I am a huge fan of Ajax. If you want
to create a great experience for the users of your website – regardless of whether you are building an
ASP.
NET MVC or an
ASP.
NET Web Forms
site — then you need
to use Ajax. Otherwise, you are just being cruel
to your customers.
We use Ajax extensively
in several of the
ASP.
NET applications that my company, Superexpert.com, builds. We expose data from the server as JSON and use jQuery
to retrieve and update that data from the browser.
One challenge, when building an
ASP.
NET website, is deciding on which technology
to use
to expose JSON data from the server. For example,
how do you expose a list of products from the server as JSON so you can retrieve the list of products with jQuery? You have a number of options (too many options) including ASMX
Web services, WCF
Web Services, ASHX Generic Handlers, WCF Data Services, and MVC controller actions.
Fortunately, the world has just been simplified. With the release of
ASP.
NET 4 Beta, Microsoft has introduced a new technology for exposing JSON from the server named the
ASP.
NET Web API. You can use the
ASP.
NET Web API with both
ASP.
NET MVC and
ASP.
NET Web Forms applications.
The goal of this blog post is
to provide you with a brief overview of the features of the new
ASP.
NET Web API. You learn
how to use the
ASP.
NET Web API
to retrieve, insert, update, and delete database records with jQuery. We also discuss
how you can perform form validation when using the
Web API and use OData when using the
Web API.
Creating an
ASP.
NET Web API Controller
The
ASP.
NET Web API exposes JSON data through a new type of controller called an API controller. You can add an API controller
to an existing
ASP.
NET MVC 4 project through the standard Add Controller dialog box.
Right-click your Controllers folder and select Add, Controller.
In the dialog box, name your controller MovieController and select the Empty API controller template:
A brand new API controller looks like this:
using System;
using System.Collections.Generic;
using System.Linq;
using System.
Net.Http;
using System.
Web.Http;
namespace MyWebAPIApp.Controllers
{
public class MovieController : ApiController
{
}
}
An API controller, unlike a standard MVC controller, derives from the base ApiController class instead of the base Controller class.
Using jQuery
to Retrieve, Insert, Update, and Delete Data
Let’s create an Ajaxified Movie Database application. We’ll retrieve, insert, update, and delete movies using jQuery with the MovieController which we just created. Our Movie model class looks like this:
namespace MyWebAPIApp.Models
{
public class Movie
{
public int Id { get; set; }
public string Title { get; set; }
public string Director { get; set; }
}
}
Our application will consist of a single HTML page named Movies.html. We’ll place all of our jQuery code
in the Movies.html page.
Getting a Single Record with the
ASP.
NET Web API
To support retrieving a single movie from the server, we need
to add a
Get method
to our API controller:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.
Net.Http;
using System.
Web.Http;
using MyWebAPIApp.Models;
namespace MyWebAPIApp.Controllers
{
public class MovieController : ApiController
{
public Movie GetMovie(int id)
{
// Return movie by id
if (id == 1)
{
return new Movie
{
Id = 1,
Title = "Star Wars",
Director = "Lucas"
};
}
// Otherwise, movie was not found
throw new HttpResponseException(HttpStatusCode.NotFound);
}
}
}
In the code above, the GetMovie() method accepts the Id of a movie. If the Id has the value 1 then the method returns the movie Star Wars. Otherwise, the method throws an exception and returns 404 Not Found HTTP status code.
After building your project, you can invoke the MovieController.GetMovie() method by entering the following URL
in your
web browser address bar: http://localhost:[port]/api/movie/1 (You’ll need
to enter the correct randomly generated port).
In the URL api/movie/1, the first “api” segment indicates that this is a
Web API route. The “movie” segment indicates that the MovieController should be invoked. You do not specify the name of the action. Instead, the HTTP method used
to make the request –
GET, POST, PUT, DELETE — is used
to identify the action
to invoke.
The
ASP.
NET Web API uses different routing conventions than normal
ASP.
NET MVC controllers. When you make an HTTP
GET request then any API controller method with a name that starts with “GET” is invoked. So, we could have called our API controller action GetPopcorn() instead of GetMovie() and it would still be invoked by the URL api/movie/1.
The default route for the
Web API is defined
in the Global.asax file and it looks like this:
routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
We can invoke our GetMovie() controller action with the jQuery code
in the following HTML page:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Get Movie</title>
</head>
<body>
<div>
Title: <span id="title"></span>
</div>
<div>
Director: <span id="director"></span>
</div>
<script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script>
<script type="text/javascript">
getMovie(1, function (movie) {
$("#title").html(movie.Title);
$("#director").html(movie.Director);
});
function getMovie(id, callback) {
$.ajax({
url: "/api/Movie",
data: { id: id },
type: "
GET",
contentType: "application/json;charset=utf-8",
statusCode: {
200: function (movie) {
callback(movie);
},
404: function () {
alert("Not Found!");
}
}
});
}
</script>
</body>
</html>
In the code above, the jQuery $.ajax() method is used
to invoke the GetMovie() method. Notice that the Ajax call handles two HTTP response codes. When the GetMove() method successfully returns a movie, the method returns a 200 status code.
In that case, the details of the movie are displayed
in the HTML page.
Otherwise, if the movie is not found, the GetMovie() method returns a 404 status code.
In that case, the page simply displays an alert box indicating that the movie was not found (hopefully, you would implement something more graceful
in an actual application).
You can use your browser’s Developer Tools
to see what is going on
in the background when you open the HTML page (hit F12
in the most recent version of most browsers). For example, you can use the Network tab
in Google Chrome
to see the Ajax request which invokes the GetMovie() method:
Getting a Set of Records with the
ASP.
NET Web API
Let’s modify our Movie API controller so that it returns a collection of movies. The following Movie controller has a new ListMovies() method which returns a (hard-coded) collection of movies:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.
Net.Http;
using System.
Web.Http;
using MyWebAPIApp.Models;
namespace MyWebAPIApp.Controllers
{
public class MovieController : ApiController
{
public IEnumerable<Movie> ListMovies()
{
return new List<Movie> {
new Movie {Id=1, Title="Star Wars", Director="Lucas"},
new Movie {Id=1, Title="King Kong", Director="Jackson"},
new Movie {Id=1, Title="Memento", Director="Nolan"}
};
}
}
}
Because we named our action ListMovies(), the default
Web API route will never match it. Therefore, we need
to add the following custom route
to our Global.asax file (at the top of the RegisterRoutes() method):
routes.MapHttpRoute(
name: "ActionApi",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
This route enables us
to invoke the ListMovies() method with the URL /api/movie/listmovies.
Now that we have exposed our collection of movies from the server, we can retrieve and display the list of movies using jQuery
in our HTML page:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>List Movies</title>
</head>
<body>
<div id="movies"></div>
<script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script>
<script type="text/javascript">
listMovies(function (movies) {
var strMovies="";
$.each(movies, function (index, movie) {
strMovies += "<div>" + movie.Title + "</div>";
});
$("#movies").html(strMovies);
});
function listMovies(callback) {
$.ajax({
url: "/api/Movie/ListMovies",
data: {},
type: "
GET",
contentType: "application/json;charset=utf-8",
}).then(function(movies){
callback(movies);
});
}
</script>
</body>
</html>
Inserting a Record with the
ASP.
NET Web API
Now let’s modify our Movie API controller so it supports creating new records:
public HttpResponseMessage<Movie> PostMovie(Movie movieToCreate)
{
// Add movieToCreate
to the database and update primary key
movieToCreate.Id = 23;
// Build a response that contains the location of the new movie
var response = new HttpResponseMessage<Movie>(movieToCreate, HttpStatusCode.Created);
var relativePath = "/api/movie/" + movieToCreate.Id;
response.Headers.Location = new Uri(Request.RequestUri, relativePath);
return response;
}
The PostMovie() method
in the code above accepts a movieToCreate parameter. We don’t actually store the new movie anywhere.
In real life, you will want
to call a service method
to store the new movie
in a database.
When you create a new resource, such as a new movie, you should return the location of the new resource.
In the code above, the URL where the new movie can be retrieved is assigned
to the Location header returned
in the PostMovie() response.
Because the name of our method starts with “Post”, we don’t need
to create a custom route. The PostMovie() method can be invoked with the URL /Movie/PostMovie – just as long as the method is invoked within the context of a HTTP POST request.
The following HTML page invokes the PostMovie() method.
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Create Movie</title>
</head>
<body>
<script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script>
<script type="text/javascript">
var movieToCreate = {
title: "The Hobbit",
director: "Jackson"
};
createMovie(movieToCreate, function (newMovie) {
alert("New movie created with an Id of " + newMovie.Id);
});
function createMovie(movieToCreate, callback) {
$.ajax({
url: "/api/Movie",
data: JSON.stringify( movieToCreate ),
type: "POST",
contentType: "application/json;charset=utf-8",
statusCode: {
201: function (newMovie) {
callback(newMovie);
}
}
});
}
</script>
</body>
</html>
This page creates a new movie (the Hobbit) by calling the createMovie() method. The page simply displays the Id of the new movie:
The HTTP Post operation is performed with the following call
to the jQuery $.ajax() method:
$.ajax({
url: "/api/Movie",
data: JSON.stringify( movieToCreate ),
type: "POST",
contentType: "application/json;charset=utf-8",
statusCode: {
201: function (newMovie) {
callback(newMovie);
}
}
});
Notice that the type of Ajax request is a POST request. This is required
to match the PostMovie() method.
Notice, furthermore, that the new movie is converted into JSON using JSON.stringify(). The JSON.stringify() method takes a JavaScript object and converts it into a JSON string.
Finally, notice that success is represented with a 201 status code. The HttpStatusCode.Created value returned from the PostMovie() method returns a 201 status code.
Updating a Record with the
ASP.
NET Web API
Here’s
how we can modify the Movie API controller
to support updating an existing record.
In this case, we need
to create a PUT method
to handle an HTTP PUT request:
public void PutMovie(Movie movieToUpdate)
{
if (movieToUpdate.Id == 1) {
// Update the movie
in the database
return;
}
// If you can't find the movie
to update
throw new HttpResponseException(HttpStatusCode.NotFound);
}
Unlike our PostMovie() method, the PutMovie() method does not return a result. The action either updates the database or, if the movie cannot be found, returns an HTTP Status code of 404.
The following HTML page illustrates
how you can invoke the PutMovie() method:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Put Movie</title>
</head>
<body>
<script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script>
<script type="text/javascript">
var movieToUpdate = {
id: 1,
title: "The Hobbit",
director: "Jackson"
};
updateMovie(movieToUpdate, function () {
alert("Movie updated!");
});
function updateMovie(movieToUpdate, callback) {
$.ajax({
url: "/api/Movie",
data: JSON.stringify(movieToUpdate),
type: "PUT",
contentType: "application/json;charset=utf-8",
statusCode: {
200: function () {
callback();
},
404: function () {
alert("Movie not found!");
}
}
});
}
</script>
</body>
</html>
Deleting a Record with the
ASP.
NET Web API
Here’s the code for deleting a movie:
public HttpResponseMessage DeleteMovie(int id)
{
// Delete the movie from the database
// Return status code
return new HttpResponseMessage(HttpStatusCode.NoContent);
}
This method simply deletes the movie (well, not really, but pretend that it does) and returns a No Content status code (204).
The following page illustrates
how you can invoke the DeleteMovie() action:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Delete Movie</title>
</head>
<body>
<script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script>
<script type="text/javascript">
deleteMovie(1, function () {
alert("Movie deleted!");
});
function deleteMovie(id, callback) {
$.ajax({
url: "/api/Movie",
data: JSON.stringify({id:id}),
type: "DELETE",
contentType: "application/json;charset=utf-8",
statusCode: {
204: function () {
callback();
}
}
});
}
</script>
</body>
</html>
Performing Validation
How do you perform form validation when using the
ASP.
NET Web API? Because validation
in ASP.
NET MVC is driven by the Default Model Binder, and because the
Web API uses the Default Model Binder, you
get validation for free.
Let’s modify our Movie class so it includes some of the standard validation attributes:
using System.ComponentModel.DataAnnotations;
namespace MyWebAPIApp.Models
{
public class Movie
{
public int Id { get; set; }
[Required(ErrorMessage="Title is required!")]
[StringLength(5, ErrorMessage="Title cannot be more than 5 characters!")]
public string Title { get; set; }
[Required(ErrorMessage="Director is required!")]
public string Director { get; set; }
}
}
In the code above, the Required validation attribute is used
to make both the Title and Director properties required. The StringLength attribute is used
to require the length of the movie title
to be no more than 5 characters.
Now let’s modify our PostMovie() action
to validate a movie before adding the movie
to the database:
public HttpResponseMessage PostMovie(Movie movieToCreate)
{
// Validate movie
if (!ModelState.IsValid)
{
var errors = new JsonArray();
foreach (var prop
in ModelState.Values)
{
if (prop.Errors.Any())
{
errors.Add(prop.Errors.First().ErrorMessage);
}
}
return new HttpResponseMessage<JsonValue>(errors, HttpStatusCode.BadRequest);
}
// Add movieToCreate
to the database and update primary key
movieToCreate.Id = 23;
// Build a response that contains the location of the new movie
var response = new HttpResponseMessage<Movie>(movieToCreate, HttpStatusCode.Created);
var relativePath = "/api/movie/" + movieToCreate.Id;
response.Headers.Location = new Uri(Request.RequestUri, relativePath);
return response;
}
If ModelState.IsValid has the value false then the errors
in model state are copied
to a new JSON array. Each property – such as the Title and Director property — can have multiple errors.
In the code above, only the first error message is copied over. The JSON array is returned with a Bad Request status code (400 status code).
The following HTML page illustrates
how you can invoke our modified PostMovie() action and display any error messages:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Create Movie</title>
</head>
<body>
<script type="text/javascript" src="Scripts/jquery-1.6.2.min.js"></script>
<script type="text/javascript">
var movieToCreate = {
title: "The Hobbit",
director: ""
};
createMovie(movieToCreate,
function (newMovie) {
alert("New movie created with an Id of " + newMovie.Id);
},
function (errors) {
var strErrors = "";
$.each(errors, function(index, err) {
strErrors += "*" + err + "\n";
});
alert(strErrors);
}
);
function createMovie(movieToCreate, success, fail) {
$.ajax({
url: "/api/Movie",
data: JSON.stringify(movieToCreate),
type: "POST",
contentType: "application/json;charset=utf-8",
statusCode: {
201: function (newMovie) {
success(newMovie);
},
400: function (xhr) {
var errors = JSON.parse(xhr.responseText);
fail(errors);
}
}
});
}
</script>
</body>
</html>
The createMovie() function performs an Ajax request and handles either a 201 or a 400 status code from the response. If a 201 status code is returned then there were no validation errors and the new movie was created.
If, on the other hand, a 400 status code is returned then there was a validation error. The validation errors are retrieved from the XmlHttpRequest responseText property. The error messages are displayed
in an alert:
(Please don’t use JavaScript alert dialogs
to display validation errors, I just did it this way out of pure laziness)
This validation code
in our PostMovie() method is pretty generic. There is nothing specific about this code
to the PostMovie() method.
In the following video, Jon Galloway demonstrates
how to create a global Validation filter which can be used with any API controller action:
http://www.
asp.net/web-api/overview/web-api-routing-and-actions/video-custom-validation
His validation filter looks like this:
using System.Json;
using System.Linq;
using System.Net;
using System.
Net.Http;
using System.
Web.Http.Controllers;
using System.
Web.Http.Filters;
namespace MyWebAPIApp.Filters
{
public class ValidationActionFilter:ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
var modelState = actionContext.ModelState;
if (!modelState.IsValid)
{
dynamic errors = new JsonObject();
foreach (var key
in modelState.Keys)
{
var state = modelState[key];
if (state.Errors.Any())
{
errors[key] = state.Errors.First().ErrorMessage;
}
}
actionContext.Response = new HttpResponseMessage<JsonValue>(errors, HttpStatusCode.BadRequest);
}
}
}
}
And you can register the validation filter
in the Application_Start() method
in the Global.asax file like this:
GlobalConfiguration.Configuration.Filters.Add(new ValidationActionFilter());
After you register the Validation filter, validation error messages are returned from any API controller action method automatically when validation fails. You don’t need
to add any special logic
to any of your API controller actions
to take advantage of the filter.
Querying using OData
The OData protocol is an open protocol created by Microsoft which enables you
to perform queries over the
web. The official website for OData is located here:
http://odata.org
For example, here are some of the query options which you can use with OData:
· $orderby – Enables you
to retrieve results
in a certain order.
· $top – Enables you
to retrieve a certain number of results.
· $skip – Enables you
to skip over a certain number of results (use with $top for paging).
· $filter – Enables you
to filter the results returned.
The
ASP.
NET Web API supports a subset of the OData protocol. You can use all of the query options listed above when interacting with an API controller. The only requirement is that the API controller action returns its data as IQueryable.
For example, the following Movie controller has an action named GetMovies() which returns an IQueryable of movies:
public IQueryable<Movie> GetMovies()
{
return new List<Movie> {
new Movie {Id=1, Title="Star Wars", Director="Lucas"},
new Movie {Id=2, Title="King Kong", Director="Jackson"},
new Movie {Id=3, Title="Willow", Director="Lucas"},
new Movie {Id=4, Title="Shrek", Director="Smith"},
new Movie {Id=5, Title="Memento", Director="Nolan"}
}.AsQueryable();
}
If you enter the following URL
in your browser:
/api/movie?$top=2&$orderby=Title
Then you will limit the movies returned
to the top 2
in order of the movie Title. You will
get the following results:
By using the $top option
in combination with the $skip option, you can enable client-side paging. For example, you can use $top and $skip
to page through thousands of products, 10 products at a time.
The $filter query option is very powerful. You can use this option
to filter the results from a query. Here are some examples:
Return every movie directed by Lucas:
/api/movie?$filter=Director eq ‘Lucas’
Return every movie which has a title which starts with ‘S’:
/api/movie?$filter=startswith(Title,’S')
Return every movie which has an Id greater than 2:
/api/movie?$filter=Id gt 2
The complete documentation for the $filter option is located here:
http://www.odata.org/developers/protocols/uri-conventions#FilterSystemQueryOption
Summary
The goal of this blog entry was
to provide you with an overview of the new
ASP.
NET Web API introduced with the Beta release of
ASP.
NET 4.
In this post, I discussed
how you can retrieve, insert, update, and delete data by using jQuery with the
Web API.
I also discussed
how you can use the standard validation attributes with the
Web API. You learned
how to return validation error messages
to the client and display the error messages using jQuery.
Finally, we briefly discussed
how the
ASP.
NET Web API supports the OData protocol. For example, you learned
how to filter records returned from an API controller action by using the $filter query option.
I’m excited about the new
Web API. This is a feature which I expect
to use with almost every
ASP.
NET application which I build
in the future.
