Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
#devsum15
Learning How to Shape and
Configure an OData Feed for High
Performing Web Sites and
Applications
Chris Woodruff
...
Hi, I’m Woody!
Chris Woodruff
• cwoodruff@live.com
• http://chriswoodruff.com
• http://deepfriedbytes.com
• twitter @cwood...
VALIDATION CLIENT SIDEBEST PRACTICES
AGENDA
What are the 2 Sides of OData?
SERVER-SIDE (PRODUCER) CLIENT-SIDE (CONSUMER)
Server Side for OData
UNDERSTAND REST
The Top Reasons You Need to Learn about Data in Your Windows Phone App
WHAT IS REST?
RESOURCES
VERBS
URL
WHAT SHOULD YOU KNOW ABOUT REST?
Resources
REST uses addressable resources to define the
structure of the API. These are t...
REST & HTTP VERBS
GET
Requests a representation of the specified
Requests using GET should only retrieve
have no other eff...
EXAMPLES OF REST AND ODATA
/Products
RESOURCE EXPECTED OUTCOMEVERB RESPONSE CODE
/Products?$filter=Color eq ‘Red'
/Product...
BEST PRACTICES
Get to know the OData Protocol!!!
Examples (http://chinookdata.azurewebsites.net)
GET serviceRoot/Artists?$filter=Name eq 'Foo Fighters'
GET serviceRoot/Art...
Query Projection
Examples (http://chinookdata.azurewebsites.net)
PROPERTIES OF THE CUSTOMER ENTITY
• CustomerId
• FirstName
• LastName
• Co...
Server Side Paging
Examples
[EnableQuery(PageSize=20)]
Configuration Settings
Examples
invoice.Ignore(t => t.InvoiceDate);
Data Caching with Web API OData v4
Example
Add the CacheCow Server NuGet package to your server project.
Example
Add the following to your WebApiConfig.cs file:
var cacheCowCacheHandler = new CachingHandler(config);
config.Mess...
VALIDATION AND FILTERING
QUERYABLE ODATAATTRIBUTES
AllowedFunctions
Consider disabling the any() and all() functions, as these can be
0
5
IgnoreDat...
Examples
[EnableQuery(AllowedQueryOptions = AllowedQueryOptions.Filter)]
[EnableQuery(AllowedLogicalOperators = AllowedLog...
ODATAATTRIBUTES (CONT)
NotExpandable
Represents an Attribute that can be placed on a property to specify
be used in the $e...
QUERY SECURITY
Consider disabling the any() and all() functions,
as these can be slow.
0
6
If any string properties contai...
VALIDATION PATHS
Filter Query
Represents a validator used to validate a
FilterQueryOption based on the
ODataValidationSett...
QUERY SECURITY
// Validator to prevent filtering on navigation properties.
public class MyFilterQueryValidator : FilterQue...
Demo
www.chriswoodruff.com Page Number 31
Client Side for OData
DEBUGGING/TESTING
XODATA
Web-based OData Visualizer
FIDDLER
Free web debugging tool which
logs all HTTP(S) traffic between
your computer and...
CONSUMING ODATA
Demo
Show How to Consume an OData Feed in an Universal App
GITHUB
http://github.com/cwoodruff
Project:
ChinookWebAPIOData
ChinookOData
Where can you find the source for this talk?
ODATA WORKSHOP
01
02
03
04
TESTING/DEBUGGING ODATA
DEVELPING CLIENT SIDE SOLUTIONS
• Web Apps using Javascript to consume ...
THANK YOU
Find me around the conference and would enjoy chatting
Email: cwoodruff@live.com
Twitter: @cwoodruff
Learning How to Shape and Configure an OData Service for High Performing Web and Mobile Applications
Upcoming SlideShare
Loading in …5
×

Learning How to Shape and Configure an OData Service for High Performing Web and Mobile Applications

1,651 views

Published on

Learning How to Shape and Configure an OData Service for High Performing Web and Mobile Applications

Published in: Technology
  • Be the first to comment

Learning How to Shape and Configure an OData Service for High Performing Web and Mobile Applications

  1. 1. #devsum15 Learning How to Shape and Configure an OData Feed for High Performing Web Sites and Applications Chris Woodruff @cwoodruff cwoodruff@live.com
  2. 2. Hi, I’m Woody! Chris Woodruff • cwoodruff@live.com • http://chriswoodruff.com • http://deepfriedbytes.com • twitter @cwoodruff
  3. 3. VALIDATION CLIENT SIDEBEST PRACTICES AGENDA
  4. 4. What are the 2 Sides of OData? SERVER-SIDE (PRODUCER) CLIENT-SIDE (CONSUMER)
  5. 5. Server Side for OData
  6. 6. UNDERSTAND REST The Top Reasons You Need to Learn about Data in Your Windows Phone App
  7. 7. WHAT IS REST? RESOURCES VERBS URL
  8. 8. WHAT SHOULD YOU KNOW ABOUT REST? Resources REST uses addressable resources to define the structure of the API. These are the URLs you use to get to pages on the web Request Headers These are additional instructions that are sent with the request. These might define what type of response is required or authorization details. Request Verbs These describe what you want to do with the resource. A browser typically issues a GET verb to instruct the endpoint it wants to get data, however there are many other verbs available including things like POST, PUT and DELETE. Request Body Data that is sent with the request. For example a POST (creation of a new item) will required some data which is typically sent as the request body in the format of JSON or XML. Response Body This is the main body of the response. If the request was to a web server, this might be a full HTML page, if it was to an API, this might be a JSON or XML document. Response Status codes These codes are issues with the response and give the client details on the status of the request.
  9. 9. REST & HTTP VERBS GET Requests a representation of the specified Requests using GET should only retrieve have no other effect. POST Requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI. PUT Requests that the enclosed entity be stored under the supplied URI. DELETE Deletes the specified resource.
  10. 10. EXAMPLES OF REST AND ODATA /Products RESOURCE EXPECTED OUTCOMEVERB RESPONSE CODE /Products?$filter=Color eq ‘Red' /Products /Products(81) /Products(881) /Products(81) /Products(81) GET GET POST GET GET PUT DELETE A list of all products in the system A list of all products in the system where the color is red Creation of a new product Product with an ID of 81 Some error message Update of the product with ID of 81 Deletion of the product with ID of 81 200/OK 200/OK 201/Created 200/OK 404/Not Found 204/No Content 204/No Content
  11. 11. BEST PRACTICES
  12. 12. Get to know the OData Protocol!!!
  13. 13. Examples (http://chinookdata.azurewebsites.net) GET serviceRoot/Artists?$filter=Name eq 'Foo Fighters' GET serviceRoot/Artists?$filter=contains(Name, 'Foo') GET serviceRoot/Artists(1)?$expand=Albums GET serviceRoot/Artists(58)/Albums?$orderby=Title desc GET serviceRoot/Artists?$skip=20&$top=10 GET serviceRoot/Artists?$search=AC *** GET serviceRoot/Customer?$filter=Email/any(s:endswith(s, 'contoso.com')) *** GET serviceRoot/$metadata
  14. 14. Query Projection
  15. 15. Examples (http://chinookdata.azurewebsites.net) PROPERTIES OF THE CUSTOMER ENTITY • CustomerId • FirstName • LastName • Company • Address • City • State QUERY PROJECTIONS FOR PERFORMANCE GET serviceRoot/Customers?$select= FirstName, LastName, Company GET serviceRoot/Customers?$select= LastName, Address, City, State, Country, PostalCode GET serviceRoot/Customers?$select= FirstName, LastName, Phone, Email • Country • PostalCode • Phone • Fax • Email • SupportRepId
  16. 16. Server Side Paging
  17. 17. Examples [EnableQuery(PageSize=20)]
  18. 18. Configuration Settings
  19. 19. Examples invoice.Ignore(t => t.InvoiceDate);
  20. 20. Data Caching with Web API OData v4
  21. 21. Example Add the CacheCow Server NuGet package to your server project.
  22. 22. Example Add the following to your WebApiConfig.cs file: var cacheCowCacheHandler = new CachingHandler(config); config.MessageHandlers.Add(cacheCowCacheHandler); When you get a resource you will get an Etag ETag: W/”002a41972c3d43f0bb14d033907b3f41″ When you make a second request to the same resource, you should send this ETag. The server uses this identifier to check if the resource you requested has changed (remember, the server is the authoritative source). If the resource has indeed changed, it sends you the latest copy. Otherwise, it sends a 304 Not Modified.
  23. 23. VALIDATION AND FILTERING
  24. 24. QUERYABLE ODATAATTRIBUTES AllowedFunctions Consider disabling the any() and all() functions, as these can be 0 5 IgnoreDataMember (not with Queryable) Represents an Attribute that can be placed on a property to specify that the property cannot be navigated in OData query. 0 6 PageSize Enable server-driven paging, to avoid returning a large data set in one query. For more information 0 1 AllowedQueryOptions Do you need $filter and $orderby? Some applications might allow client paging, using $top and $skip, but disable the other query options. 0 2 AllowedOrderByProperties Consider restricting $orderby to properties in a clustered index. Sorting large data without a clustered index is slow. 0 3 AllowedLogicalOperators Consider any logical operators that you do not want to allow 0 4
  25. 25. Examples [EnableQuery(AllowedQueryOptions = AllowedQueryOptions.Filter)] [EnableQuery(AllowedLogicalOperators = AllowedLogicalOperators.Equal)] [EnableQuery(AllowedFunctions = AllowedFunctions.AllStringFunctions)] [EnableQuery(AllowedOrderByProperties = "ID")]
  26. 26. ODATAATTRIBUTES (CONT) NotExpandable Represents an Attribute that can be placed on a property to specify be used in the $expand OData query option. 0 5 NotNavigable Represents an Attribute that can be placed on a property to specify that the property cannot be navigated in OData query. 0 6 NotSortable Represents an attribute that can be placed on a property to specify that the property cannot be used in the $orderby OData query option. 0 7 NonFilterable Represents an Attribute that can be placed on a property to specify that the property cannot be used in the $filter OData query option. 0 1 UnSortable Represents an Attribute that can be placed on a property to specify that the property cannot be used in the $orderby OData query option. 0 2 NotExpandable Represents an Attribute that can be placed on a property to specify that the property cannot be used in the $expand OData query option. 0 3 NotCountable Represents an Attribute that can be placed on a property to specify that the $count cannot be applied on the property. 0 4 [NonFilterable] [Unsortable] public string Name { get; set; }
  27. 27. QUERY SECURITY Consider disabling the any() and all() functions, as these can be slow. 0 6 If any string properties contain large strings— for example, a product description or a blog entry—consider disabling the string functions. 0 7 Consider disallowing filtering on navigation properties. Filtering on navigation properties can result in a join, which might be slow, depending on your database schema. 0 8 Test your service with various queries and profile the DB. 0 1 Enable server-driven paging, to avoid returning a large data set in one query. 0 2 Do you need $filter and $orderby? Some applications might allow client paging, using $top and $skip, but disable the other query options. 0 3 Consider restricting $orderby to properties in a clustered index. Sorting large data without a clustered index is slow. 0 4 Consider restricting $filter queries by writing a validator that is customized for your database. 0 9 Maximum node count: The MaxNodeCount property on [Queryable] sets the maximum number nodes allowed in the $filter syntax tree. The default value is 100, but you may want to set a lower value, because a large number of nodes can be slow to compile. 0 5
  28. 28. VALIDATION PATHS Filter Query Represents a validator used to validate a FilterQueryOption based on the ODataValidationSettings. Order By Query Represents a validator used to validate an OrderByQueryOption based on the ODataValidationSettings. OData Query Represents a validator used to validate OData queries based on the ODataValidationSettings. Select Expand Query Represents a validator used to validate a SelectExpandQueryOption based on the ODataValidationSettings. Skip Query Represents a validator used to validate a SkipQueryOption based on the ODataValidationSettings. Top Query Represents a validator used to validate a TopQueryOption based on the ODataValidationSettings.
  29. 29. QUERY SECURITY // Validator to prevent filtering on navigation properties. public class MyFilterQueryValidator : FilterQueryValidator { public override void ValidateNavigationPropertyNode( Microsoft.Data.OData.Query.SemanticAst.QueryNode sourceNode, Microsoft.Data.Edm.IEdmNavigationProperty navigationProperty, ODataValidationSettings settings) { throw new ODataException("No navigation properties"); } } // Validator to restrict which properties can be used in $filter expressions. public class MyFilterQueryValidator : FilterQueryValidator { static readonly string[] allowedProperties = { "ReleaseYear", "Title" }; public override void ValidateSingleValuePropertyAccessNode( SingleValuePropertyAccessNode propertyAccessNode, ODataValidationSettings settings) { string propertyName = null; if (propertyAccessNode != null) { propertyName = propertyAccessNode.Property.Name; } if (propertyName != null && !allowedProperties.Contains(propertyName)) { throw new ODataException( String.Format("Filter on {0} not allowed", propertyName)); } base.ValidateSingleValuePropertyAccessNode(propertyAccessNode, settings); } }
  30. 30. Demo www.chriswoodruff.com Page Number 31
  31. 31. Client Side for OData
  32. 32. DEBUGGING/TESTING
  33. 33. XODATA Web-based OData Visualizer FIDDLER Free web debugging tool which logs all HTTP(S) traffic between your computer and the Internet. LINQPAD (v3) Interactively query SQL databases (among other data sources such as OData or WCF Data Services) using LINQ, as well as interactively writing C# code without the need for an IDE. ODATA VALIDATOR Enable OData service authors to validate their implementation against the OData specification to ensure the service interoperates well with any OData client. TESTING/DEBUGGING ODATA www.websitename.com
  34. 34. CONSUMING ODATA
  35. 35. Demo Show How to Consume an OData Feed in an Universal App
  36. 36. GITHUB http://github.com/cwoodruff Project: ChinookWebAPIOData ChinookOData Where can you find the source for this talk?
  37. 37. ODATA WORKSHOP 01 02 03 04 TESTING/DEBUGGING ODATA DEVELPING CLIENT SIDE SOLUTIONS • Web Apps using Javascript to consume Odata • iOS Swift development for native iPhone and iPad apps • Windows 8.1 and Windows Phone apps C# and WinJS • Android development using Java • Using Xamarin for consuming OData LEARNING THE PROTOCOL • The Metadata and Service Model of OData • URI Conventions of OData • Format Conventions of OData • OData HTTP Conventions and Operations DEVELPING SERVER SIDE SOLUTIONS • ASP.NET Web API • Advanced Performance Tips and Best Practices Go to http://ChrisWoodruff.com for more details and pricing
  38. 38. THANK YOU Find me around the conference and would enjoy chatting Email: cwoodruff@live.com Twitter: @cwoodruff

×