I was looking closer into WebAPI, specificially how to use OData to avoid writing GetCustomerByCustomerId(int id) methods all over the place.
I had problems just returning IQueryable<T> as some sites suggested in the WebpAPI (Assembly System.Web.Http.dll, v18.104.22.168). I think things changed in the release version and the blog posts are still out of date. There is no [Queraable] as the answer to this question suggests. Once I get WebAPI.Odata Nuget package, and added the [Queryable] to the method http://localhost:57146/api/values/?$filter=Id%20eq%201 worked (don’t forget the ‘$’).
Now the main question is whether I should do this and how to stop logged in users from sniffing the url and getting data for other users. I John V. Peterson has a post on securing WebAPI with headers and intercepting the call at that point. He had an update to use HttpMessageHandlers instead. I think I’ll use this to force the call to contain some kind of unique code for the user, but I’m still thinking about this. I will not expose this to the public, just to my calls with-in my Forms Authentication areas.
~lots of good information
John V Peterson example: https://github.com/johnvpetersen/ASPWebAPIExample
~ all data access goes through the WebApi and the web client doesn’t have a connection string
~ There is code library for calling the WebApi from MVC using the HttpClient. It’s a great starting point
~ Beta (9/18/2012) Nuget package to help with what I want to do?
~ has a sample code project with examples
JSON, pass the correct format in the header (Accept: application/json). $format=JSON doesn’t appear to be working.
Async methods built into WebApi! Look for the GetAsync methods.