.NET Core Web API: multiple [FromBody]? - asp.net

I am converting code that was written in ASP.NET MVC to ASP.NET Core MVC. While I was converting the code, I encountered a problem. We used a method that has multiple parameters like this:
[HttpPost]
public class Search(List<int> ids, SearchEntity searchEntity)
{
//ASP.NET MVC
}
But when coding this in .NET Core, the ids parameter is null.
[HttpPost]
public class Search([FromBody]List<int> ids,[FromBody]SearchEntity searchEntity)
{
//ASP.NET Core MVC
}
When I place the ids parameter in the SearchEntity class, there is no problem. But I have lots of methods that are written like this. What can I do about this problem?

Can only have one FromBody as the body can only be read once
Reference Model Binding in ASP.NET Core
There can be at most one parameter per action decorated with [FromBody]. The ASP.NET Core MVC run-time delegates the responsibility of reading the request stream to the formatter. Once the request stream is read for a parameter, it's generally not possible to read the request stream again for binding other [FromBody] parameters.
MVC Core is stricter on how to bind model to actions. You also have to explicitly indicate where you want to bind the data from when you want to customize binding behavior.

I have used a solution where multiple parameters are sent as [FromBody] using a tuple:
[HttpPost]
public class Search([FromBody](List<int> ids, SearchEntity searchEntity) parameters)
{
//ASP.NET Core MVC
}

Related

.Net Framework C# Web API HttpGet complex object

Good evening,
I have one scenario that i have a httpGet method with complex object and needs to call this from another .net project by passing Json object., Below is the sample.
APIController
[HttpGet]
[Route("GetName")]
public async Task<string> GetName([FromUri]MyClass myClass)
{
return myClass?.MyName?.ToString() + "this is my method result";
}
Postman
http://localhost/api/NameSearch/GetName?MyClass={'MyName':'TestName'}
I know this is very easy to achieve if i change the action from httpGet to httpPost., But this has been told that i am not doing any update within my api, so i should not use the Post. Also i should not be sending this as individual parameter like ?MyName=''&MySecondParam='',etc., The request has to be passed as single Json object to the API.
Please kindly suggest if there is any option. I tried the above ?MyClass={'MyName':'TestName'} which is not working.
Thanks in advance.

Custom Authorize attribute without Identity and OWIN

I would like to construct a custom authorization attribute that does not invoke Identity or OWIN. Essentially, the only thing that it should have access to is a request context and the ability to either tell the MVC framework to process to continue to process the request or deny it.
Question Is there a simple way of achieving this in ASP.NET Core 2?
Some ideas
My understanding of ASP.NET Core is that it provides a way to customize the request pipeline using different middleware. I have seen that there are specific ones that are used for authentication, but they all seem to be very specific to Identity.
Is it better to to use a different type of filter?
A little bit late answer, but still.. the "old" way of overriding attributes comes back with the .Net Core 2.0, where in addition to the base class, you have to implement the IAuthorizationFilter interface:
[AttributeUsage(AttributeTargets.Method, AllowMultiple = true)]
public class CustomAuthorizeAttribute : AuthorizeAttribute, IAuthorizationFilter
{
private readonly string _someFilterParameter;
public CustomAuthorizeAttribute(string someFilterParameter)
{
_someFilterParameter = someFilterParameter;
}
public void OnAuthorization(AuthorizationFilterContext context)
{
// you can play with the context here
}
}
More discussion here

How OData works in AspNet MVC without change any code

To enable OData after installing the Microsoft ASP.NET Web API 2.2 package, the only thing to do is add the attribute EnableQuery and return IQueryable.
If the attribute EnableQuery is only metadata, what change in the framework?
I mean, when an request arrive the framework matches the url with the Route Table and then create the controller to manage the request. What does change with OData?
EnableQueryAttribute derives from ActionFilterAttribute, which means it can affect the result of an action via its OnActionExecuted method (called internally by Web API). Take a look at the source code to see what EnableQuery is really doing.

ASP.NET MVC Bad Practices: Controller Action Not Restricted to POST in Asp.Net MVc

I scanned my source code with Fortify SCA
I encountered ASP.NET MVC Bad Practices: Controller Action Not Restricted to POST (API Abuse, Structural) bug when I checked Fortify report
Fortify found high level bug that say
Recommendations:
The following controller action accepts only the POST verb because it has the
[HttpPost] attribute:
[HttpPost]
public ActionResult UpdateWidget(Model model)
{
// ... controller logic
}
But I looked that line of code.It contains
[HtttpPost]
attribute.
Is it false positive or not?
Fortify SCA itself giving two contrast statements.
ASP.NET MVC Bad Practices: Controller Action Not Restricted to POST (API Abuse, Structural)
Recommendations:
The following controller action accepts only the POST verb because it has the
[HttpPost] attribute:
If you are updating model or DB using Model in UpdateWidget method add HttpPost action attribute which is more secure. If you are sure that you've added HttpPost action attribute ignore Fortify bug

Does asp.net webmethod always return jsonified data?

I have general question that if an asp.net webmethod always returns data in 'json' form.If not what is the default return datatype of a webmethod?
I am wondering if there is a way I can get the data from a webmethod in 'HTML' rather than 'json'?
Thanks
PageMethods are a part of the ASP.NET AJAX Framework (ScriptManager).
By default, ASP.NET AJAX uses JSON as opposed to SOAP.
This is by design, mainly because the ASP.NET AJAX Javascript library it optimized to work with JSON objects.
You can override this default by specifying the [ResponseFormat] attribute on the web method.
Like this:
[WebMethod]
[ScriptMethod(ResponseFormat = ResponseFormat.Xml)]
public XmlElement GetFoo(string url)
{
Here is a decent article on PageMethods and ASP.NET AJAX-enabled web services.
The return type for a default webservice should SOAP (an XML Format), for WCF there is a REST pack which can change it return type to JSON
[http://msdn.microsoft.com/en-us/netframework/cc950529.aspx][1]
Hope this helps.

Resources