c# - How do I properly set up a REST API page with ASP.NET WebPages? -
i'm pretty new server-side programming, decided i'd test of out small website , database. far, working asp.net , cshtml has been absolute breeze, i'm getting actual web api part (making pages can get/post
$.ajax
real-time results) , i'm having little bit of trouble finding adequate resources on internet. lot of information find extremely vague, not right version of asp.net, or not specific question.
here's run-down of website:
i plan use website medium game development. game developed on ugc gaming platform, , i'd able connect website in-game use various features such player ranking, messaging boards, developer blog, , developer inbox. have design of website planned out, i'm starting work on actual server-side code. there's database contains profiles , profile information of people play game.
if wanted to, example, retrieve list of users play game (for leaderboard), i'd send post
request /api/pgiprofiledata.cshtml
specific headers , it'd give me json list of people play game (depending on specific parameters). problem is, don't entirely know how configure files accept formatted requests.
here's code have far /api/pgiprofiledata.cshtml
. i've commented of explain logic there won't confusion.
@using webmatrix.data; @{ if (request.requesttype != "post") { //require post request type. not sure if there's another/more efficient way this. response.statuscode = 400; //web.config executes ~/error.cshtml page automatically return; //prevent further code running }; //so request type post, have check if both headers aren't null if (request.headers["robloxuserid"].isempty() && request.headers["pgirole"].isempty()) { response.statuscode = 400; //both headers null, display error return; } var db = database.open("pgiconnectionstring"); //connecting w/ connectionstring works fine ienumerable<dynamic> result; //datatype after querying database table if (!request.headers["robloxuserid"].isempty()) { //if parameter isn't empty result = db.query("select * userdata robloxuserid=@0", request.headers["robloxuserid"]); //query specific parameter } else { //otherwise, use other 1 result = db.query("select * userdata pgirole=@0", request.headers["pgirole"]); }; var data = result.select(x => new { //convert result json array pgiprofileid = x.pgiprofileid, robloxuserid = x.robloxuserid, pgirole = x.pgirole, }).toarray(); response.contenttype = "application/json; charset=utf-8"; //set content type json.write(data, response.output); //return }
the main concern have code security. i'm not entirely sure can capable malicious intent. can't if method i'm using secure http requests valid or not. far i've tested it, it's been fine, i'd have opinion on. thanks!
Comments
Post a Comment