Add and Protect CRUD Web API Endpoints(添加和保护CRUD Web API端点)
This topic describes how to create endpoints in a Web API Service application. See the following topics for information on how to create a project with the Web API:
本主题介绍如何在Web API服务应用程序中创建端点。有关如何使用Web API创建项目的信息,请参阅以下主题:
- Create a New Application with the Web API(使用Web API创建新应用程序)
- Add a Web API Project to an Existing Solution(将Web API项目添加到现有解决方案)
- Add the Web API Service to a Blazor Server Project(将Web API服务添加到Blazor服务器项目)
Create Endpoints for Business Objects(为业务对象创建端点)
In the Startup.cs file, add or find the services.AddXafWebApi method call and use the BusinessObject method to create endpoints for business objects. The following code creates endpoints for the ApplicationUser and Contact business objects:
在Startup. cs文件中,添加或找到services.AddXafWebApi方法调用并使用BusinessObject方法为业务对象创建端点。以下代码为Application ationUser和ContentBusiness对象创建端点:
File: MySolution.WebApi\Startup.cs (MySolution.Blazor.Server\Startup.cs)
C#
using MySolution.Module.BusinessObjects;
// ...
namespace MySolution.WebApi {
public class Startup {
// ...
public void ConfigureServices(IServiceCollection services) {
// ...
services.AddXafWebApi(Configuration, options => {
options.BusinessObject<ApplicationUser>();
options.BusinessObject<Contact>();
})
// In XPO applications, uncomment the following line:
// .AddXpoServices();
// ...
}
// ...
}
}
Configure Authorization for Endpoints or Protect Business Object Data(为端点配置授权或保护业务对象数据)
You must define Security System permissions for business objects and properties you want to expose through a Web API Service (both built-in and custom endpoints). We do not recommend that you expose business object data to all users without security protection.
您必须为要通过Web API服务(内置和自定义终结点)公开的业务对象和属性定义安全系统权限。我们不建议您在没有安全保护的情况下向所有用户公开业务对象数据。
You can configure permissions using one of the following methods:
您可以使用以下方法之一配置权限:
- In the code of the ModuleUpdater class (look for the Updater.cs file, because there may be different locations depending on your project configuration).(在ModuleUpdater类的代码中(查找Updater. cs文件,因为根据您的项目配置可能有不同的位置)。)
- In the administrative UI powered by XAF Blazor/WinForms (this feature requires the Universal license).(在由XAF Blazor/WinForms提供支持的管理UI中(此功能需要通用许可证)。)
For more information, refer to the following concepts and examples:
有关详细信息,请参阅以下概念和示例:
- Create Predefined Users, Roles and Permissions in the Database(在数据库中创建预定义的用户、角色和权限)
- How to restrict inter-departmental data access using Security Permissions (EF Core)(如何使用安全权限(EF Core)限制部门间数据访问)
- Authenticate and Authorize Web API Endpoints(对Web API端点进行身份验证和授权)
Expose or Hide Business Object Properties(公开或隐藏业务对象属性)
Expose Properties(暴露属性)
ASP.NET Core Web API/OData exposes public business class properties of simple/value types with a setter (writable) in a Web API response. Our Web API Service additionally exposes read-only calculated XPO properties of simple/value types without a setter (readonly) marked with PersistentAliasAttribute.
ASP.NETCore Web API/OData在Web API响应中公开了带有setter(可写)的简单/值类型的公共业务类属性。我们的Web API服务还公开了简单/值类型的只读计算XPO属性,而没有标有PersistentAliasAttribute的setter(只读)。
ASP.NET Core Web API/OData does not initially include complex type, reference, and collection business class properties in a Web API response. To include complex type, reference, and collection business class properties in a Web API response, use OData query options:
ASP.NETCore Web API/OData最初不会在Web API响应中包含复杂类型、引用和集合业务类属性。要在Web API响应中包含复杂类型、引用和集合业务类属性,请使用OData查询选项:
- Get a Reference Object(获取引用对象)
- Get an Associated Collection(获取关联集合)
- Change the Expansion Depth for Related Business Objects(更改相关业务对象的扩展深度)
Note
*If you apply the AutoExpand attribute to a referenced property, you do not need to explicitly specify the e x p a n d p a r a m e t e r i n a n O D a t a q u e r y b e c a u s e i t i s a u t o m a t i c a l l y l o a d e d a n d i t s d a t a i s i n c l u d e d i n t h e A P I r e s p o n s e . ∗ 如果将 A u t o e x p a n d 属性应用于引用的属性,则不需要在 O D a t a 查询中显式指定 expand parameter in an OData query because it is automatically loaded and its data is included in the API response.* 如果将Autoexpand属性应用于引用的属性,则不需要在OData查询中显式指定 expandparameterinanODataquerybecauseitisautomaticallyloadedanditsdataisincludedintheAPIresponse.∗如果将Autoexpand属性应用于引用的属性,则不需要在OData查询中显式指定expand参数,因为它是自动加载的,并且其数据包含在API响应中。
Hide Properties(隐藏属性)
To hide business class properties from the Web API Service’s responses, decorate them with the IgnoreDataMemberAttribute.
要从Web API服务的响应中隐藏业务类属性,请使用IgnoreDataMemberAttribute装饰它们。
To specifically remove a property from the Web API Service’s OData interface, use the EntityTypeConfigurator.IgnoreProperty method. In this instance, the specified property may belong to the class itself or to its ancestor:
要专门从Web API Service的OData接口中删除属性,请使用EntityTypeConfigurator. IgnoreProperty方法。在这种情况下,指定的属性可能属于类本身或其祖先:
File: MySolution.WebApi\Startup.cs (MySolution.Blazor.Server\Startup.cs)
C#
services.AddXafWebApi(Configuration, options => {
options.BusinessObject<Contact>().ConfigureEntityType(b => {
// Ignore this class's property.
b.IgnoreProperty(o => o.Email);
// Ignore a property of the parent `Person` class.
b.IgnoreProperty(o => o.Company);
});
});
The image below demonstrates the difference in the GET endpoint’s response when the above code is used:
下图演示了使用上述代码时GET端点响应的差异:
For advanced OData entity model structure customization, refer to Change an EDM Model Structure using ODataModelBuilder.
有关高级OData实体模型结构定制,请参阅使用ODataModelBuilder更改EDM模型结构。
扫一扫
1239
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
