Click here to Skip to main content
65,938 articles
CodeProject is changing. Read more.
Articles / web / ASP.NET

Flexible JScript.NET Web Service Using eval()

2.78/5 (3 votes)
18 May 20073 min read 2   78  
Using JScript.NET to build your webservice means you can send business logic code across the wire. This article shows you how.

Introduction

Some time ago, I worked on an application which had a unique framework design. It was, at the core, an order management system where users could create orders, add order details, change order details, and generally do anything you would want a good shopping cart to do. The framework itself handled the usual business logic of adding to an order, totaling the order, checking to see if the item exists, or any other crucial order function. The unique part came from the need to allow different implementations to perform their own business logic before or after performing these tasks. Sometimes you'd want to override the descriptions created in the database or modify the quantities if certain conditions were met. In order to do these kinds of things, a developer would have to write a windows .dll that implemented these calls. It was cumbersome and often error-prone to write these .dlls. Furthermore, outside developers had to have very intimate knowledge of the framework before diving in. We needed a way for a developer to pass her or his business logic code to the framework (now a web service) that would get executed at a certain time.

As you know, you can't really pass business logic to a web service. Once you send it off, you have to wait for it to come back in order to change and resend data. After reading this article, I got the idea to use Jscript.NET's eval function to accomplish the task that external libraries would. With the eval function, it is possible to send text to a web service and then execute that text as though it were code. So I set out to write a Jscript.NET web service that would leverage the power of dynamic code execution.

Using the code

Consider the following example:

JavaScript
WebMethodAttribute public function InsertOrderDetail(
    productId : int, quantity : int, 
    onAfterOrderDetailInsert : String) : OrderDetail
{
      var orderDetail : OrderDetail = new OrderDetail(productId, quantity);
      eval(onAfterOrderDetailInsert);
      return orderDetail;           
}

In this web method, an order is created and then some code is executed which can change the quantity, description, or pretty much anything you would want to do to an order. I then took it one step further and actually created a method to encapsulate this process:

JavaScript
private function OnAfterOrderDetailInsert(
    code : String, Inserted : OrderDetail)
{
      eval(code);
}

Because of security concerns, you would want to limit what a user can do in their eval. Encapsulating it abstracts it a bit and imposes limits to only update an order detail object. Also, since I did not specify a value for the security level parameter, eval doesn't have access to the network or file system. By no means does this relieve us of all security concerns, code can still mess things up. So now the previous code becomes:

JavaScript
WebMethodAttribute public function InsertOrderDetail(productId : int, 
    quantity : int, onAfterOrderDetailInsert : String) : OrderDetail
{
      var orderDetail : OrderDetail = new OrderDetail(productId, quantity);
      OnAfterOrderDetailInsert(onAfterOrderDetailInsert, orderDetail);
      return orderDetail;
}

To conclude this method and use the eval, its as simple as this:

JavaScript
protected void InsertOrderDetail_Click(object sender, EventArgs e)
{
    string onOrderDetailInsert = @"" +
        "if(Inserted.QuantityAvailable < 20)\n" +
        "{\n" +
        "   Inserted.Description += ' ON SALE!!!';\n" +
        "}";

    OrderManagement.OrderService orderService = 
new miscellaneous.JScriptEvalExample.WebSite.OrderManagement.OrderService();
    OrderManagement.OrderDetail orderDetail = 
        orderService.InsertOrderDetail(
        ProductID, Quantity, onOrderDetailInsert);
}

This modifies the order detail's description based upon the quantity available.

Conclusion

Eval code truly comes in handy when we have access to variables, properties, and methods that the web service does not expose. Let's say that, before you insert an order detail, you need to check an item's availabilty. Before, you would have to call the web service 2 times: once to get the availabilty and the again to add the item. Using the eval, you save that last step.

Therefore it is aparent that when used correctly and safely, eval functionality can really give web service consumers freedom. It can allow them to infiltrate the process at specified points and transmit their own business logic using SOAP calls. Furthermore, it can help combine steps to remove the need for multiple calls to the web service. I have attached all of the example code with the Jscript.NET web service and referenced the example website.

History

  • 18 May, 2007 - Original version posted

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here