WebAPI and MVC4 and OData
Posted
by Aligned
on Geeks with Blogs
See other posts from Geeks with Blogs
or by Aligned
Published on Wed, 19 Sep 2012 07:08:12 GMT
Indexed on
2012/09/21
15:39 UTC
Read the original article
Hit count: 309
I was looking closer into WebAPI, specificially how to use OData to avoid writing GetCustomerByCustomerId(int id) methods all over the place.
I had problems just returning IQueryable<T> as some sites suggested in the WebpAPI (Assembly System.Web.Http.dll, v4.0.0.0). I think things changed in the release version and the blog posts are still out of date. There is no [Queraable] as the answer to this question suggests. Once I get WebAPI.Odata Nuget package, and added the [Queryable] to the method http://localhost:57146/api/values/?$filter=Id%20eq%201 worked (don’t forget the ‘$’).
Now the main question is whether I should do this and how to stop logged in users from sniffing the url and getting data for other users. I John V. Peterson has a post on securing WebAPI with headers and intercepting the call at that point. He had an update to use HttpMessageHandlers instead. I think I’ll use this to force the call to contain some kind of unique code for the user, but I’m still thinking about this. I will not expose this to the public, just to my calls with-in my Forms Authentication areas.
Other links:
~lots of good information
John V Peterson example: https://github.com/johnvpetersen/ASPWebAPIExample
~ all data access goes through the WebApi and the web client doesn’t have a connection string
~ There is code library for calling the WebApi from MVC using the HttpClient. It’s a great starting point
http://blogs.msdn.com/b/alexj/archive/2012/08/15/odata-support-in-asp-net-web-api.aspx
~ Beta (9/18/2012) Nuget package to help with what I want to do?
~ has a sample code project with examples
http://blogs.msdn.com/b/alexj/archive/2012/08/15/odata-support-in-asp-net-web-api.aspx
JSON, pass the correct format in the header (Accept: application/json). $format=JSON doesn’t appear to be working.
Async methods built into WebApi! Look for the GetAsync methods.
© Geeks with Blogs or respective owner