This is a preference-based and a scenario-based question. In my own application that I have, I am redirecting all the database related stuff through API, and this has decreased the attack surface a lot (I can secure the database requests at one place).
Quote:My question is that from design perspective, should I just call into the webapi to get data for my website? or just call into the database to get data directly?
Also, if you route all the database traffic to ASP.NET Core Web API, you can develop the frontend independently—in future you can replace ASP.NET Core MVC with something like a React or Angular framework for frontend, and you can easily integrate the application in a mobile application; native, Xamarin or Flutter.
Correct, like I said earlier.
Quote:It looks like calling the webapi would promote separation of concerns
Yes, and no. You still can prevent exposing the database connection string by using variables on your hosting environment and then reuse that value in all your processes. This part depends entirely on where you are hosting your application.
Quote:I don't have to expose my database connection strings in multiple places
No, do not worry about this part.
Quote:but I am afraid there is a performance hit that will impact the performance of the load time of the website.
If you create two applications, you are going to launch them separately and that can add 3-5 seconds of load time, but it would be much easier to scale the applications in the future. This will help you in handling the load like a pro.
Also, load time depends on how many users are you expecting to get? If there will be a lot of users (like thousands of active users) then try caching your website and the queries, so you do not send duplicate queries to the database for at least an hour.
Here are a few more ideas to improve the performance:
I hope this helps you understand the bigger picture.
- Deploy your application as a stateless instance (try to move all the memory and state, e.g. session information to a database)
- Add a caching layer to your service
- Try to add scaling to your website (depends on the host environment)
- If you scale a stateless website, you can utilize caching and database to handle more requests and provide service to more users
- Keep separating the different domains inside your application to their own services (Microservice pattern)
The sh*t I complain about
It's like there ain't a cloud in the sky and it's raining out - Eminem
~! Firewall !~