This document provides an overview and best practices for configuring an OData feed. It discusses the server-side and client-side aspects of OData, including understanding REST principles, configuring server settings like validation and filtering, debugging client applications, and consuming OData in different platforms. The presentation emphasizes testing OData implementations, restricting queries for security and performance, and provides examples of custom validators.
9. WHAT SHOULD YOU KNOW ABOUT REST?
Resources
REST uses addressable resources to define the
structure of the API. These are the URLs you use to
get to pages on the web
Request Headers
These are additional instructions that are sent with the
request. These might define what type of response is
required or authorization details.
Request Verbs
These describe what you want to do with the resource.
A browser typically issues a GET verb to instruct the
endpoint it wants to get data, however there are many
other verbs available including things like POST, PUT
and DELETE.
Request Body
Data that is sent with the request. For example a
POST (creation of a new item) will required some data
which is typically sent as the request body in the format
of JSON or XML.
Response Body
This is the main body of the response. If the request
was to a web server, this might be a full HTML page, if
it was to an API, this might be a JSON or XML
document.
Response Status codes
These codes are issues with the response and give
the client details on the status of the request.
10. REST & HTTP VERBS
GET
Requests a representation of the specified
Requests using GET should only retrieve
have no other effect.
POST
Requests that the server accept the entity
enclosed in the request as a new
subordinate of the web resource identified
by the URI.
PUT
Requests that the enclosed entity be stored
under the supplied URI.
DELETE
Deletes the specified resource.
11. EXAMPLES OF REST AND ODATA
/Products
RESOURCE EXPECTED OUTCOMEVERB RESPONSE CODE
/Products?$filter=Color eq âRed'
/Products
/Products(81)
/Products(881)
/Products(81)
/Products(81)
GET
GET
POST
GET
GET
PUT
DELETE
A list of all products in the system
A list of all products in the system
where the color is red
Creation of a new product
Product with an ID of 81
Some error message
Update of the product with ID of 81
Deletion of the product with ID of
81
200/OK
200/OK
201/Created
200/OK
404/Not Found
204/No Content
204/No Content
18. QUERYABLE ODATAATTRIBUTES
AllowedFunctions
Consider disabling the any() and all() functions, as these can be
0
5
IgnoreDataMember (not with
Queryable)
Represents an Attribute that can be placed on a property to specify
that the property cannot be navigated in OData query.
0
6
PageSize
Enable server-driven paging, to avoid returning a large data set in
one query. For more information
0
1
AllowedQueryOptions
Do you need $filter and $orderby? Some applications might allow
client paging, using $top and $skip, but disable the other query
options.
0
2
AllowedOrderByProperties
Consider restricting $orderby to properties in a clustered index.
Sorting large data without a clustered index is slow.
0
3
MaxNodeCount
The MaxNodeCount property on [Queryable] sets the maximum
number nodes allowed in the $filter syntax tree. The default value
is 100, but you may want to set a lower value, because a large
number of nodes can be slow to compile. This is particularly true if
you are using LINQ to Objects
0
4
19. ODATAATTRIBUTES (CONT)
NotExpandable
Represents an Attribute that can be placed on a property to specify
be used in the $expand OData query option.
0
5
NotNavigable
Represents an Attribute that can be placed on a property to specify
that the property cannot be navigated in OData query.
0
6
NotSortable
Represents an attribute that can be placed on a property to specify
that the property cannot be used in the $orderby OData query
option.
0
7
NonFilterable
Represents an Attribute that can be placed on a property to specify
that the property cannot be used in the $filter OData query option.
0
1
UnSortable
Represents an Attribute that can be placed on a property to specify
that the property cannot be used in the $orderby OData query
option.
0
2
NotExpandable
Represents an Attribute that can be placed on a property to specify
that the property cannot be used in the $expand OData query
option.
0
3
NotCountable
Represents an Attribute that can be placed on a property to specify
that the $count cannot be applied on the property.
0
4
[NonFilterable]
[Unsortable]
public string Name { get; set; }
20. QUERY SECURITY
Consider disabling the any() and all() functions,
as these can be slow.
0
6
If any string properties contain large stringsâ
for example, a product description or a blog
entryâconsider disabling the string functions.
0
7
Consider disallowing filtering on navigation
properties. Filtering on navigation properties
can result in a join, which might be slow,
depending on your database schema.
0
8
Test your service with various queries and
profile the DB.
0
1
Enable server-driven paging, to avoid returning
a large data set in one query.
0
2
Do you need $filter and $orderby? Some
applications might allow client paging, using
$top and $skip, but disable the other query
options.
0
3
Consider restricting $orderby to properties in a
clustered index. Sorting large data without a
clustered index is slow.
0
4
Consider restricting $filter queries by writing a
validator that is customized for your database.
0
9
Maximum node count: The MaxNodeCount
property on [Queryable] sets the maximum
number nodes allowed in the $filter syntax tree.
The default value is 100, but you may want to
set a lower value, because a large number of
nodes can be slow to compile.
0
5
21. VALIDATION PATHS
Filter Query
Represents a validator used to validate a
FilterQueryOption based on the
ODataValidationSettings.
Order By Query
Represents a validator used to validate an
OrderByQueryOption based on the
ODataValidationSettings.
OData Query
Represents a validator used to validate OData queries
based on the ODataValidationSettings.
Select Expand Query
Represents a validator used to validate a
SelectExpandQueryOption based on the
ODataValidationSettings.
Skip Query
Represents a validator used to validate a
SkipQueryOption based on the
ODataValidationSettings.
Top Query
Represents a validator used to validate a
TopQueryOption based on the
ODataValidationSettings.
22. QUERY SECURITY
// Validator to prevent filtering on navigation properties.
public class MyFilterQueryValidator : FilterQueryValidator
{
public override void ValidateNavigationPropertyNode(
Microsoft.Data.OData.Query.SemanticAst.QueryNode sourceNode,
Microsoft.Data.Edm.IEdmNavigationProperty navigationProperty,
ODataValidationSettings settings)
{
throw new ODataException("No navigation properties");
}
}
// Validator to restrict which properties can be used in $filter expressions.
public class MyFilterQueryValidator : FilterQueryValidator
{
static readonly string[] allowedProperties = { "ReleaseYear", "Title" };
public override void ValidateSingleValuePropertyAccessNode(
SingleValuePropertyAccessNode propertyAccessNode,
ODataValidationSettings settings)
{
string propertyName = null;
if (propertyAccessNode != null)
{
propertyName = propertyAccessNode.Property.Name;
}
if (propertyName != null && !allowedProperties.Contains(propertyName))
{
throw new ODataException(
String.Format("Filter on {0} not allowed", propertyName));
}
base.ValidateSingleValuePropertyAccessNode(propertyAccessNode,
settings);
}
}
27. XODATA
Web-based OData Visualizer
FIDDLER
Free web debugging tool which
logs all HTTP(S) traffic between
your computer and the
Internet.
LINQPAD (v3)
Interactively query SQL
databases (among other data
sources such as OData or WCF
Data Services) using LINQ, as
well as interactively writing C#
code without the need for an
IDE.
ODATA
VALIDATOR
Enable OData service authors
to validate their
implementation against the
OData specification to ensure
the service interoperates well
with any OData client.
TESTING/DEBUGGING ODATA
www.websitename.com
31. ODATA WORKSHOP
01
02
03
04
TESTING/DEBUGGING ODATA
DEVELPING CLIENT SIDE SOLUTIONS
⢠Web Apps using Javascript to consume Odata
⢠iOS Swift development for native iPhone and iPad
apps
⢠Windows 8.1 and Windows Phone apps C# and WinJS
⢠Android development using Java
⢠Using Xamarin for consuming OData
LEARNING THE PROTOCOL
⢠The Metadata and Service Model of OData
⢠URI Conventions of OData
⢠Format Conventions of OData
⢠OData HTTP Conventions and Operations
DEVELPING SERVER SIDE SOLUTIONS
⢠ASP.NET Web API
⢠Advanced Performance Tips and Best Practices
Go to http://ChrisWoodruff.com for more details and
pricing
32. THANK YOU
Find me around the conference and would enjoy chatting
Email: cwoodruff@live.com
Twitter: @cwoodruff
Hinweis der Redaktion
200 OK -- Standard response for successful HTTP requests. The actual response will depend on the request method used. In a GET request, the response will contain an entity corresponding to the requested resource. In a POST request the response will contain an entity describing or containing the result of the action.
201 Created -- The request has been fulfilled and resulted in a new resource being created.
204 No Content -- The server successfully processed the request, but is not returning any content. Usually used as a response to a successful delete request.
404 Not Found -- The requested resource could not be found but may be available again in the future. Subsequent requests by the client are permissible.