C#,Web API : HTTP GET with a request body

Introduction :

“This is impossible !!!!” . GET verb can take request parameters only from the query strings (name/value pairs) and it has a limitation in length.

GET

If the URL is too long, the web server fails with the 414 Request-URI Too Long HTTP status code.

The only  alternative to pass a complex object or to pass request body is using ‘POST‘.

The following table compares the two HTTP methods: GET and POST.

Comparison

GET POST
BACK button/Reload Harmless Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted)
Bookmarked Can be bookmarked Cannot be bookmarked
Cached Can be cached Not cached
Encoding type application/x-www-form-urlencoded application/x-www-form-urlencoded or multipart/form-data. Use multipart encoding for binary data
History Parameters remain in browser history Parameters are not saved in browser history
Restrictions on data length Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters) No restrictions
Restrictions on data type Only ASCII characters allowed No restrictions. Binary data is also allowed
Security GET is less secure compared to POST because data sent is part of the URLNever use GET when sending passwords or other sensitive information! POST is a little safer than GET because the parameters are not stored in browser history or in web server logs
Visibility Data is visible to everyone in the URL Data is not displayed in the URL

But my lead says you have to accept a complex object as part of request through HTTP GET.I know this is against the developer ethics.But can’t do anything.

After deep thinking,i thought let me try passing this through HEADER .So what is a Header ?

The information, in the form of a text record, that a user’s browser sends to a Web server containing the details of what the browser wants and will accept back from the server. The request header also contains the type, version and capabilities of the browser that is making the request so that server returns compatible data.

Upon receipt of the request header, the server will return an HTTP response header to the client that is attached to the file(s) being sent.

Solution:

As my project is ASP.Net MVC Web API,here’s the solution


 public  HttpResponseMessage GetProducts()
        {
            IEnumerable<string> customJsonInputString;
            if (!Request.Headers.TryGetValues("custom", out customJsonInputString))
               return new HttpResponseMessage(HttpStatusCode.BadRequest);
           var customJsonInputArray = customJsonInputString.ToArray();
           var ProductsRequest = Newtonsoft.Json.JsonConvert.DeserializeObject<ProductsRequest>(customJsonInputArray[0]);
           var productLogic= new ProductLogic();
           var productsResponse = productLogic.FetchProducts(ProductsRequest );
           return Request.CreateResponse(HttpStatusCode.OK, productsResponse );
        }

Sample Header
custom is the complex object we are trying to pass as part of HTTP GET request

User-Agent: Fiddler
content-type: application/json
accept: application/json
Host: localhost:39999
Content-Length: 1097
X-Api-Version: 2
custom: [ { "id": 2, "name": "An ice sculpture", "price": 12.50, "tags": ["cold", "ice"], "dimensions": { "length": 7.0, "width": 12.0, "height": 9.5 }, "warehouseLocation": { "latitude": -78.75, "longitude": 20.4 } }, { "id": 3, "name": "A blue mouse", "price": 25.50, "dimensions": { "length": 3.1, "width": 1.0, "height": 1.0 }, "warehouseLocation": { "latitude": 54.4, "longitude": -32.7 } }]

ProductsRequest class is not shown here . Just search for JSON string to C# object .You should see tons of examples to achieve this.Give a try !!!.

Now its time to correct my title,We aren’t actually passing any request body here , its a small hack.

Note : This is not the right way to do this. Try to avoid using this .

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s