Here we can see web api and MVC are almost similar only HTML Helpers is different thing.

MVC + Web API + Web Pages = Aspnet Core MVC

Aspnet core apps are just console app as we can see program.cs in it.

Create new aspnet core Web api project without authentication.

Run the application you can access valuesController’s methods from browser.

There are multiple methods you can see out of which there is a mthod which accepts id as int.

You can see if you pass /api/values/12 it works (says: values 12) but if you pass /api/Values/abc it again works (values 0) so it actually returns default value when you pass wrong data type from router. To control this you need to add little configuration in your Decorator from HttpGet({id}) to HttpGet(“id:int”}), now if you again make api call with url /api/values/abc it will return 404 means not found only because of data type.

install nuget package : swashbuckle then goto ConfigureService() and add services.AddSwaggerGen() and then in Configure Function type app.UseSwaggerGen() & app.UseSwaggerUI()

if you want to configure you api to return xml you can go in ConfigureServices() method and type in


now it will return xml as well


in aspnet Core web api we have

[Route(“api/[controller]”)] this is new thing and we call ‘[controller]’ a route token if we change from values to todos it will not work

previously we were giving a hardcoded decorations in web api saying “api/values” and in case of changing name of controller to anythingController

the url /api/values was working

but now in aspnet core we have made it generic, the Rout Token[controller] is added which will not allow access to controller if its name is changed. Lets change our controller

name to somethingController. so when the decoration is like [Route(“api/[controller]”)]   /api/values will not work anymore you have to specify /api/something to access methods.


In This decoration we can specify the value to be returned like [Produces(typeof(MyClass))]

So now it will return MyClass as json in response. We can also specify if we need to return xml in response. All we need to do is to configure in our ConfigureServices as services.AddMvc().AddXmlDataContractSerializerFormatters();

We can also restrict our method to return only json by using decorations.

[Produces(“application/json”, Type = typeof(MyClass)]. Now it will return only json for MyClass class.


If you want to say for requests I only support only json content Type then you can specify this too in decoration [Consumes(“application/json”)]

Model Validation:

In aspnet core we have built in support for model validation, if you donot pass a valid model it should give 400 bad client.



Return BadRequest(ModelState);



We need to put a decoration on our controller class [Authorize] it will tell if some claims and principles are satisfied then you can access this controller only.

Firs of all get the nuget package JwtBearer  as we are going to implement bearet token mehtod with OAuth2.

As it is middleware so configure it to our middleware  i.e. configure method.


Now there are bunch of parameters to pass like what type of the audience, what token source should be actually used? What authority should be used for this app.

Configuration(IAppBuilder app)



The “Configuration” method accepts parameter of type “IAppBuilder” this parameter will be supplied by the host at run-time. This “app” parameter is an interface which will be used to compose the application for our Owin server.

Stormpath Tutorial:

Anatomy of a Token

The JSON Web Token, or JWT, is the token solution that we recommend and use at Stormpath. A JWT is a compact, URL-safe, encryptable JSON object that is rapidly becoming the standard for token implementation across the web. A JWT looks like any other ugly string but is separated into three sections by periods.

The first section, or header, describes the contents of the token. The second section, or payload (sometimes called “claims”), contains the identification data, authorization claims, and expiration time, as well as any custom data you choose to encode. The final section is the signature, a hash that cryptographically verifies the validity of the token.

This is a Base64 encoded string in Stormpath’s own

Localization and globalization with Core. core comes with support for localization and globalization.

I was supposed to implement ip based redirection on core website with front-end in reactjs.