开发者

Passing parameters in Rest Wcf Service

In my REST WCF service I am passing nearly 15 parameters. I am passing these parameters in the URL like this:

www.mysite.com/wcfservice/mymethod/{p1},{p2},{p3},{p4}...

Is there a better way of passing parameters? Does passing parameters using in the URL cause any security issues (like SQL injection)? Is it wise to pass the parameters using an XML file inst开发者_如何学Pythonead? What is the best way to pass the parementers in a REST WCF service?


Assuming your method is Idempotent (i.e. GET) it seems you know you can't use the body to transfer. So you're left with the URL and Headers.

Put in the Headers the information that is not contextual to this specific request - e.g. your ProtocolVersion, SystemName - and parse those headers in the Service.

In the URL put those parameters that are contextual and are required for you to execute your operation: e.g. EntityId, FilterValue.

If you are passing a list for one parameter - e.g. value1=1,2,3 - then you can consider using a custom QueryString Converter (see below - attaching the behavior to the Endpoint is another exercise).

And in the end, you may just have to pass that many parameters. It's very common for Search-based operations where there may be various dimensions to search on.

using System;
using System.Linq;
using System.ServiceModel.Description;
using System.ServiceModel.Dispatcher;

public class CustomQueryStringConverter : QueryStringConverter
{

    public override bool CanConvert(Type type)
    {
        return base.CanConvert(type.IsArray ? type.GetElementType() : type);
    }

    public override object ConvertStringToValue(string parameter, Type parameterType)
    {
        object result = null;

        if (parameterType.IsArray)
        {

            if (!ReferenceEquals(parameter, null))
            {
                object[] items = parameter
                    .Split(",".ToCharArray(), StringSplitOptions.RemoveEmptyEntries)
                    .Where(s => !string.IsNullOrWhiteSpace(s))
                    .Select(s => base.ConvertStringToValue(s.Trim(), parameterType.GetElementType()))
                    .ToArray();

                Array arrayResult = Array.CreateInstance(parameterType.GetElementType(), items.Length);

                for (int i = 0; i < items.Length; ++i)
                {
                    arrayResult.SetValue(items[i], i);
                }

                result = arrayResult;
            }

        }
        else
        {
            result = base.ConvertStringToValue(parameter, parameterType);
        }

        return result;
    }

    public override string ConvertValueToString(object parameter, Type parameterType)
    {

        string result = string.Empty;

        if (parameterType.IsArray)
        {

            foreach (object item in (Array)parameter)
            {
                result += item.ToString() + ",";
            }

            result = result.TrimEnd(',');
        }
        else
        {
            result = base.ConvertValueToString(parameter, parameterType);
        }

        return result;
    }


    public class CustomQueryStringBehavior : WebHttpBehavior
    {

        protected override QueryStringConverter GetQueryStringConverter(OperationDescription operationDescription)
        {
            return new CustomQueryStringConverter();
        }

    }

}
0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜