001/api/v1/TodoItems --cookie cookie-jar.txt
[{"id":1,"entry":"a4wsw","isComplete":false},{"id":2,"entry":"get on up anddance","isComplete":true},{"id":3,"entry":"woof","isComplete":true}]
dotnet new webapi -o TodoMysqlApi
cd TodoMysqlApi
dotnet new gitignore
git init
git add .
git commit -m "Add template"
Then add:
- Models/{TodoItem, TodoContext}
- DTOs/TodoItemDTO
- Controllers/TodoItemsController
These come from the "Create a web API" tutorial on Microsoft's website.
Add Pomelo.EntityFrameworkCore.MySql
as a dependency and add call to services.AddDbContextPool
in Startup.cs (per the Pomelo docs). Also add a connection string in appsettings.json.
Now build and run the app (dotnet run
). We can subsequently access API endpoints:
$ curl --insecure -X GET https://localhost:5001/api/TodoItems
[]
$ curl --insecure -X POST https://localhost:5001/api/TodoItems -H "Content-Type: application/json" -d '{"name": "mow the lawn", "isComplete": true }'
{"id":1,"name":"mow the lawn","isComplete":true}
$ curl --insecure -X GET https://localhost:5001/api/TodoItems
[{"id":1,"name":"mow the lawn","isComplete":true}]
If you uncomment the [Authorize]
attribute in TodoItemsController.cs, you will need to pass in valid user credentials. You can add -u test:test
to do this (credentials are hardcoded into UserService.cs).
This implements basic auth. In later commits I added:
- DB-backed basic auth
- cookie-based auth