Method Overriding RESTful services allow the clients to act on the resources through methods such as GET, POST, PUT, DELETE,  and so on. GET and POST are the most frequently used methods. Most of the corporate firewalls allow port 80, the typical port of HTTP. However, some do have restrictions in terms of the HTTP methods allowed. GET and POST methods are very common, but others such as DELETE can  be disallowed. The X-HTTP-Method-Override header can help you work around this problem. A typical solution involving this header is to send X-HTTP-Method-Override in the request with the actual verb intended (DELETE or PUT) and submit the request using POST; that is, the request line with the dummy POST verb tricks the firewall into allowing  the request. In ASP.NET Web API, a message handler, such as the one shown in Listing 4-2, can replace POST with the method specified in X-HTTP-Method-Override. The message handler runs early in the pipeline and is the best extensibility point suitable for this purpose.
Request Line
Request Headers
GET /home.html HTTP/1.1 Accept: text/html User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) Host: server.com [Blank line indicating the end of request headers]
Figure 4-4. Request message
www.it-ebooks.info
Chapter 4 ■ http anatomy and SeCurity
45
Listing 4-2. Method Override

public class MethodOverrideHandler : DelegatingHandler

{

    protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)

    {

        if (request.Method == HttpMethod.Post && request.Headers.Contains("X-HTTP-Method-Override"))

        {

            var method = request.Headers.GetValues("X-HTTP-Method-Override").FirstOrDefault();

            bool isPut = String.Equals(method, "PUT", StringComparison.OrdinalIgnoreCase);

            bool isDelete = String.Equals(method, "DELETE", StringComparison.OrdinalIgnoreCase);

            if (isPut || isDelete) { request.Method = new HttpMethod(method); }

        }

        return await base.SendAsync(request, cancellationToken);

    }

}

To test the preceding MethodOverrideHandler, you will need a tool like Fiddler, covered in depth later in this chapter. Fiddler is useful in capturing and analyzing HTTP traffic. Also, it lets you hand-code a request complete with request headers and send it to an endpoint with an HTTP method of your choice. Figure 4-5 illustrates how you can make a POST request with an X-HTTP-Method-Override header set to PUT. If MethodOverrideHandler is plugged into the pipeline by making an entry in WebApiConfig.cs file under App_Start, this request will invoke the PUT action method in the controller instead of POST.
HTTP Response The HTTP response has the status line as the first line of the response. As shown in Figure 4-6, the status line starts with the HTTP version, followed by a space, followed by the status code and a space, and then the reason phrase.  The request line is terminated by a CR and an LF character.
Figure 4-5. Fiddler Composer

最新文章

1. CSS 定位机制 position
2. [nRF51822] 4、 图解nRF51 SDK中的Schedule handling library 和Timer library
3. [Python爬虫] Selenium实现自动登录163邮箱和Locating Elements介绍
4. Volly框架的使用基础版及使用中的一些坑 Ace 网络篇(三)
5. 【转】android Apk打包过程概述_android是如何打包apk的
6. SQLite语句
7. select设置disable后ie修改默认字体颜色暂时解决
8. Android进阶：七、Retrofit2.0原理解析之最简流程【下】
9. fiddler几种功能强大的用法
10. 给tomcat 配置https
11. Flex 布局语法教程
12. 数据库MongoDB
13. HTML页面打印
14. JavaScript substr() 字符串截取函数使用详解
15. 【Hight Performance Javascript】——脚本加载和运行
16. python字符串格式化--dict传参
17. git将多个commit合并成一个新的commit
18. thinkphp crud实例代码
19. Oracle 日志报错导致的 “没有登录” 问题
20. 文件操作getc

热门文章

1. selenium支付高版本的FireFox
2. C盘空间不足
3. 基于Linux的oracle数据库管理 part5( linux启动关闭 自动启动关闭 oracle )
4. UC编程之线程
5. hdu 4622 Reincarnation trie树+树状数组/dp
6. BZOJ 1003 物流运输
7. qt多文档
8. php使用memcache与memcached扩展对key值的影响
9. 【英语】Bingo口语笔记(75) - 元音辅音的辨读
10. ORA-00257错误