HTTP Protocol Basics
🎯 What You'll Learn
- What HTTP is and how it works
- Client-server architecture
- HTTP versions (HTTP/1.1, HTTP/2, HTTP/3)
- Request and response structure
- Stateless nature of HTTP
- HTTPS and security
- How ASP.NET Core uses HTTP
What is HTTP?
HTTP (Hypertext Transfer Protocol) is the foundation of data communication on the web. It's a protocol that defines how messages are formatted and transmitted between clients (browsers, mobile apps) and servers.
HTTP is a request-response protocol:
- Client sends a request to the server
- Server processes the request
- Server sends back a response
Client-Server Architecture
┌─────────────┐ ┌─────────────┐
│ Client │ │ Server │
│ (Browser) │ │ (ASP.NET) │
└─────────────┘ └─────────────┘
│ │
│ 1. HTTP Request │
│ GET /api/products │
│─────────────────────────────────→│
│ │
│ │ 2. Process
│ │ Request
│ │
│ 3. HTTP Response │
│ 200 OK + JSON Data │
│←─────────────────────────────────│
│ │Roles
- Client: Initiates requests (browser, mobile app, Postman)
- Server: Responds to requests (ASP.NET Core application)
HTTP Versions
| Version | Year | Key Features |
|---|---|---|
| HTTP/1.1 | 1997 | Persistent connections, chunked transfer, host header |
| HTTP/2 | 2015 | Multiplexing, header compression, server push |
| HTTP/3 | 2022 | QUIC protocol (UDP-based), faster, more reliable |
HTTP/1.1 vs HTTP/2
Request 1 ────────→ Response 1
Request 2 ────────→ Response 2
Request 3 ────────→ Response 3Request 1 ────────→ Response 1
Request 2 ────────→ Response 2
Request 3 ────────→ Response 3ASP.NET Core supports HTTP/1.1, HTTP/2, and HTTP/3. HTTP/2 is enabled by default when using HTTPS.
HTTP Request Structure
GET /api/products/123 HTTP/1.1
Host: inventrackapp.com
User-Agent: Mozilla/5.0
Accept: application/json
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
(optional request body)Request Components
- Request Line:
GET /api/products/123 HTTP/1.1- Method:
GET - Path:
/api/products/123 - Version:
HTTP/1.1
- Method:
- Headers: Metadata about the request
Host: Target serverUser-Agent: Client informationAccept: Expected response formatAuthorization: Authentication credentials
- Body (optional): Data sent to server (POST, PUT, PATCH)
HTTP Response Structure
HTTP/1.1 200 OK
Content-Type: application/json
Content-Length: 145
Date: Mon, 10 Dec 2025 12:00:00 GMT
{
"id": 123,
"name": "Laptop",
"price": 999.99,
"quantityInStock": 50
}Response Components
- Status Line:
HTTP/1.1 200 OK- Version:
HTTP/1.1 - Status Code:
200 - Status Text:
OK
- Version:
- Headers: Metadata about the response
Content-Type: Format of response bodyContent-Length: Size of response bodyDate: When response was generated
- Body: The actual data (JSON, HTML, XML, etc.)
Stateless Protocol
HTTP is stateless: each request is independent and the server doesn't remember previous requests.
Request 1: GET /api/products
Response 1: [list of products]
Request 2: GET /api/products/123
Response 2: {product details}
// Server doesn't remember Request 1!How to Maintain State
Since HTTP is stateless, we use these mechanisms to maintain state:
- Cookies: Small data stored in the browser
- Sessions: Server-side storage linked to a session ID
- Tokens: JWT tokens for authentication
- Query strings: Data in the URL
HTTPS (HTTP Secure)
HTTPS is HTTP over TLS/SSL encryption. It provides:
- Encryption: Data is encrypted in transit
- Authentication: Verify server identity
- Integrity: Data can't be tampered with
// HTTP (Insecure - plain text)
http://inventrackapp.com/api/login
POST: { "username": "john", "password": "secret123" }
// ⚠️ Anyone can read this!
// HTTPS (Secure - encrypted)
https://inventrackapp.com/api/login
POST: { "username": "john", "password": "secret123" }
// ✅ Encrypted - safe from eavesdroppingNever send sensitive data (passwords, credit cards, personal info) over HTTP. Always use HTTPS in production.
HTTP in ASP.NET Core
Accessing HTTP Context
[ApiController]
[Route("api/[controller]")]
public class ProductsController : ControllerBase
{
[HttpGet]
public IActionResult GetProducts()
{
// Access HTTP context
var method = HttpContext.Request.Method; // "GET"
var path = HttpContext.Request.Path; // "/api/products"
var scheme = HttpContext.Request.Scheme; // "https"
var host = HttpContext.Request.Host; // "inventrackapp.com"
return Ok(new { method, path, scheme, host });
}
}Reading Request Headers
[HttpGet]
public IActionResult GetProducts()
{
// Read specific header
var userAgent = Request.Headers["User-Agent"].ToString();
// Read authorization header
var authHeader = Request.Headers["Authorization"].ToString();
// Check if header exists
if (Request.Headers.ContainsKey("X-API-Key"))
{
var apiKey = Request.Headers["X-API-Key"].ToString();
}
return Ok();
}Setting Response Headers
[HttpGet]
public IActionResult GetProducts()
{
// Set custom header
Response.Headers["X-Total-Count"] = "100";
Response.Headers["X-API-Version"] = "1.0";
return Ok(new List<Product>());
}Key Takeaways
- HTTP is a request-response protocol for web communication
- Client-server architecture: client requests, server responds
- HTTP versions: HTTP/1.1 (sequential), HTTP/2 (multiplexing), HTTP/3 (QUIC)
- Request structure: Request line + headers + optional body
- Response structure: Status line + headers + body
- Stateless: Each request is independent
- HTTPS: Encrypted HTTP for security (always use in production)
- ASP.NET Core provides
HttpContextto access request/response - Read headers with
Request.Headers - Set headers with
Response.Headers
You now understand HTTP basics! In the next section, we'll dive deeper into the Request/Response Cycle—how ASP.NET Core processes HTTP requests from start to finish, including routing, model binding, and response generation.