0

I created a WCF project with one simple method that returns a pdf in a byte[] and a int (id #) and has username+password with a custom validator for message security and a SSL for transport security. Now the client tells me that he was assuming I was going to create a RESTful API instead. I don't have any experience with REST, but I've seen that you can create a REST project in WCF (which is what I'd prefer for interaction with the rest of my solution).

First, can you deliver a pdf the same way in a RESTful API? I set the int as an out parameter in order to return it to the client, can I assume an out parameter will function the same as well?

Second, can I use the same kind of security setup? I'm assuming the SSL will still protect the transport, but I cannot seem to find a good example or tutorial on basic security. I can use a different method of security if needed.

Precious Roy
  • 1,076
  • 1
  • 9
  • 18

1 Answers1

1

REST is different than SOAP or even WCF in that you aren't using cumbersome "envelopes" unfortunately those envelopes provide you with functionality like the authentication scheme you're using (and out params, etc.)

See Best Practices for securing a REST API / web service

You can go /w basic authentication + SSL for authentication. You must encrypt basic authentication though or else it is insecure. As for the out parameter, it seems that a composite XML based result like the following is one way to go:

GET

could return XML like:

<result>
  <intValue>4</intValue>
  <pdfByteString><![CDATA[bytestring...etc.]]></pdfByteString>
</result>

It actually does look like WCF does have some built-in functionality to help you out, this white paper should provide a decent intro:

http://msdn.microsoft.com/en-us/library/ee391967.aspx#Y1720

Community
  • 1
  • 1
mikey
  • 4,858
  • 3
  • 21
  • 27
  • Thanks for the quick reply. Microsoft does have some good docs on this. So I can just return the other parameter next to the pdf? Thats very helpful. I understand everything your talking about except the you have there. How would you recommend passing a pdf to the client? I load a template, then write some fields onto it with iTextSharp. Then I just have to get it to them somehow. – Precious Roy Jun 02 '11 at 13:12
  • I'd make the PDF into a byte array on the server side then return that or a string representation of the byte array, whichever is easier. Then the client needs to handle the array of bytes either in memory of write to file system and send it to the user. Which I assume is no problem as this is a web service (no humans will be entering the service url into their browsers and expecting a "save as" dialog, right?) – mikey Jun 02 '11 at 13:23
  • Instead of byte as string you can consider base64 encoding, or a "reference-based" implementation, discussed here: http://msdn.microsoft.com/en-us/library/ms996427.aspx#infoset_whitepaper_topic2a – mikey Jun 02 '11 at 13:29
  • right, previously I had the client using a file handler a .NET project to save the stream to a file. I just wasn't sure if this was best practice still in a REST servicing some pagan (non.NET lol) framework, or if there is another way it's done usually. Thanks for the insight. – Precious Roy Jun 02 '11 at 13:34
  • that sounds like an interesting approach to, I just wish I could find some similar examples of REST in WCF. I'm more of a tactile learner. – Precious Roy Jun 02 '11 at 13:37
  • Looks interesting. http://oreilly.com/catalog/9780596519209/?CMP=AFC-ak_book&ATT=RESTful%20.NET – mikey Jun 02 '11 at 15:33