REST service with ASP.NET MVC: Part 1
In this atricle I’ll show you how to implement RESTful service based on ASP.NET MVC controller.
REST stands for representational state transfer. It means that server sends it’s state (data) as a response to client requests. Most common REST service implementation is base on server, that produces JSON or XML data and client, that able to rend request to service, get the server response and use received data.
Good idea is to use REST architecture when you need to make your application accessible with different clients: you share API and clients use it to interact with your server.
ASP.NET MVC it commonly used platform for building web applications. It contains a lot of tools for creating scalable web applications and it’s very easy to create JSON REST service based on default ASP.NET MVC controller.
Since REST idea is built on top of HTTP protocol, it’s a good idea to follow its rules: use appropriate methods, response codes and parameters.
Below is well commented piece of code, used in one of our projects. It’s the ASP.NET controller with actions, that returns JSON data. Action and Controller names are used to as URI’s for REST service.
// ServiceController is derived from default ASP.NET MVC class: BaseController public class ServiceController : BaseController { //let's use this object as data source, don't think about it's implementation private EmployeeService employeeService; public ServiceController(){ employeeService = new EmployeeService(); } // for security purposes we had to deny requests for default page. public ActionResult Index() { return new HttpNotFoundResult("This doesn't exist"); } /// <summary> /// GET: /Service/GetEmployees /// </summary> /// <returns></returns> // this action accepts only GET HTTP request [AcceptVerbs(HttpVerbs.Get)] public ActionResult GetEmployees(string department) { var employees = employeeService.GetEmployees(department); // it's important to add JsonRequestBehavior.AllowGet parameter, otherwise you'll get the security exception return Json(employees, JsonRequestBehavior.AllowGet); } /// <summary> /// POST: /Service/Hire /// </summary> /// <returns></returns> // HTTP POST fits better for action semantics. [AcceptVerbs(HttpVerbs.Post)] public ActionResult Hire(Employee employee){ var hireResult = employeeService.Hire(employee); return Json(hireResult); } /// <summary> /// DELETE: /Service/Fire /// </summary> /// <returns></returns> // HTTP DELETE fits better for action semantics. [AcceptVerbs(HttpVerbs.Delete)] public ActionResult Fire(int employeeId){ var fireResult = employeeService.Fire(employeeId); return Json(fireResult); } } |
Now we have controller with some action, that accepts and returns JSON objects.
In next article I’ll show you how to create consuming libraray for this service.
It is a nice article..
But what security proposes we need to deny the default page for?
And what are the security measures you took to protect your data and methods from unauthorized users?
Thanks!