Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Learning How to Shape and Configure an OData Feed for High Performing Web Sites and Applications

1,154 views

Published on

You have all sat through the simple WCF Data Service or ASP.NET Web API introductory sessions multiple times and they are valuable but it is time to learn how to really leverage that WCF knowledge and learn how to build and produce valuable OData feeds which will allow your applications usability to sizzle. At the same time you will learn how OData is built for high performance and security. Chris Woodruff will teach and give deep knowledge into the configuration and extensibility of the Web API/OData feed. It will also teach developers to secure their feeds through multiple user authentications such as OAuth, Windows and Forms Authentication.

Published in: Technology

Learning How to Shape and Configure an OData Feed for High Performing Web Sites and Applications

  1. 1. Learning How to Shape and Configure an OData Feed for High Performing Web Sites and Applications PRAIRIE DEVCON CHRIS WOODRUFF
  2. 2. Hi, I’m Woody! • Chris Woodruff • cwoodruff@live.com • http://chriswoodruff.com • http://deepfriedbytes.com • twitter @cwoodruff
  3. 3. VALIDATION CLIENT SIDEBEST PRACTICES AGENDA
  4. 4. What are the 2 Sides of OData? SERVER-SIDE (PRODUCER) CLIENT-SIDE (CONSUMER)
  5. 5. Server Side for OData
  6. 6. UNDERSTAND REST The Top Reasons You Need to Learn about Data in Your Windows Phone App
  7. 7. WHAT IS REST? RESOURCES VERBS URL
  8. 8. WHAT SHOULD YOU KNOW ABOUT REST? Resources REST uses addressable resources to define the structure of the API. These are the URLs you use to get to pages on the web Request Headers These are additional instructions that are sent with the request. These might define what type of response is required or authorization details. Request Verbs These describe what you want to do with the resource. A browser typically issues a GET verb to instruct the endpoint it wants to get data, however there are many other verbs available including things like POST, PUT and DELETE. Request Body Data that is sent with the request. For example a POST (creation of a new item) will required some data which is typically sent as the request body in the format of JSON or XML. Response Body This is the main body of the response. If the request was to a web server, this might be a full HTML page, if it was to an API, this might be a JSON or XML document. Response Status codes These codes are issues with the response and give the client details on the status of the request.
  9. 9. REST & HTTP VERBS GET Requests a representation of the specified Requests using GET should only retrieve have no other effect. POST Requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. PUT Requests that the enclosed entity be stored under the supplied URI. DELETE Deletes the specified resource.
  10. 10. EXAMPLES OF REST AND ODATA /Products RESOURCE EXPECTED OUTCOMEVERB RESPONSE CODE /Products?$filter=Color eq ‘Red' /Products /Products(81) /Products(881) /Products(81) /Products(81) GET GET POST GET GET PUT DELETE A list of all products in the system A list of all products in the system where the color is red Creation of a new product Product with an ID of 81 Some error message Update of the product with ID of 81 Deletion of the product with ID of 81 200/OK 200/OK 201/Created 200/OK 404/Not Found 204/No Content 204/No Content
  11. 11. BEST PRACTICES
  12. 12. Get to know the OData Protocol!!!
  13. 13. Query Projection
  14. 14. Server Side Paging
  15. 15. Configuration Settings
  16. 16. VALIDATION AND FILTERING
  17. 17. QUERYABLE ODATAATTRIBUTES AllowedFunctions Consider disabling the any() and all() functions, as these can be 0 5 IgnoreDataMember (not with Queryable) Represents an Attribute that can be placed on a property to specify that the property cannot be navigated in OData query. 0 6 PageSize Enable server-driven paging, to avoid returning a large data set in one query. For more information 0 1 AllowedQueryOptions Do you need $filter and $orderby? Some applications might allow client paging, using $top and $skip, but disable the other query options. 0 2 AllowedOrderByProperties Consider restricting $orderby to properties in a clustered index. Sorting large data without a clustered index is slow. 0 3 MaxNodeCount The MaxNodeCount property on [Queryable] sets the maximum number nodes allowed in the $filter syntax tree. The default value is 100, but you may want to set a lower value, because a large number of nodes can be slow to compile. This is particularly true if you are using LINQ to Objects 0 4
  18. 18. ODATAATTRIBUTES (CONT) NotExpandable Represents an Attribute that can be placed on a property to specify be used in the $expand OData query option. 0 5 NotNavigable Represents an Attribute that can be placed on a property to specify that the property cannot be navigated in OData query. 0 6 NotSortable Represents an attribute that can be placed on a property to specify that the property cannot be used in the $orderby OData query option. 0 7 NonFilterable Represents an Attribute that can be placed on a property to specify that the property cannot be used in the $filter OData query option. 0 1 UnSortable Represents an Attribute that can be placed on a property to specify that the property cannot be used in the $orderby OData query option. 0 2 NotExpandable Represents an Attribute that can be placed on a property to specify that the property cannot be used in the $expand OData query option. 0 3 NotCountable Represents an Attribute that can be placed on a property to specify that the $count cannot be applied on the property. 0 4 [NonFilterable] [Unsortable] public string Name { get; set; }
  19. 19. QUERY SECURITY Consider disabling the any() and all() functions, as these can be slow. 0 6 If any string properties contain large strings— for example, a product description or a blog entry—consider disabling the string functions. 0 7 Consider disallowing filtering on navigation properties. Filtering on navigation properties can result in a join, which might be slow, depending on your database schema. 0 8 Test your service with various queries and profile the DB. 0 1 Enable server-driven paging, to avoid returning a large data set in one query. 0 2 Do you need $filter and $orderby? Some applications might allow client paging, using $top and $skip, but disable the other query options. 0 3 Consider restricting $orderby to properties in a clustered index. Sorting large data without a clustered index is slow. 0 4 Consider restricting $filter queries by writing a validator that is customized for your database. 0 9 Maximum node count: The MaxNodeCount property on [Queryable] sets the maximum number nodes allowed in the $filter syntax tree. The default value is 100, but you may want to set a lower value, because a large number of nodes can be slow to compile. 0 5
  20. 20. VALIDATION PATHS Filter Query Represents a validator used to validate a FilterQueryOption based on the ODataValidationSettings. Order By Query Represents a validator used to validate an OrderByQueryOption based on the ODataValidationSettings. OData Query Represents a validator used to validate OData queries based on the ODataValidationSettings. Select Expand Query Represents a validator used to validate a SelectExpandQueryOption based on the ODataValidationSettings. Skip Query Represents a validator used to validate a SkipQueryOption based on the ODataValidationSettings. Top Query Represents a validator used to validate a TopQueryOption based on the ODataValidationSettings.
  21. 21. QUERY SECURITY // Validator to prevent filtering on navigation properties. public class MyFilterQueryValidator : FilterQueryValidator { public override void ValidateNavigationPropertyNode( Microsoft.Data.OData.Query.SemanticAst.QueryNode sourceNode, Microsoft.Data.Edm.IEdmNavigationProperty navigationProperty, ODataValidationSettings settings) { throw new ODataException("No navigation properties"); } } // Validator to restrict which properties can be used in $filter expressions. public class MyFilterQueryValidator : FilterQueryValidator { static readonly string[] allowedProperties = { "ReleaseYear", "Title" }; public override void ValidateSingleValuePropertyAccessNode( SingleValuePropertyAccessNode propertyAccessNode, ODataValidationSettings settings) { string propertyName = null; if (propertyAccessNode != null) { propertyName = propertyAccessNode.Property.Name; } if (propertyName != null && !allowedProperties.Contains(propertyName)) { throw new ODataException( String.Format("Filter on {0} not allowed", propertyName)); } base.ValidateSingleValuePropertyAccessNode(propertyAccessNode, settings); } }
  22. 22. Configuration Settings
  23. 23. Demo www.chriswoodruff.com Page Number 24
  24. 24. Client Side for OData
  25. 25. DEBUGGING/TESTING
  26. 26. XODATA Web-based OData Visualizer FIDDLER Free web debugging tool which logs all HTTP(S) traffic between your computer and the Internet. LINQPAD (v3) Interactively query SQL databases (among other data sources such as OData or WCF Data Services) using LINQ, as well as interactively writing C# code without the need for an IDE. ODATA VALIDATOR Enable OData service authors to validate their implementation against the OData specification to ensure the service interoperates well with any OData client. TESTING/DEBUGGING ODATA www.websitename.com
  27. 27. CONSUMING ODATA
  28. 28. Demo Show How to Share an OData Feed in an Universal App
  29. 29. GITHUB http://github.com/cwoodruff Project: ChinookWebAPIOData ChinookOData Where can you find the source for this talk?
  30. 30. ODATA WORKSHOP 01 02 03 04 TESTING/DEBUGGING ODATA DEVELPING CLIENT SIDE SOLUTIONS • Web Apps using Javascript to consume Odata • iOS Swift development for native iPhone and iPad apps • Windows 8.1 and Windows Phone apps C# and WinJS • Android development using Java • Using Xamarin for consuming OData LEARNING THE PROTOCOL • The Metadata and Service Model of OData • URI Conventions of OData • Format Conventions of OData • OData HTTP Conventions and Operations DEVELPING SERVER SIDE SOLUTIONS • ASP.NET Web API • Advanced Performance Tips and Best Practices Go to http://ChrisWoodruff.com for more details and pricing
  31. 31. THANK YOU Find me around the conference and would enjoy chatting Email: cwoodruff@live.com Twitter: @cwoodruff

×