ASP.NET Web API Return JSON as an object

Currently the Web API which queries the Oracle DB is returning the result in the JSON in the below format.

[{"CATEGORY":"Internal Study","SESSION_NUMBER":7,"SESSION_START_DATE":"2015-02-13T00:00:00","SESSION_START_TIME":"2015-02-13T10:33:59.288394"}]

Below is the code we are using

public class SampleController : ApiController
{
  public HttpResponseMessage Getdetails([FromUri] string[] id)
   {
     using (OracleConnection dbconn = new OracleConnection("DATA SOURCE=J;PASSWORD=C;PERSIST SECURITY INFO=True;USER ID=T"))
      {
     var inconditions = id.Distinct().ToArray();
    var srtcon = string.Join(",", inconditions);
    DataSet userDataset = new DataSet();
    var strQuery = @"SELECT * from STCD_PRIO_CATEGORY where STPR_STUDY.STD_REF IN(" + srtcon + ")";
    OracleCommand selectCommand = new OracleCommand(strQuery, dbconn);
    OracleDataAdapter adapter = new OracleDataAdapter(selectCommand);
    DataTable selectResults = new DataTable();
    adapter.Fill(selectResults);
    var response = Request.CreateResponse(HttpStatusCode.OK, selectResults,MediaTypeHeaderValue.Parse("application/json"));
    ContentDispositionHeaderValue contentDisposition = null;
    if (ContentDispositionHeaderValue.TryParse("inline; filename=ProvantisStudyData.json", out contentDisposition))
    {
       response.Content.Headers.ContentDisposition = contentDisposition;
    }
    return response;
 }
}

But the Client which has the Script which consumes the file says that JSON structure being an array instead of an object is a security hole.

  {"data":[{"CATEGORY":"Internal Study","SESSION_NUMBER":7,"SESSION_START_DATE":"2015-02-13T00:00:00","SESSION_START_TIME":"2015-02-13T10:33:59.288394"}]}

I am new to this JSON structure and not sure how we will be manipulate the returned data as an object in JSON File


I haven't heard of any security issue around an array within the JSON, however if you need to convert it to a JSON object you could use a generic object that you define:

var returnObject = new
{
    selectResults = selectResults
};

This will add the JSON object wrapping you want onto the response, which you can then use this code to build your response:

var response = Request.CreateResponse(HttpStatusCode.OK, returnObject,MediaTypeHeaderValue.Parse("application/json"));

Sorry if I have misunderstood what you are asking for - hope this helps/works.

链接地址: http://www.djcxy.com/p/47774.html

上一篇: GET请求的CSRF预防

下一篇: ASP.NET Web API将JSON作为对象返回