在Rest Wcf Service中传递参数
[英]Passing parameters in Rest Wcf Service
问题描述
In my REST WCF service I am passing nearly 15 parameters. 
在我的REST WCF服务中,我传递了将近15个参数。 I am passing these parameters in the URL like this: 我在URL中传递这些参数,如下所示:
www.mysite.com/wcfservice/mymethod/{p1},{p2},{p3},{p4}...
Is there a better way of passing parameters? 有没有更好的方法来传递参数? Does passing parameters using in the URL cause any security issues (like SQL injection)? 在URL中使用传递的参数是否会引起任何安全问题(例如SQL注入)? Is it wise to pass the parameters using an XML file instead? 改为使用XML文件传递参数是否明智? What is the best way to pass the parementers in a REST WCF service? 在REST WCF服务中传递校验器的最佳方法是什么?
1 个解决方案
解决方案1
1 2011-10-04 15:38:58
Assuming your method is Idempotent (ie GET) it seems you know you can't use the body to transfer. 假设您的方法是幂等的 (即GET),似乎您知道无法使用主体进行传输。 So you're left with the URL and Headers. 因此,您只剩下URL和标题。
Put in the Headers the information that is not contextual to this specific request - eg your ProtocolVersion, SystemName - and parse those headers in the Service. 将标头中与该特定请求无关的信息(例如您的ProtocolVersion,SystemName)放入标头中,然后在服务中解析这些标头。
In the URL put those parameters that are contextual and are required for you to execute your operation: eg EntityId, FilterValue. 在URL中,输入上下文相关的参数和执行操作所需的参数:例如EntityId,FilterValue。
If you are passing a list for one parameter - eg value1=1,2,3 - then you can consider using a custom QueryString Converter (see below - attaching the behavior to the Endpoint is another exercise). 如果要传递一个参数的列表(例如value1 = 1,2,3),则可以考虑使用自定义QueryString Converter(请参见下文-将行为附加到端点是另一项工作)。
And in the end, you may just have to pass that many parameters. 最后,您可能只需要传递那么多参数。 It's very common for Search-based operations where there may be various dimensions to search on. 对于基于搜索的操作来说,这很常见,在其中可能要搜索各种维度。
using System;
using System.Linq;
using System.ServiceModel.Description;
using System.ServiceModel.Dispatcher;
public class CustomQueryStringConverter : QueryStringConverter
{
public override bool CanConvert(Type type)
{
return base.CanConvert(type.IsArray ? type.GetElementType() : type);
}
public override object ConvertStringToValue(string parameter, Type parameterType)
{
object result = null;
if (parameterType.IsArray)
{
if (!ReferenceEquals(parameter, null))
{
object[] items = parameter
.Split(",".ToCharArray(), StringSplitOptions.RemoveEmptyEntries)
.Where(s => !string.IsNullOrWhiteSpace(s))
.Select(s => base.ConvertStringToValue(s.Trim(), parameterType.GetElementType()))
.ToArray();
Array arrayResult = Array.CreateInstance(parameterType.GetElementType(), items.Length);
for (int i = 0; i < items.Length; ++i)
{
arrayResult.SetValue(items[i], i);
}
result = arrayResult;
}
}
else
{
result = base.ConvertStringToValue(parameter, parameterType);
}
return result;
}
public override string ConvertValueToString(object parameter, Type parameterType)
{
string result = string.Empty;
if (parameterType.IsArray)
{
foreach (object item in (Array)parameter)
{
result += item.ToString() + ",";
}
result = result.TrimEnd(',');
}
else
{
result = base.ConvertValueToString(parameter, parameterType);
}
return result;
}
public class CustomQueryStringBehavior : WebHttpBehavior
{
protected override QueryStringConverter GetQueryStringConverter(OperationDescription operationDescription)
{
return new CustomQueryStringConverter();
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.