Summary: This document provides information about the extension providing ASP.NET Web API support for C#.
Extension ID
com.castsoftware.dotnetweb
What's new?
See: ASP.NET Web API Framework and Security Rules - 1.4 - Release Notes for more information.
Description
This extension provides support for ASP.NET Web API. This extension will create links between server side APIs and client calls for HttpGet, httpPut, HttpPost, and HttpDelete methods.
In what situation should you install this extension?
CAST recommends that this extension is installed whenever you are analyzing a .NET application. When using CAST AIP Console, the extension is automatically installed whenever a .NET application is delivered.
ASP.NET Web API support
The following frameworks are supported by this extension:
Version | Supported |
---|---|
Web API 2 | |
ASP.NET Core Web API | |
ASHX / ASMX (see below) |
Files analyzed
Icons | File | Extension | Note |
---|---|---|---|
- | C# | *.cs | |
.NET Razor | *.cshtml | ||
VB.NET | *.vb | ||
- | JSON | *.json, *.jsonld | |
ASPX | *.aspx | ||
- | XML | *.xml | |
- | Configuration | web.config, appsettings.json | This extension broadcasts an XML parser for others extensions to analyze web.config files. |
- Function Points (transactions): a green tick indicates that OMG Function Point counting and Transaction Risk Index are supported
- Quality and Sizing: a green tick indicates that CAST can measure size and that a minimum set of Quality Rules exist
Function Points (transactions) | Quality and Sizing |
---|---|
CAST AIP release | Supported | Languages |
---|---|---|
8.3.x | C# |
Supported DBMS servers
This extension is compatible with the following DBMS servers:
DBMS | Supported |
---|---|
CSS/PostgreSQL |
Prerequisites
An installation of any compatible release of AIP Core (see table above) |
Download and installation instructions
A specific version of the ASP.NET Web API Framework extension is shipped with AIP Core. However, this release may not be the release you want to use, therefore you should check before beginning the analysis that the correct extension release is being used. You can see the list of shipped extensions for each release of AIP Core here: Technology coverage changes in CAST AIP 8.3.x.
If you need to change the release use the Included interface in AIP Console:
CAST Transaction Configuration Center (TCC) configuration
If you are using the extension with CAST AIP ≥ 8.3.x, a set of ASP.NET WebAPI specific items are now automatically imported when the extension is installed. These items will be available in the CAST Transaction Configuration Center (click to enlarge):
Packaging, delivering and analyzing your source code
Once the extension is installed, no further configuration changes are required before you can package your source code and run an analysis. The process of packaging, delivering and analyzing your source code does not change in any way:
- Package and deliver your .NET application (that includes source code which uses ASP.NET Web API) in the exact same way as you always have.
- Analyze your delivered .NET application source code in the CAST Management Studio in the exact same way as you always have - the source code which uses ASP.NET Web API will be detected and handled correctly.
By default, (i.e. out of the box without the ASP.NET Web API extension installed) ASP.NET Web API object types are automatically “captured” by a default configuration provided by the HTML5/JavaScript extension (“Standard Entry Point - HTML5 AspDotNet”). After installation of the ASP.NET WebAPI extension you will find that the "Standard Entry Point - HTML5 AspDotNet" set no longer captures any objects. Instead the ASP.NET objects will be captured by the "Standard Entry Point - Dotnet AspDotNet" set provided in the ASP.NET WebAPI extension.
Therefore you need to update TCC configuration if you are using the "Standard Entry Point - HTML5 AspDotNet" configuration in your sets and layers.
What results can you expect?
Once the analysis/snapshot generation has completed, you can view the results in the normal manner. The following objects and links will be displayed in CAST Enlighten:
Objects
All objects are represented under the Class browser folders in CAST Enlighten:
Icon | Description |
---|---|
DotNet Get Operation | |
DotNet Delete Operation | |
DotNet Post Operation | |
DotNet Put Operation | |
DotNet Patch Operation | |
DotNet Any Operation | |
DotNet Controller Action |
Links
A DotNet Controller Action is created for each controller method, and a call link is created from this action to the method:
These controller actions may be directly called from clients through HTML5 Razor method calls present in cshtml files:
<td> @Html.ActionLink("Details", "Details", new { id = item.DepartmentID }) </td>
One or more DotNet operations are created for one DotNet Controller Action, because the DotNet Server may be called by other clients than Razor clients. From HTML files or sections of HTML in .cshtml files:
<div href="Department/Details">
Controller actions are therefore always present in transactions, but operations are present only for purely HTMLclients (not clients using razor). As the same controller action may be called for several types of HTML5 resource services, and even several types of URLs (e.g: department/details, department/details/{}, ...), operations which are not called from a client are deleted at the end of analysis. In many cases clients are written in razor, as such it would not be a ideal to keep all operations as it would produce false transactions.
ASHX/ASMX support
WebHandle/ProcessRequest
In ashx/asmx file:
<%@ WebHandler Language="C#" class="PREFIX.TaxServerInfo" %>
In IISHandler1.vb:
Imports System.Web Public Class IISHandler1 Implements IHttpHandler Public Sub ProcessRequest(ByVal context As HttpContext) Implements IHttpHandler.ProcessRequest ' Write your handler implementation here. End Sub End Class
Will create an operation:
WebService/WebMethod
In asmx file:
<%@ WebService Language="vb" CodeBehind="WebService1.asmx.vb" class="WebApplication1.WebService1" %>
In vb file:
Imports System.Web.Services Imports System.Web.Services.Protocols Imports System.ComponentModel ' To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line. ' <System.Web.Script.Services.ScriptService()> _ <System.Web.Services.WebService(Namespace:="http://tempuri.org/")> _ <System.Web.Services.WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _ <ToolboxItem(False)> _ Public Class WebService1 Inherits System.Web.Services.WebService <WebMethod()> _ Public Function HelloWorld() As String Return "Hello World" End Function End Class
Will create an operation for each WebMethod annotated methods:
Rules
Limitations
- URLs present in annotations, which are in a variable, are not supported.