Introduction
“This is impossible!!!!” GET
verb can take request parameters only from the query strings (name/value pairs) and it has a limitation in length.
If the URL is too long, the web server fails with the 414 Request-URI Too Long HTTP status code.
The only alternative to pass a complex object or to pass request body is using ‘POST‘.
The following table compares the two HTTP methods: GET
and POST
.
Comparison
| GET | POST |
BACK button/Reload | Harmless | Data will be re-submitted (the browser should alert the user that the data are about to be re-submitted) |
Bookmarked | Can be bookmarked | Cannot be bookmarked |
Cached | Can be cached | Not cached |
Encoding type | application/x-www-form-urlencoded | application/x-www-form-urlencoded or multipart/form-data. Use multipart encoding for binary data |
History | Parameters remain in browser history | Parameters are not saved in browser history |
Restrictions on data length | Yes, when sending data, the GET method adds the data to the URL; and the length of a URL is limited (maximum URL length is 2048 characters) | No restrictions |
Restrictions on data type | Only ASCII characters allowed | No restrictions. Binary data is also allowed |
Security | GET is less secure compared to POST because data sent is part of the URL. Never use GET when sending passwords or other sensitive information! | POST is a little safer than GET because the parameters are not stored in browser history or in web server logs |
Visibility | Data is visible to everyone in the URL | Data is not displayed in the URL |
But my lead says you have to accept a complex object as part of request through HTTP GET
. I know this is against the developer ethics. But I can’t do anything.
After deep thinking, I thought let me try passing this through HEADER. So what is a Header?
The information, in the form of a text record, that a user’s browser sends to a Web server containing the details of what the browser wants and will accept back from the server. The request header also contains the type, version and capabilities of the browser that is making the request so that server returns compatible data.
Upon receipt of the request header, the server will return an HTTP response header to the client that is attached to the file(s) being sent.
Solution
As my project is ASP.NET MVC Web API, here’s the solution:
public HttpResponseMessage GetProducts()
{
IEnumerable<string> customJsonInputString;
if (!Request.Headers.TryGetValues("custom", out customJsonInputString))
return new HttpResponseMessage(HttpStatusCode.BadRequest);
var customJsonInputArray = customJsonInputString.ToArray();
var ProductsRequest =
Newtonsoft.Json.JsonConvert.DeserializeObject<ProductsRequest>(customJsonInputArray[0]);
var productLogic= new ProductLogic();
var productsResponse = productLogic.FetchProducts(ProductsRequest );
return Request.CreateResponse(HttpStatusCode.OK, productsResponse );
}
Sample Header
Custom is the complex object we are trying to pass as part of HTTP GET
request:
User-Agent: Fiddler
content-type: application/json
accept: application/json
Host: localhost:39999
Content-Length: 1097
X-Api-Version: 2
custom: [ { "id": 2, "name": "An ice sculpture",
"price": 12.50, "tags": ["cold", "ice"],
"dimensions": { "length": 7.0, "width": 12.0,
"height": 9.5 }, "warehouseLocation":
{ "latitude": -78.75, "longitude": 20.4 } },
{ "id": 3, "name": "A blue mouse",
"price": 25.50, "dimensions": { "length": 3.1,
"width": 1.0, "height": 1.0 }, "warehouseLocation":
{ "latitude": 54.4, "longitude": -32.7 } }]
ProductsRequest
class is not shown here. Just search for JSON string to C# object. You should see tons of examples to achieve this. Give a try !!!.
Now it's time to correct my title. We aren’t actually passing any request body here, it's a small hack.
Note: This is not the right way to do this. Try to avoid using this.
CodeProject
Filed under:
ASP.NET,
C# Tagged:
ASP.NET MVC WEB API,
HTTP GET,
HTTP GET with a request body,
Web API