将api资源静默移动到另一个URL [英] Silently move api resources to another url

问题描述

我已经用WepApi 2与主网站紧密结合编写了api。
我决定将它与另一个网络应用程序分离，以使事情更加孤立。

I've got api written with WepApi 2 tightly coupled with main web site. I've decided to decouple it to another web app to keep things more isolated.

我已按照以下步骤操作：

I've followed such steps:

1. 将所有API控制器解压缩到另一个项目



2. 创建属性，将当前使用旧网址的所有用户重定向到新网址。出于这些原因，我使用了 307状态代码因为我们应该保留用户请求的动词和请求有效载荷。

1. Extract all the API controllers to another project

2. Creat attribute to redirect all the users currently using our old URL to the new one. For such reasons I've used 307 status code because we should keep user's request's verb and request payload.

    var response = request.CreateResponse(HttpStatusCode.TemporaryRedirect); //307
    response.Headers.Location = new Uri($"{appConfig.ApiAppDomain}" + "/" + request.RequestUri.AbsolutePath + request.RequestUri.Query);
    return response;

一般来说它很好用。客户端获得307然后跟随位置标题中的URL。

In common it works nice. Client got 307 and then follows to the URL in Location header.

问题在于：主要的Web应用程序是 https ，新的api是 http 。当我使用邮递员时，它表现得很奇怪，并且用 GET 请求替换 POST 请求，同时请求所有请求的正文剪切。一点也不好奇怪，因为 307 不允许更改方法和有效负载。

The problem is here: the main web app is https and the new api is http. When I'm using postman it behave strange and do replace the POST request with GET request with all request's body cutting. Not good at all and strange because 307 doesn't allow to change the method and the payload.

所以这里有几个问题：

1. 什么是最好的方法处理这个https - > http重定向？


2. 它是否是一个好的解决方案？


3. 将用户静默移动到新api url的最佳解决方案是什么？

推荐答案

302,301等重定向只是GET请求。但从技术上讲，浏览器可以发出POST请求。更多细节这里。但是，重定向不会对每个请求进行不必要的往返，这不是一个好主意。也可能导致其他问题像跨域调用（如果您正在进行Ajax REST API调用或浏览器将验证所有资源仅从https加载（混合内容警告）

302,301 etc Redirects for that matter will be GET requests only .However for 307 technically the browser can make a POST request .More details here .But it is not a good idea to have a redirect which will make unnecessary round trips for every request.Also it may cause other issues like cross domain calls(If you are making Ajax REST API call or browsers will verify all the resources are loaded from https only(Mixed content warning)

什么是处理这个https的最佳方法 - > http重定向？

What is the best way to handle this https -> http redirection?

我们不应该重定向，因为它c导致很多问题，正如我上面解释的那样

we should not do redirection as it can cause many issues as I was explaining above

它是否是一个好的解决方案？

Whether it is good solution at all or not?

在这种情况下，重定向不是一个好的解决方案。

Redirection is not a good solution in this scenario.

将用户静默移动到新api url的最佳解决方案是什么？

What is the best solution to silently move our users to new api url?

此方案中的最佳解决方案意见是建立一个透明的代理，它也将执行https卸载。这也将在您的客户端进行零更改。这是我们如何设置它。

The best solution in this scenario in my opinion is to setup a transparent proxy which will do https offloading as well. This will make zero change in your client side also.Here's how we can set it up.

• 在IIS中为任何进入API的请求设置反向代理。

  • Setup reverse proxy in IIS for any request which goes to your API.

    
    
    • 参考这个，< a href =http://www.dotnetspeak.com/webapi/setting-up-reverse-proxy-for-web-api-in-iis/ =noreferrer>为api设置反向代理和这
      - 一旦你按照上述任何一篇文章，你就会有像这样的urlrewrite规则
    
    
    • refer this ,setup reverse proxy for api and this -Once you follow any of the above article ,you will have a urlrewrite rule like this

    <？xml version =1.0encoding =UTF-8？>
< configuration>
< system.webServer>
< rewrite>
< rules>
< rule name =ReverseProxyInboundRule2stopProcessing =true>
< match url =api /(.*）/>
< action type =Rewriteurl =http：// server2 / api / {R：1}logRewrittenUrl =true/>
< conditions>
< / conditions>
< / rule>
< / rules>
< / rewrite>
< /system.webServer>
< / configuration>

    在上面的urlrewrite规则中，你将请求转发给server2，如果请求的网址包含 api ，这将超过http.So，直到此服务器请求将在https上，并从那里它将在http.but上转到服务器2没有客户的知识就会发生。这将是本地请求（不是通过互联网），延迟可以忽略不计。所以流程将是这样的

    In this above urlrewrite rule,you will be forwarding the request to server2 if the requested url contains api which will be over http.So till this server the request will come on https and from there it will go to server 2 on http.but this happens wihout the client's knowledge. And this will be local request(not over internet) and the latency is negligible.So the flow will be like this

    
    

    Browser => https （ https://example.com/api/products/2 ）=>
    http（ http：// server2 / api / products / 2 ）

    
    
    

    
    
    • 完全从原始网站中删除API代码。包括重定向逻辑，这将使您的网站完全免于API实现
    
    

    只是总结了这种方法的优势

    just summarizing the advantages of this approach

    
    
    1. 在客户端，无需更改，客户甚至不知道发生了类似的事情。因此，客户端没有额外的往返行程。
    
    
    2. 您的流量将是完整的https，并且没有https到主网站外的http。
    
    
    3. 如果你在主网站上有主网站和API调用，它不会创建跨域调用或混合内容警告。
       4.您已将主网站与API代码完全隔离。
    
    

    这篇关于将api资源静默移动到另一个URL的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！