Passing parameters in Rest Wcf Service
Question
In my REST WCF service I am passing nearly 15 parameters. I am passing these parameters in the URL like this:
www.mysite.com/wcfservice/mymethod/{p1},{p2},{p3},{p4}...
Is there a better way of passing parameters? Does passing parameters using in the URL cause any security issues (like SQL injection)? Is it wise to pass the parameters using an XML file instead? What is the best way to pass the parementers in a REST WCF service?
1 answers
solution1
1 2011-10-04 15:38:58
Assuming your method is Idempotent (ie GET) it seems you know you can't use the body to transfer. So you're left with the URL and Headers.
Put in the Headers the information that is not contextual to this specific request - eg your ProtocolVersion, SystemName - and parse those headers in the Service.
In the URL put those parameters that are contextual and are required for you to execute your operation: eg EntityId, FilterValue.
If you are passing a list for one parameter - eg value1=1,2,3 - then you can consider using a custom QueryString Converter (see below - attaching the behavior to the Endpoint is another exercise).
And in the end, you may just have to pass that many parameters. It's very common for Search-based operations where there may be various dimensions to search on.
using System;
using System.Linq;
using System.ServiceModel.Description;
using System.ServiceModel.Dispatcher;
public class CustomQueryStringConverter : QueryStringConverter
{
public override bool CanConvert(Type type)
{
return base.CanConvert(type.IsArray ? type.GetElementType() : type);
}
public override object ConvertStringToValue(string parameter, Type parameterType)
{
object result = null;
if (parameterType.IsArray)
{
if (!ReferenceEquals(parameter, null))
{
object[] items = parameter
.Split(",".ToCharArray(), StringSplitOptions.RemoveEmptyEntries)
.Where(s => !string.IsNullOrWhiteSpace(s))
.Select(s => base.ConvertStringToValue(s.Trim(), parameterType.GetElementType()))
.ToArray();
Array arrayResult = Array.CreateInstance(parameterType.GetElementType(), items.Length);
for (int i = 0; i < items.Length; ++i)
{
arrayResult.SetValue(items[i], i);
}
result = arrayResult;
}
}
else
{
result = base.ConvertStringToValue(parameter, parameterType);
}
return result;
}
public override string ConvertValueToString(object parameter, Type parameterType)
{
string result = string.Empty;
if (parameterType.IsArray)
{
foreach (object item in (Array)parameter)
{
result += item.ToString() + ",";
}
result = result.TrimEnd(',');
}
else
{
result = base.ConvertValueToString(parameter, parameterType);
}
return result;
}
public class CustomQueryStringBehavior : WebHttpBehavior
{
protected override QueryStringConverter GetQueryStringConverter(OperationDescription operationDescription)
{
return new CustomQueryStringConverter();
}
}
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.