WebAPI and MVC4 and OData

Posted by Aligned on Geeks with Blogs See other posts from Geeks with Blogs or by Aligned
Published on Wed, 19 Sep 2012 07:08:12 GMT Indexed on 2012/09/21 15:39 UTC
Read the original article Hit count: 309

Filed under:

I was looking closer into WebAPI, specificially how to use OData to avoid writing GetCustomerByCustomerId(int id) methods all over the place.

I had problems just returning IQueryable<T> as some sites suggested in the WebpAPI (Assembly System.Web.Http.dll, v4.0.0.0).  I think things changed in the release version and the blog posts are still out of date. There is no [Queraable] as the answer to this question suggests. Once I get WebAPI.Odata Nuget package, and added the [Queryable] to the method http://localhost:57146/api/values/?$filter=Id%20eq%201 worked (don’t forget the ‘$’).

Now the main question is whether I should do this and how to stop logged in users from sniffing the url and getting data for other users. I John V. Peterson has a post on securing WebAPI with headers and intercepting the call at that point. He had an update to use HttpMessageHandlers instead. I think I’ll use this to force the call to contain some kind of unique code for the user, but I’m still thinking about this. I will not expose this to the public, just to my calls with-in my Forms Authentication areas.

Other links:

http://robbincremers.me/2012/02/16/building-and-consuming-rest-services-with-asp-net-web-api-and-odata-support/

~lots of good information

John V Peterson example: https://github.com/johnvpetersen/ASPWebAPIExample

~ all data access goes through the WebApi and the web client doesn’t have a connection string

~ There is code library for calling the WebApi from MVC using the HttpClient. It’s a great starting point

http://blogs.msdn.com/b/alexj/archive/2012/08/15/odata-support-in-asp-net-web-api.aspx

~ Beta (9/18/2012) Nuget package to help with what I want to do?

~ has a sample code project with examples

http://blogs.msdn.com/b/alexj/archive/2012/08/15/odata-support-in-asp-net-web-api.aspx

http://blogs.msdn.com/b/alexj/archive/2012/08/21/web-api-queryable-current-support-and-tentative-roadmap.aspx

http://stackoverflow.com/questions/10885868/asp-net-mvc4-rc-web-api-odata-filter-not-working-with-iqueryable

JSON, pass the correct format in the header (Accept: application/json). $format=JSON doesn’t appear to be working.

Async methods built into WebApi! Look for the GetAsync methods.

© Geeks with Blogs or respective owner