How to use Breeze IQueryable with CORS? - asp.net-web-api

I use a method to add CORS handlers to my response that is called by a client using Breeze.
You can read more about how I got that working here: Controller not filtering data in Breeze query in DotNetNuke Module
However, I noticed that while $filter works, $expand and $select do not.
So my question is: How can I use return a HttpResponseMessage Type and still use Breeze (I need to do this for CORS).
To prove this, I downloaded and changed the Todos sample:
Original method (works)
http://example/api/todos/todos?$select=isdone
[HttpGet]
public IQueryable<TodoItem> Todos()
{
return _contextProvider.Context.Todos;
}
My method with CORS wrapper (does not expand or select)
http://example/api/todos/TodosCors?$select=isdone
[HttpGet]
[Queryable(AllowedQueryOptions = AllowedQueryOptions.All)]
public HttpResponseMessage TodosCors()
{
var response = Request.CreateResponse(HttpStatusCode.OK, (IQueryable<TodoItem>)_contextProvider.Context.Todos);
return ControllerUtilities.GetResponseWithCorsHeader(response);
}
public static HttpResponseMessage GetResponseWithCorsHeader(HttpResponseMessage response)
{
response.Headers.Add("Access-Control-Allow-Origin", "*");
return response;
}

I'm going to comment mainly on the CORS aspect of your question. The part about $expand and $select is addressed in the StackOverflow question to which you refer. In brief, [Queryable] is the Web API attribute which does not support $expand and $select. I think you want the [BreezeQueryable] attribute that does.
I can not say for sure but I do not believe the code you show is the proper way to implement CORS for the Web API. At least I've not seen it done this way.
There are two ways known to me; both involve adding message handlers.
The first is the way we did it in the Breeze Todo sample; the second is the with the Web API CORS support that is on the way.
The way we did it is simplistic but effective. We don't talk about it because we intend to defer to the the approved Web API way when it arrives (soon I hope).
In the Todo demo, look for App_Start/BreezeSimpleCorsHandler.cs. You can just copy it into your own App_Start folder with no changes except to the namespace.
Then your server has to call it. In the Todo sample we did so in the BreezeWebApiConfig.cs but you could put it in Global.asax or in anything that is part of the server boot logic.
// CORS enabled on this server
GlobalConfiguration.Configuration.MessageHandlers.Add(new BreezeSimpleCorsHandler());
As it happens, someone has tried Breeze with the forthcoming Web API CORS NuGet package ... and discovered a bug in Breeze. We have to work that through ... and we will. We really want that way to be THE way.
Until then, you can follow the Todo sample precedent.

Related

Dynamic Web API Controllers and WithConventionalVerbs()

I'm using Dynamic Web API Controllers but my Get methods are being created as POST.
evidence
I've already set ".WithConventionalVerbs()" but no success
Configuration.Modules.AbpWebApi().DynamicApiControllerBuilder
.ForAll<IApplicationService>(typeof(AssisteVidaApplicationModule).Assembly, "app")
.WithConventionalVerbs()
.Build();
My Put and Delete methods are okay.
What's wrong?
The only thing you could miss; there could be [HttpPost] attribute on PedidoAppService.Get() and PedidoAppService.GetAll() methods. Can you check if there's any HttpPost attribute on these methods? And to understand the problem you can rename the Get method to GetSomething() ... if http verb gets correct we can have more info about the problem.

WebApi Http Error 404 Not Found

I'm having a problem with WebApi 5.2.3 in which if I had a controller like so:
[RoutePrefix("api/values")]
public class ValuesController : ApiController
{
[Route]
public IHttpActionResult Get()
{
return Ok("data");
}
}
Currently if i make a request to api/values I retrieve my response "data" just fine. I would like to handle the case of routes that are not found, for example "api/values/foo". Currently making the api/values/foo request returns the typical IIS Http Error 404.0 Not Found page. I would like to be able to handle this and return a json or xml response based on the negotiated content type. Has anyone ran into this before and how did you solve it?
Thanks in advance.
Also to note, I created a DelegatingHandler and confirmed that my request is not entering the WebApi stack. Any ideas?
You might need to create your custom controller/action selector (IHttpControllerSelector/IHttpActionSelector), take a look into this article which creates a custom one to handle the 404 error.
http://weblogs.asp.net/imranbaloch/handling-http-404-error-in-asp-net-web-api
Hope this helps.

Sails.js 0.10 and passport

I was fiddling with sails.js and passport. Seems they are mend to be used together.
I have made the user models available in de db. And I am able to use the authentication by bcryptjs. This works, but dearly want to like to automatically authenticate every call, and mostly socket.io blueprint calls.
Still, I am searching for an elegant method to enable the sails.js way of integrating passport.
There are many examples, but seem a bit out-dated, not sure.
Important is the sockets. They need to be authenticated.
For e.g. every io.socket CRUD method, would be nice.
Kind regards
I found a link (http://www.bearfruit.org/2014/07/21/tutorial-easy-authentication-for-sails-js-apps/) that's pointing me in the right direction, but still not clear how this is reflected in for instance controllers
What I am trying to manage, is to have the custom api calls authenticated before they are called (configured in routes.js or by means of blueprints).
e.g:
OrderController:
module.exports = {
placeOrder: function (req, res) {
if (true === req.isSocket) {
// Pseudo code:
if (passport.authenticated(['user','admin'])) {
Order.save();
}
// end pseudo code
}
}
}
How should/is the above method secured, and I am I able to use for instance user-roles here?
I know two good solution for you question:
sails-auth
sails-generate-auth
Both implements passport, I recommend the first one, because it creates a layer to handle all authentication difficulties in model and services

Best way to deal with renaming a controller

Working with ASP.NET MVC3, site is in beta and customer decided to rename one of the controllers.
http://domain.com/foo[/*] -> http://domain.com/bar[/*]
What is the most straightforward way to handle redirecting so I don't break any foo bookmarks?
Keep the old controller around so the old URLs still work.
Or add a rewrite rule. Something like:
domain.com/foo(/[_0-9a-z-]+)
to:
domain.com/bar{R:1}
URL Rewrite in IIS
http://technet.microsoft.com/en-us/library/ee215194(WS.10).aspx
http://www.iis.net/download/URLRewrite
If you are using MVC.NET you probably already have URL Rewrite installed.
Another option would be to register a specific route for the old controller name in the Global.asax.cs.
routes.MapRoute(
"RenamedController", // Route name
"[OldControllerName]/{action}/{id}", // URL with parameters
new { controller = "[NewControllerName]", action = "Index", id = "" } // Parameter defaults
);
Add that before the standard default route, and your new controller should respond to both old and new names.
A 302 redirect would be fine, if you can figure out how to do that in IIS. This screenshot suggests it's not that arduous. Alternately, if you're using Castle Windsor you may want to register an interceptor that uses HttpResponse.Redirect()
REST standard suggests the best way to handle this issue is by returning a 301(Moved permanently request). Stack Overflow Post REST Standard
In .Net I recommend using Controller.RedirectToActionPermanent in your controller. See: ASP.NET, .NET Core
Code Example(should work for both ASP and Core):
public class MyController : ControllerBase
{
public IActionResult MyEndpoint(string routeValues1, string routeValues2)
{
return RedirectToActionPermanent("action", "controller", new { value1 = routeValues1, value2 = routeValues2 });
}
}
using MapRoute doesn't make sense in this case. MapRoute is really meant to provide a custom routing solution throughout the system. Its not really meant to deal with individual Redirects. As far as I'm aware it doesn't actually inform the user they are being redirected. See: Creating Custom Routes (C#)

StructureMap controller factory and null controller instance in MVC

I'm still trying to figure things out with StructureMap and one of the issues i'm running into is my Controller Factory class blowing up when a null controller type is passed to it. This only happens when the application builds for the first time, after which every subsequent build works fine. Even when i shutdown Visual Studio and reopen the project (I'm not running this in IIS). It's almost like there is some sort of caching going on. This is what the controller class looks like:
public class IocControllerFactory : DefaultControllerFactory
{
protected override IController GetControllerInstance(Type controllerType)
{
try
{
return (Controller)ObjectFactory.GetInstance(controllerType);
}
catch (StructureMapException)
{
System.Diagnostics.Debug.WriteLine(ObjectFactory.WhatDoIHave());
throw;
}
}
}
What could be wrong? Do i need to have every controller registered? Thank you.
Most browser are looking for a favicon.ico when you load a site, and there is probably some caching involved with this behavior, this might explain the odd "Only fail on the first build" thing you mentionned.
In my case this was causing the problem of the null controller type in the controller factory.
Adding a routes.IgnoreRoute("{*favicon}", new { favicon = #"(.*/)?favicon.ico(/.*)?" }); in global.asax makes the error go away, the request should fall through to the filesystem without MVC looking for a favico.ico controller in your code.
Here is a link to Gunnar Peipman post about this
I found out by overriding GetControllerType(string controllerName) in my custom controller factory class and checking what the controllerName value was for each request.
I ran into the same problem with a controller factory built around ninject.
It seems MVC will pass you null for controllertype when it can't resolve a route from the routing table or when a route specifies a none existing controller. I did two things to solve this. You might want to check your route table and add a catchall route that shows a 404 error page like described here .Net MVC Routing Catchall not working
You could also check with the routing debugger what goes wrong.
http://haacked.com/archive/2008/03/13/url-routing-debugger.aspx
I was having the similar problem. I believe it was HTTP requests for nonexistent images, CSS files, etc.
We know the MVC routing first looks to see if the requested file physically exists. If it doesn't then the URL gets tested against the configured Routes. I think the request for an image that didn't physically exist was passed to the Routing engine, and didn't match any routes, so NULL was used.
So to fix it, use FireBug or something to watch for, and fix, broken HTTP requests. During development, I used a route like this to temporarily bypass these issues (all of my resource folders start with an underscore like _Images, _Styles, etc):
routes.IgnoreRoute("_*"); // TODO: Remove before launch
Hope this helps!
What I think you need to do is exactly the same thing that the default MVC controller factory does on the GetControllerInstance method. If you look at the Microsoft source code for DefaultControllerFactory at http://aspnetwebstack.codeplex.com/ you will see that the DefaultControllerFactory throws a 404 Exception when controllerType is null. Here is how we do it based on this information:
public class StructureMapControllerFactory : DefaultControllerFactory
{
protected override IController GetControllerInstance(RequestContext requestContext, Type controllerType)
{
if (controllerType == null)
return base.GetControllerInstance(requestContext, controllerType);
var controller = ObjectFactory.GetInstance(controllerType);
return (IController)controller;
}
}
Basically this will ensure that, when user enters an invalid route the application handles it as a 404 error.

Resources