I have a Web Api project with a controller that has methods for GET, DELETE, POST, and PUT.
When I try to do a POST or PUT to this controller I always get a 405 Method Not Allowed error. The data being sent over looks valid, it's just an object with six simple properties. I put a breakpoint in my method and as expected in this case, it doesn't get hit. I registered a DelegatingHandler (mentioned at Web Api - Catch 405 Method Not Allowed) to inspect the incoming request and outgoing response and I can tell that my request is being processed by the Api (meaning the problem is not with the client). I also used Fiddler to inspect the request/response and the response headers say under Security, Allow: DELETE, GET.
This clearly tells me that PUT and POST are not allowed, for whatever reason, even though I have methods decorated with the [HttpPost] and [HttpPut] attributes and have the routing configured correctly, as far as I can tell. I am using default routing but also have methods which use attribute routing.
This sounds like there may be some kind of security issue, however, I'm able to do POST and PUT in my other controllers and I don't see any differences which I believe would be the cause of the problem.
Here's a snippet of my code:
public class PricesController : ApiController
{
// DELETE: api/Prices/5
[HttpDelete]
[ResponseType(typeof(Price))]
[Route("api/Prices/{id:int}")]
public async Task<IHttpActionResult> DeletePrice(int id)
{
// code omitted
}
// GET: api/Prices/5
[HttpGet]
[ResponseType(typeof(Price))]
[Route("api/Prices/{id:int}")]
public async Task<IHttpActionResult> GetPrice(int id)
{
// code omitted
}
// GET: api/Prices
[HttpGet]
[Route("api/Prices")]
public IQueryable<Price> GetPrices()
{
// code omitted
}
// POST: api/Prices
[HttpPost]
[ResponseType(typeof(Price))]
[Route("api/Prices", Name = "Prices")]
public async Task<IHttpActionResult> PostPrice(Price price)
{
// code omitted
}
// PUT: api/Prices/5
[HttpPut]
[ResponseType(typeof(void))]
[Route("api/Prices/{id:int}")]
public async Task<IHttpActionResult> PutPrice(int id, Price price)
{
// code omitted
}
}
Any help would be appreciated. I've spent all day trying to figure this out.
It sounds like it's not binding correctly.
Can you try decorating Price with [FromBody] before it in your actions?
PostPrice([FromBody] Price price)
Related
I have the below Web API controller. Its sole responsibility is to validate the incoming document against a set of business rules and return a result. Which is the correct HTTP verb to use for this controller action?
//[Http<???>]
public IActionResult ValidateBusinessRules([FromBody BusinessDocument document)
{
var result = ValidateBusinessRules(document);
return Ok(result);
}
[FromBody] explicitly tells the model binder to check the request body for data to bind. And since only certain request allow a body then it means that it works with POST or PUT.
POST would be the default verb to use in this scenario. Taking model state into consideration the action can look like this
[HttpPost]
public IActionResult ValidateBusinessRules([FromBody] BusinessDocument document) {
if(ModelState.IsValid) {
var result = ValidateBusinessRules(document);
if(result.IsValid) { //assuming result has a flag
return Ok(result);
}
return BadRequest(result);//assuming result provides relevant details.
}
return BadRequest(ModelState);
}
That way the status of the response can provide some relevant feedback about the request made.
One could argument that POST should only be used for creating a new entity but as GET is not designed to send data through the request body and the other verbs (PUT = update entity, DELETE = remove entity) don't give you a better option I would say it's OK to use POST for scenarios where you need to get some data from the server and need to send data in the request body.
I would therefore recommend you to use POST here
[HttpPost]
public IActionResult ValidateBusinessRules([FromBody] BusinessDocument document)
{
var result = ValidateBusinessRules(document);
return Ok(result);
}
If you use this endpoint to validate data from form, and then you want to save them through another endpoint, I think, that the best solution would be something like this:
[HttpPost]
[Route("documents")]
public IActionResult ValidateBusinessRules([FromBody] BusinessDocument document)
{
var result = ValidateBusinessRules(document);
if (!result.IsValid)
{
return BadRequest(result);
}
var document = _documentService.Save(document);
return Ok(document);
}
For me it is odd to use POST if you don't want to create new resource.
currently I am coding on a mock for a rest service we're using. For one case I want to return a 404 with a specific message in the body:
#POST
#Produces(MediaType.APPLICATION_XML)
#Consumes(MediaType.APPLICATION_XML)
#Path("/bookings")
public javax.ws.rs.core.Response performBooking(final BookingRequest booking) {
if (shouldfail(booking)) {
return Response.status(Response.Status.NOT_FOUND).entity("specific message in entity").build();
}
// some more other cases below...
}
If I test the mock with a unit test everything works fine:
final String failedMessage = response.getEntity().toString();
But if I deploy the rest service and call it, I will get the correct 404 code, but the entity is null.
For valid answers I put a BookingResponse object in the entity (simple DTO with some IDs in it) and it works for that. Just the string seems to disappear.
Any idea why my string disappears?
UPDATE
Some more digging showed that thrown Exceptions were dropped and the actual problem is that an injected UriInfo could not be resolved in the AsyncResponse's thread!
Accessing #Context UriInfo uriInfo; during AsyncResponse.resume() gives the following LoggableFailure's message:
Unable to find contextual data of type: javax.ws.rs.core.UriInfo
ORIGINAL
According to RFC 7231 HTTP/1.1 Semantics and Control, a POSTshould return 201 CREATED and supply the new resource's location in the header:
the origin server
SHOULD send a 201 (Created) response containing a Location header
field that provides an identifier for the primary resource created
(Section 7.1.2) and a representation that describes the status of the
request while referring to the new resource(s).
When writing a synchronous REST Server, the javax.ws.rs.core.Responseoffers the Response.created() shorthand which does exactly that.
I would save the new entity, build an URI and return
return Response.created(createURL(created)).build();
However, when I switch to an asynchronous approach utilizing a
#Suspended javax.ws.rs.container.AsyncResponse
the HTTP request on the client will hang infinitely:
#POST
public void createUser(#Valid User user, #Suspended AsyncResponse asyncResponse) {
executorService.submit(() -> {
User created = userService.create(user);
asyncResponse.resume(
Response.created(createURL(created)).build()
);
});
}
Through trial-and-error I found out that the modified location header is responsible.
If I return my entity and set the 201 Created, without touching the header, the request will eventually resolve:
#POST
public void createUser(#Valid User user, #Suspended AsyncResponse asyncResponse) {
executorService.submit(() -> {
User created = userService.create(user);
asyncResponse.resume(
Response.status(Status.CREATED).entity(created).build() //this works
//Response.created(createURL(created)).build()
);
});
}
So what's the problem? Am I misunderstanding the concepts?
I am running RestEasy on GlassFish4.1
If you need more information, please comment!
edit
As soon as I change any link or the header, the request will hang.
In case anyone ever has the same problem:
The problem was that I created the location header through an injected #Context UriInfo uriInfo using its .getAbsolutePathBuilder().
The approach was working in a synchronous server because the thread which accessed the UriInfo still had the same Request context.
However, when I switched to an async approach, the underlying Runnable which eventually had to access uriInfo.getAbsolutePathBuilder() was NOT within any context - thus throwing an exception which halted further execution.
The workaround:
In any async method which should return a location header, I .getAbsolutePathBuilder() while still within the context. The UriBuilder implemantion can then be used within the async run:
#POST
public void createUser(#Valid User user, #Suspended AsyncResponse asyncResponse) {
UriBuilder ub = uriInfo.getAbsolutePathBuilder();
executorService.submit(() -> {
User created = userService.create(user);
asyncResponse.resume(
Response.created(createURL(ub, created)).build()
);
});
}
private URI createURL(UriBuilder builder, ApiRepresentation entity) {
return builder.path(entity.getId().toString()).build();
}
I am new to REST Services and would like to know how we can add multiple Get / Post / Delete methods.
for e.g.
We are having following Get Methods: -
GetAllUsers()
GetUserByID(int id)
GetUserByName(string name)
Similarly, Delete methods: -
DeleteAllUsers()
DeleteUserByID(int id)
DeleteUserByName(string name)
Post/Put Methods: -
PutCreateDefaultUser()
PutCreateUser(User user)
PutCreateMultipleUsers(User[] users)
So how to define Get/Delete/Post/Put methods in above case. Is that name it self says which is get / delete /put / post
Also How to set the uri template for each?
What will be the URI of each method?
Note: I am using MVC4 .Net Web API project, I am NOT using WCF
Your examples point out to more of an RPC implementation. REST is based on resources. Each resource has its methods. to Get, Update, Insert and Delete. If you are planning to have what you said in your question, you can do it in your ASP.NET API with no problem: (But be sure that this is NOT REST)
Update (2018)
After some time and experience (and after a user comment on this old answer) I realized it was wrong to say that OP endpoints were not Restfull. The routes can be easily done to achieve that, as my examples already have shown. Funny how we learn and change our own ideas/opinions with time. :)
UserController
[RoutePrefix("api/v1")]
public class UserController : ApiController
{
[HttpGet]
[Route("users")]
public HttpResponseMessage GetAllUsers()
{
...
}
[HttpGet]
[Route("users/{id:int}")]
public HttpResponseMessage GetUserByID(int id)
{
...
}
[HttpGet]
[Route("users/{name:string}")]
public HttpResponseMessage GetUserByName(string name)
{
...
}
[HttpDelete]
public HttpResponseMessage DeleteAllUsers()
{
...
}
[HttpDelete]
[Route("users/{id:int}")]
public HttpResponseMessage DeleteUserByID(int id)
{
...
}
}
With the HttpAttributes, you can have as many HttpDeletes you want. Just put the attribute on top of the action and you're good to go. It also enforces that the methods can only be called using that HTTP verb. So in the Delete above, if you do a call with a GET verb, you'll get nothing. (The action will not be found)
You can also explicitly give a custom route to your action if you so desire. For instance, your call to GetUserByID would be:
GET: http://localhost:2020/api/v1/users/1
Most of the information you require can be found here:
http://www.asp.net/web-api/overview/web-api-routing-and-actions/routing-in-aspnet-web-api
http://www.asp.net/web-api/overview/web-api-routing-and-actions/routing-and-action-selection
You can specify the HTTP method with an attribute: AcceptVerbs, HttpDelete, HttpGet, HttpHead, HttpOptions, HttpPatch, HttpPost, HttpPut.
Otherwise, if the name of the controller method starts with "Get", "Post", "Put", "Delete", "Head", "Options", or "Patch", then by convention the action supports that HTTP method.
If none of the above, the method supports POST.
The Uri will depend on the name of the controller:
/api/controller-name/GetAllUsers
I have a web project with two models - IndicatorModel and GranteeModel. I also have corresponding ApiControllers for each - IndicatorsController, and GranteesController. I'm planning on using this setup for a data API alongside my actual web project, so I've created a new Area in my project named simply "Api". In my ApiAreaRegistration class, I'm registering routes for these controllers like this:
context.Routes.MapHttpRoute(
name: "ApiDefault",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional }
);
Basically, a request to http://myapp/api/indicators/123 should go to the Indicators controller, and it should specifically be handled by an action method that accepts an integer parameter. My controller class is setup as follows, and it works perfectly:
public class IndicatorsController : ApiController
{
// get: /api/indicators/{id}
public IndicatorModel Get(int id)
{
Indicator indicator = ...// find indicator by id
if (indicator == null)
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
return new IndicatorModel(indicator);
}
}
My GranteesController class is setup identically:
public class GranteesController : ApiController
{
// get: /api/grantees/{id}
public GranteeModel Get(int granteeId)
{
Grantee grantee = ... // find grantee by Id
if (grantee == null)
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
return new GranteeModel(grantee);
}
}
Now the problem - if I try a request to http://myapp/api/grantees/123, I get a 404 and I'm 100% positive that the 404 is not coming from my Get method. For one, I've tried debugging and logging within that method, and the method is never actually hit. Also, the actual output (json) to the request looks like this:
{
"Message": "No HTTP resource was found that matches the request URI 'http://myapp/api/grantees/25'.",
"MessageDetail": "No action was found on the controller 'Grantees' that matches the request."
}
Also, the output to my TraceWriter log looks like this:
;;http://myapp/api/grantees/10
DefaultHttpControllerSelector;SelectController;Route='controller:grantees,id:10'
DefaultHttpControllerSelector;SelectController;Grantees
HttpControllerDescriptor;CreateController;
DefaultHttpControllerActivator;Create;
DefaultHttpControllerActivator;Create;MyApp.Areas.Api.Controllers.GranteesController
HttpControllerDescriptor;CreateController;MyApp.Areas.Api.Controllers.GranteesController
GranteesController;ExecuteAsync;
ApiControllerActionSelector;SelectAction;
DefaultContentNegotiator;Negotiate;Type='HttpError', formatters=[JsonMediaTypeFormatterTracer...
So my request is getting routed correctly - the correct controller is selected, and the Id property is set correctly (10). However, the ApiControllerActionSelector isn't finding a method on the controller which matches. I've also tried adding in the [HttpGet] attribute to my Get methods, with no success.
Does anyone have any ideas of what might be happening here? I cannot for the life of me figure out why the action selector isn't finding the correct action.
The parameter name on GranteesController's action need to be modified from 'granteeId' to 'id':
public GranteeModel Get(int id)