public class ValuesController : ApiController
{
[System.Web.Mvc.OutputCache(Duration = 3600)]
public int Get(int id)
{
return new Random().Next();
}
}
Since caching is set for 1 hour, I would expect the web server keeps returning the same number for every request with the same input without executing the method again. But it is not so, the caching attribute has no effect. What do I do wrong?
I use MVC5 and I conducted the tests from VS2015 and IIS Express.
Use a fiddler to take a look at the HTTP response - probably Response Header has: Cache-Control: no cache.
If you using Web API 2 then:
It`s probably a good idea to use Strathweb.CacheOutput.WebApi2 instead. Then you code would be:
public class ValuesController : ApiController
{
[CacheOutput(ClientTimeSpan = 3600, ServerTimeSpan = 3600)]
public int Get(int id)
{
return new Random().Next();
}
}
else you can try to use custom attribute
public class CacheWebApiAttribute : ActionFilterAttribute
{
public int Duration { get; set; }
public override void OnActionExecuted(HttpActionExecutedContext filterContext)
{
filterContext.Response.Headers.CacheControl = new CacheControlHeaderValue()
{
MaxAge = TimeSpan.FromMinutes(Duration),
MustRevalidate = true,
Private = true
};
}
}
and then
public class ValuesController : ApiController
{
[CacheWebApi(Duration = 3600)]
public int Get(int id)
{
return new Random().Next();
}
}
You need to use the VaryByParam part of the Attribute - otherwise only the URL part without the query string will be considered as a cache key.
Related
I need to automatically add api/ prefix to every end point in my asp .net core web API. How to do that?
You can custom MvcOptionsExtensions to set route prefix globally instead of change the route attribute manually.
1.custom MvcOptionsExtensions:
public static class MvcOptionsExtensions
{
public static void UseRoutePrefix(this MvcOptions opts, IRouteTemplateProvider routeAttribute)
{
opts.Conventions.Add(new RoutePrefixConvention(routeAttribute));
}
public static void UseRoutePrefix(this MvcOptions opts, string
prefix)
{
opts.UseRoutePrefix(new RouteAttribute(prefix));
}
}
public class RoutePrefixConvention : IApplicationModelConvention
{
private readonly AttributeRouteModel _routePrefix;
public RoutePrefixConvention(IRouteTemplateProvider route)
{
_routePrefix = new AttributeRouteModel(route);
}
public void Apply(ApplicationModel application)
{
foreach (var selector in application.Controllers.SelectMany(c => c.Selectors))
{
if (selector.AttributeRouteModel != null)
{
selector.AttributeRouteModel = AttributeRouteModel.CombineAttributeRouteModel(_routePrefix, selector.AttributeRouteModel);
}
else
{
selector.AttributeRouteModel = _routePrefix;
}
}
}
}
2:Register in Startup.cs(version before .Net6) or in Program.cs(version beyond .Net 6):
services.AddControllers(o =>{
o.UseRoutePrefix("api");
});
Or:
builder.Services.AddControllers(o =>{
o.UseRoutePrefix("api");
});
Make your controller constructor with Route Prefix "api/"
For example lets say your controller class name is CustomerController
[Route("api/[controller]")]
public class CustomerController : ControllerBase
{
}
// This will become api/customer
[HttpGet]
public async Task<ActionResult> GetCustomers()
{
// Code to get Customers
}
// This will become api/customer/{id}
[HttpGet]
[Route("{id}")]
public async Task<ActionResult> GetCustomerById(int id)
{
// Code to get Customer by Id
}
we can simply add that in top of the controller like this
[Route("api/[controller]")]
public class TestController : ControllerBase
{
[HttpGet("version")]
public IActionResult Get()
{
return new OkObjectResult("Version One");
}
[HttpGet("Types")]
public IActionResult GetTypes()
{
return new OkObjectResult("Type One");
}
}
so that you can access like below
....api/Test/version
....api/Test/Types
Seems you can use a constant.
public static class Consts
{
public const string DefaultRoute = "api/[controller]";
}
and re-use it everywhere. If you need to change the default route everywhere - just change the constant.
[Route(Consts.DefaultRoute)]
public class TestController : ControllerBase
{
...
}
I have the following base controller class:
public class ApiControllerBase : ControllerBase
{
[ApiExplorerSettings(IgnoreApi = true)]
protected void IsAccess(int carrierId)
{
if (condition)
{
ControllerContext.HttpContext.Response.StatusCode = 401;
}
}
and then I call it from my controller, inherited from ApiControllerBase:
public IActionResult GetTabletListByGroup(...)
{
IsAccess(55555);
I want to return Forbid() if condition is true. But set StatusCode is not enough for it. How to do it correctly?
First, the status code indicated by Forbid() is 403 instead of 401.
Secondly, the Forbid() method needs to rely on the authentication stack to respond. If you don't have any authentication handlers in your pipeline, you can't use Forbid(). Instead, you should use return StatusCode(403).
You can refer to this.
I have made a simple demo, you can refer to it:
Update
ApiController:
[Route("api/[controller]")]
[ApiController]
public class ApiControllerBase : ControllerBase
{
[ApiExplorerSettings(IgnoreApi = true)]
protected IActionResult IsAccess(int carrierId)
{
if (carrierId >= 1)
{
ControllerContext.HttpContext.Response.StatusCode = 403;
return StatusCode(403);
}
else
{
return Ok();
}
}
}
TestBaseController :
public class TestBaseController : ApiControllerBase
{
public IActionResult GetTabletListByGroup()
{
return IsAccess(55555);
}
}
Here is the test result:
I have a controller that has multiple routes.
I am trying to call an endpoint stated as
GET: api/lookupent/2020-03-17T13:28:37.627691
but this results in this error
Microsoft.AspNetCore.Routing.Matching.AmbiguousMatchException: The request matched multiple endpoints. Matches:
Controllers.RecordController.Get (API)
Controllers.RecordController.GetRecordRegisteredAt (API)
but I am not sure I understand why this makes sense since this code
// GET: api/{RecordName}/{id}
[HttpGet("{RecordName}/{id}", Name = "GetRecord")]
public ActionResult Get(string RecordName, long id)
// GET: api/{RecordName}/{timestamp}
[HttpGet("{RecordName}/{timestamp}", Name = "GetRecordRegisteredAt")]
public ActionResult GetRecordRegisteredAt(string RecordName, string timestamp)
why does the input match with these endpoints?
You can fix this using route constraints.
Take a look at https://learn.microsoft.com/en-us/aspnet/web-api/overview/web-api-routing-and-actions/attribute-routing-in-web-api-2
Here's their example:
[Route("users/{id:int}")]
public User GetUserById(int id) { ... }
[Route("users/{name}")]
public User GetUserByName(string name) { ... }
The problem you have is that your controller has the same routing for 2 different methods receiving different parameters.
Let me illustrate it with a similar example, you can have the 2 methods like this:
Get(string entityName, long id)
Get(string entityname, string timestamp)
So far this is valid, at least C# is not giving you an error because it is an overload of parameters. But with the controller, you have a problem, when aspnet receives the extra parameter it doesn't know where to redirect your request.
You can change the routing which is one solution.
This solution gives you the ability to map your input to a complex type as well, otherwise use Route constraint for simple types
Normally I prefer to keep the same names and wrap the parameters on a DtoClass, IntDto and StringDto for example
public class IntDto
{
public int i { get; set; }
}
public class StringDto
{
public string i { get; set; }
}
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
{
[HttpGet]
public IActionResult Get(IntDto a)
{
return new JsonResult(a);
}
[HttpGet]
public IActionResult Get(StringDto i)
{
return new JsonResult(i);
}
}
but still, you have the error. In order to bind your input to the specific type on your methods, I create a ModelBinder, for this scenario, it is below(see that I am trying to parse the parameter from the query string but I am using a discriminator header which is used normally for content negotiation between the client and the server(Content negotiation):
public class MyModelBinder : IModelBinder
{
public Task BindModelAsync(ModelBindingContext bindingContext)
{
if (bindingContext == null)
throw new ArgumentNullException(nameof(bindingContext));
dynamic model = null;
string contentType = bindingContext.HttpContext.Request.Headers.FirstOrDefault(x => x.Key == HeaderNames.Accept).Value;
var val = bindingContext.HttpContext.Request.QueryString.Value.Trim('?').Split('=')[1];
if (contentType == "application/myContentType.json")
{
model = new StringDto{i = val};
}
else model = new IntDto{ i = int.Parse(val)};
bindingContext.Result = ModelBindingResult.Success(model);
return Task.CompletedTask;
}
}
Then you need to create a ModelBinderProvider (see that if I am receiving trying to bind one of these types, then I use MyModelBinder)
public IModelBinder GetBinder(ModelBinderProviderContext context)
{
if (context.Metadata.ModelType == typeof(IntDto) || context.Metadata.ModelType == typeof(StringDto))
return new MyModelBinder();
return null;
}
and register it into the container
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers(options =>
{
options.ModelBinderProviders.Insert(0, new MyModelBinderProvider());
});
}
So far you didn't resolve the issue you have but we are close. In order to hit the controller actions now, you need to pass a header type on the request: application/json or application/myContentType.json. But in order to support conditional logic to determine whether or not an associated action method is valid or not to be selected for a given request, you can create your own ActionConstraint. Basically the idea here is to decorate your ActionMethod with this attribute to restrict the user to hit that action if he doesn't pass the correct media type. See below the code and how to use it
[AttributeUsage(AttributeTargets.All, Inherited = true, AllowMultiple = true)]
public class RequestHeaderMatchesMediaTypeAttribute : Attribute, IActionConstraint
{
private readonly string[] _mediaTypes;
private readonly string _requestHeaderToMatch;
public RequestHeaderMatchesMediaTypeAttribute(string requestHeaderToMatch,
string[] mediaTypes)
{
_requestHeaderToMatch = requestHeaderToMatch;
_mediaTypes = mediaTypes;
}
public RequestHeaderMatchesMediaTypeAttribute(string requestHeaderToMatch,
string[] mediaTypes, int order)
{
_requestHeaderToMatch = requestHeaderToMatch;
_mediaTypes = mediaTypes;
Order = order;
}
public int Order { get; set; }
public bool Accept(ActionConstraintContext context)
{
var requestHeaders = context.RouteContext.HttpContext.Request.Headers;
if (!requestHeaders.ContainsKey(_requestHeaderToMatch))
{
return false;
}
// if one of the media types matches, return true
foreach (var mediaType in _mediaTypes)
{
var mediaTypeMatches = string.Equals(requestHeaders[_requestHeaderToMatch].ToString(),
mediaType, StringComparison.OrdinalIgnoreCase);
if (mediaTypeMatches)
{
return true;
}
}
return false;
}
}
Here is your final change:
[ApiController]
[Route("[controller]")]
public class WeatherForecastController : ControllerBase
{
[HttpGet]
[RequestHeaderMatchesMediaTypeAttribute("Accept", new[] { "application/json" })]
public IActionResult Get(IntDto a)
{
return new JsonResult(a);
}
[RequestHeaderMatchesMediaTypeAttribute("Accept", new[] { "application/myContentType.json" })]
[HttpGet]
public IActionResult Get(StringDto i)
{
return new JsonResult(i);
}
}
Now the error is gone if you run your app. But how you pass the parameters?:
This one is going to hit this method:
public IActionResult Get(StringDto i)
{
return new JsonResult(i);
}
And this one the other one:
public IActionResult Get(IntDto a)
{
return new JsonResult(a);
}
Run it and let me know
I had the same issue for these two methods:
[HttpPost]
public async Task<IActionResult> PostFoos(IEnumerable<FooModelPostDTO> requests)
[HttpPost]
public async Task<IActionResult> GetFoos(GetRequestDTO request)
The first one is for getting entities (using Post) and the second one is for posting new entities in DB (again using Post).
One possible solution is to distinguish between them by their's method names (../[action]) with the Route attribute:
[Route("api/[controller]/[action]")]
[ApiController]
public class FoosController : ControllerBase
I am implementing a resource filter to store invalid requests in database and override returned BadRequest response.
I stored invalid requests successfully but I am struggling with overriding response, I tried the following:
public class MyFilter : Attribute, IResourceFilter
{
public void OnResourceExecuting(ResourceExecutingContext context)
{
;
}
public void OnResourceExecuted(ResourceExecutedContext context)
{
if (!context.ModelState.IsValid)
{
//store request in data base
context.Result= new BadRequestObjectResult(new MyErrorModel(){ID = "1",FriendlyMessage = "Your request was invalid"});
}
}
}
public class MyErrorModel
{
public string FriendlyMessage { get; set; }
public string ID { get; set; }
}
But the returned response is not being overridden.
Is there a way to override the response inside Resource filters?
P.S: I am using [ApiController] attribute.
As we all kown , the IResourceFilter runs immediately after the authorization filter and is suitable for short-circular .
However , you will make no influence on the result by setting Result=new BadRequestObjectResult() when the result execution has finished .
See the workflow as below :
According to the workflow above , we should run the MyFilter after the stage of model binding and before the stage of result filter . In other words , we should put the logic into a action filter . Since there's already a ActionFilterAttribute out of box , just create a MyFilterAttribute which inherits from the ActionFilterAttribute :
public class MyFilterAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext context)
{
if (!context.ModelState.IsValid)
{
//store request in data base
context.Result = new BadRequestObjectResult(new MyErrorModel() { ID = "1", FriendlyMessage = "Your request was invalid" });
}
}
}
Here's a screenshot the filter works :
[Edit]:
The code of controller decorated with [ApiController]:
namespace App.Controllers
{
[ApiController]
[Route("Hello")]
public class HelloController : Controller
{
[MyFilter]
[HttpGet("index")]
public IActionResult Index(int x)
{
var y =ModelState.IsValid;
return View();
}
}
}
An MVC controller getting the action name and controller name:
public class AuthorizeController : Controller
{
protected override void OnActionExecuting(ActionExecutingContext filterContext)
{
string actionName = filterContext.ActionDescriptor.ActionName;
string controllerNamespace = filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.FullName;
//..more code
base.OnActionExecuting(filterContext);
}
}
Pretty straight forward.
But when I have an ApiController (System.Web.Http.ApiController), things are more complicated:
Eventually with the help of some rsharper tips I was able to reduce it to a 'few' lines.
private string GetActionName(HttpControllerContext context)
{
var httpRouteDataCollection = context.RouteData.Values.Values;
var httpRouteDataCollection2 = httpRouteDataCollection.FirstOrDefault();
if (!(httpRouteDataCollection2 is IHttpRouteData[] httpRouteData))
{
return null;
}
IHttpRouteData routeData = httpRouteData.FirstOrDefault();
var httpActionDescriptorCollection = routeData?.Route.DataTokens["actions"];
if (!(httpActionDescriptorCollection is HttpActionDescriptor[] httpActionDescriptor))
{
return null;
}
HttpActionDescriptor reflectedHttpActionDescriptor = httpActionDescriptor.FirstOrDefault();
return reflectedHttpActionDescriptor?.ActionName;
}
Can't it be done easier?
Reason for asking this is because currently I am implementing a generic way of determining who can open what action. Some actions are within an WebApi and every time I would need to perform above 'querying'. So this whole conversion things eat up some performance time.
The WHY?
Without going in to much detail, let just assume you have 40 MVC controllers and 20 API controllers with each about 5-10 actions. All of them are stored in the database (loop through them on startup) and can be linked to an Identity role. An admin is able to choose the actions a certain role can perform. After receiving the first answers I might not be clear enough why I would like to create an controller override where I want to do the programming only once.
One of the potential solutions might be an ActionFilterAttribute:
public class ValidateAccessAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(HttpActionContext actionContext)
{
var actionName = actionContext.ActionDescriptor.ActionName;
......
base.OnActionExecuting(actionContext);
}
}
And then on your controllers:
[ValidateAccess]
public async Task<IHttpActionResult> Stuff()
You can even pass arguments to those attributes and have them "smart", like for each action will belong to a certain group and validation of access will be based on a group rather action name. Which can be hard to maintain.
Eg
public class ValidateAccessAttribute2 : ActionFilterAttribute
{
private readonly FunctionalArea _area;
public ValidateAccessAttribute2(FunctionalArea area)
{
_area = area;
}
public override void OnActionExecuting(HttpActionContext actionContext)
{
base.OnActionExecuting(actionContext);
if (!actionContext.Request.Headers.Contains(AuthorizationHeaders.UserNameHeader))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
return;
}
var userName = actionContext.Request.Headers.GetValues("UserNameHeader").First();
if (!UserCanAccessArea(userName, _area))
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Forbidden);
return;
}
}
}
[ValidateAccess2(FunctionalArea.AccessToGenericStuff)]
public async Task<IHttpActionResult> Stuff()
Why don't You use ActionContext and ControllerContext?
public class ValuesController : ApiController
{
[HttpGet]
[AllowAnonymous]
public IHttpActionResult Get()
{
var actionName = this.ActionContext.ActionDescriptor.ActionName;
var controlerName = this.ControllerContext.ControllerDescriptor.ControllerName;
return this.Ok();
}
}