ASP.NET Web API Return JSON as an object
Currently the Web API which queries the Oracle DB is returning the result in the JSON in the below format.
[{"CATEGORY":"Internal Study","SESSION_NUMBER":7,"SESSION_START_DATE":"2015-02-13T00:00:00","SESSION_START_TIME":"2015-02-13T10:33:59.288394"}]
Below is the code we are using
public class SampleController : ApiController
{
public HttpResponseMessage Getdetails([FromUri] string[] id)
{
using (OracleConnection dbconn = new OracleConnection("DATA SOURCE=J;PASSWORD=C;PERSIST SECURITY INFO=True;USER ID=T"))
{
var inconditions = id.Distinct().ToArray();
var srtcon = string.Join(",", inconditions);
DataSet userDataset = new DataSet();
var strQuery = @"SELECT * from STCD_PRIO_CATEGORY where STPR_STUDY.STD_REF IN(" + srtcon + ")";
OracleCommand selectCommand = new OracleCommand(strQuery, dbconn);
OracleDataAdapter adapter = new OracleDataAdapter(selectCommand);
DataTable selectResults = new DataTable();
adapter.Fill(selectResults);
var response = Request.CreateResponse(HttpStatusCode.OK, selectResults,MediaTypeHeaderValue.Parse("application/json"));
ContentDispositionHeaderValue contentDisposition = null;
if (ContentDispositionHeaderValue.TryParse("inline; filename=ProvantisStudyData.json", out contentDisposition))
{
response.Content.Headers.ContentDisposition = contentDisposition;
}
return response;
}
}
But the Client which has the Script which consumes the file says that JSON structure being an array instead of an object is a security hole.
{"data":[{"CATEGORY":"Internal Study","SESSION_NUMBER":7,"SESSION_START_DATE":"2015-02-13T00:00:00","SESSION_START_TIME":"2015-02-13T10:33:59.288394"}]}
I am new to this JSON structure and not sure how we will be manipulate the returned data as an object in JSON File
I haven't heard of any security issue around an array within the JSON, however if you need to convert it to a JSON object you could use a generic object that you define:
var returnObject = new
{
selectResults = selectResults
};
This will add the JSON object wrapping you want onto the response, which you can then use this code to build your response:
var response = Request.CreateResponse(HttpStatusCode.OK, returnObject,MediaTypeHeaderValue.Parse("application/json"));
Sorry if I have misunderstood what you are asking for - hope this helps/works.
链接地址: http://www.djcxy.com/p/47774.html上一篇: GET请求的CSRF预防