ASP.NET WebHooks RC 1

| by Jonathan Allen Follow 576 Followers on Mar 18, 2016. Estimated reading time: 2 minutes |

Just as message queues allow applications within an organization to talk to each other, WebHooks provide a way for websites across different organizations to communicate in an asynchronous fashion.

Essentially a WebHook is a callback mechanism. Inside the WebHook provider, you can register a custom URL. When appropriate, the providers uses this URL to send messages to your application about events in it. For example, Dropbox can be configured to notify a company’s audit and backup infrastructure whenever a file is created in said company’s Dropbox account.

While this was always theoretically possible, there are some real-world considerations to take into account. If left unchecked, malicious parties can could use this infrastructure to launch denial of service attacks as was the case with pingbacks.

To prevent this from happening, WebHooks require a verification step. From the Dropbox documentation,

Once you enter your webhook URI, an initial "verification request" will be made to that URI. This verification is an HTTP GET request with a query parameter called challenge. Your app needs to respond by echoing back that challenge parameter. The purpose of this verification request is to demonstrate that your app really does want to receive notifications at that URI. If you accidentally entered the wrong URI (or if someone maliciously entered your server as their webhook), your app would fail to respond correctly to the challenge request, and Dropbox would not send any notifications to that URI.


As part of the their RC 1 release, ASP.NET WebHooks includes custom “receivers” for the following providers:

A generic framework library for building your own custom receivers is also available, but in every case you need to host the receiver in a publically accessible website or the provider won’t be able to reach it.


ASP.NET also offers a framework for providing your own WebHooks for consumption by other applications. This consists of two parts, the WebHook infrastructure itself and the storage for WebHook registrations. Out of the box, SQL Server and Azure Table Storage are offered.

You can get a complete list of tutorials and samples on the .NET Web Development and Tools blog. The source code is available on GitHub under the Apache 2 license. The current release candidate requires ASP.NET MVC 5 and WebAPI 2.

Rate this Article

Adoption Stage

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread


Login to InfoQ to interact with what matters most to you.

Recover your password...


Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.


More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.


Stay up-to-date

Set up your notifications and don't miss out on content that matters to you