trx trx - 4 months ago 25
JSON Question

ASP.NET Web API Return JSON as an object

Currently the Web API which queries the Oracle DB is returning the result in the JSON in the below format.

[{"CATEGORY":"Internal Study","SESSION_NUMBER":7,"SESSION_START_DATE":"2015-02-13T00:00:00","SESSION_START_TIME":"2015-02-13T10:33:59.288394"}]


Below is the code we are using

public class SampleController : ApiController
{
public HttpResponseMessage Getdetails([FromUri] string[] id)
{
using (OracleConnection dbconn = new OracleConnection("DATA SOURCE=J;PASSWORD=C;PERSIST SECURITY INFO=True;USER ID=T"))
{
var inconditions = id.Distinct().ToArray();
var srtcon = string.Join(",", inconditions);
DataSet userDataset = new DataSet();
var strQuery = @"SELECT * from STCD_PRIO_CATEGORY where STPR_STUDY.STD_REF IN(" + srtcon + ")";
OracleCommand selectCommand = new OracleCommand(strQuery, dbconn);
OracleDataAdapter adapter = new OracleDataAdapter(selectCommand);
DataTable selectResults = new DataTable();
adapter.Fill(selectResults);
var response = Request.CreateResponse(HttpStatusCode.OK, selectResults,MediaTypeHeaderValue.Parse("application/json"));
ContentDispositionHeaderValue contentDisposition = null;
if (ContentDispositionHeaderValue.TryParse("inline; filename=ProvantisStudyData.json", out contentDisposition))
{
response.Content.Headers.ContentDisposition = contentDisposition;
}
return response;
}
}


But the Client which has the Script which consumes the file says that JSON structure being an array instead of an object is a security hole.

{"data":[{"CATEGORY":"Internal Study","SESSION_NUMBER":7,"SESSION_START_DATE":"2015-02-13T00:00:00","SESSION_START_TIME":"2015-02-13T10:33:59.288394"}]}


I am new to this JSON structure and not sure how we will be manipulate the returned data as an object in JSON File

Answer

I haven't heard of any security issue around an array within the JSON, however if you need to convert it to a JSON object you could use a generic object that you define:

var returnObject = new
{
    selectResults = selectResults
};

This will add the JSON object wrapping you want onto the response, which you can then use this code to build your response:

var response = Request.CreateResponse(HttpStatusCode.OK, returnObject,MediaTypeHeaderValue.Parse("application/json"));

Sorry if I have misunderstood what you are asking for - hope this helps/works.