ASP.NET WebHooks RC 1

by Jonathan Allen on Mar 18, 2016 |

Just as message queues allow applications within an organization to talk to each other, WebHooks provide a way for websites across different organizations to communicate in an asynchronous fashion.

Essentially a WebHook is a callback mechanism. Inside the WebHook provider, you can register a custom URL. When appropriate, the providers uses this URL to send messages to your application about events in it. For example, Dropbox can be configured to notify a company’s audit and backup infrastructure whenever a file is created in said company’s Dropbox account.

While this was always theoretically possible, there are some real-world considerations to take into account. If left unchecked, malicious parties can could use this infrastructure to launch denial of service attacks as was the case with pingbacks.

To prevent this from happening, WebHooks require a verification step. From the Dropbox documentation,

Once you enter your webhook URI, an initial "verification request" will be made to that URI. This verification is an HTTP GET request with a query parameter called challenge. Your app needs to respond by echoing back that challenge parameter. The purpose of this verification request is to demonstrate that your app really does want to receive notifications at that URI. If you accidentally entered the wrong URI (or if someone maliciously entered your server as their webhook), your app would fail to respond correctly to the challenge request, and Dropbox would not send any notifications to that URI.


As part of the their RC 1 release, ASP.NET WebHooks includes custom “receivers” for the following providers:

A generic framework library for building your own custom receivers is also available, but in every case you need to host the receiver in a publically accessible website or the provider won’t be able to reach it.


ASP.NET also offers a framework for providing your own WebHooks for consumption by other applications. This consists of two parts, the WebHook infrastructure itself and the storage for WebHook registrations. Out of the box, SQL Server and Azure Table Storage are offered.

You can get a complete list of tutorials and samples on the .NET Web Development and Tools blog. The source code is available on GitHub under the Apache 2 license. The current release candidate requires ASP.NET MVC 5 and WebAPI 2.

Rate this Article


Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

General Feedback
Marketing and all content copyright © 2006-2016 C4Media Inc. hosted at Contegix, the best ISP we've ever worked with.
Privacy policy

We notice you're using an ad blocker

We understand why you use ad blockers. However to keep InfoQ free we need your support. InfoQ will not provide your data to third parties without individual opt-in consent. We only work with advertisers relevant to our readers. Please consider whitelisting us.