在 URI 上使用 HTTP POST
我有一个 RESTful WCF 服务,它的上传方法接受多个参数。它通过设置 URI 的 Stream 部分之外的所有参数来实现此目的。这就是该方法在合约中的样子:
[OperationContract, WebInvoke(UriTemplate = "UploadFile?username={username}&password={password}&filename={filename}")]
bool UploadFile(string username, string password, string filename, Stream fileContents);
我还没有测试过这个方法,但假设它确实有效,那么它有一个主要问题:密码将在地址栏中可见。如何隐藏这些参数,同时将它们保留为 UriTemplate 的一部分?我需要它们作为 URI 的一部分,因为这允许我在 Stream 中使用其他参数。
这就是我尝试做的:
[OperationContract, WebInvoke(Method = "POST", UriTemplate = "UploadFile?username={username}&password={password}&filename={filename}")]
bool UploadFile(string username, string password, string filename, Stream fileContents);
这只是一个疯狂的猜测,我什至不确定它是否有意义。 WCF 服务启动得很好,但我还没有测试过。可以通过这种方式在 URI 上使用 HTTP POST 吗?
I have a RESTful WCF service that has an upload method accepting more than one parameters. It does this by making all parameters besides the Stream part of the URI. This is what the method looks like in the contract:
[OperationContract, WebInvoke(UriTemplate = "UploadFile?username={username}&password={password}&filename={filename}")]
bool UploadFile(string username, string password, string filename, Stream fileContents);
I haven't tested this method yet, but assuming that it does work, there's a major issue with it: the password would be visible in the address bar. How do I hide those parameters while keeping them part of the UriTemplate? I need them as part of the URI since that's what allows me to use additional parameters with the Stream.
This is what I tried doing:
[OperationContract, WebInvoke(Method = "POST", UriTemplate = "UploadFile?username={username}&password={password}&filename={filename}")]
bool UploadFile(string username, string password, string filename, Stream fileContents);
This is just a wild guess, and I'm not even sure if it makes any sense. The WCF service starts up just fine, but I haven't tested it yet. It is possible to use HTTP POST on URIs in this way?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
POST 或 GET,没关系,参数仍然会出现在 URL 中,而您肯定不希望这样。 WCF 不支持开箱即用的表单发布,但如果您将方法更改为仅采用 Stream,您将收到整个 POSTed 正文,无论其格式如何,以原始字节表示,然后您可以自己解析。
由于您要上传表单数据 (application/x-Www-form-urlencoded) 和文件数据,这意味着 POST 实际上是多部分 MIME (multipart/form-data)。假设仅上传单个文件,您只需要读取流的前面,直到第一个边界即可获取表单数据,您可以轻松地拆分表单数据并对其值进行 URL 解码。然后跳过边界,流的其余部分将是文件数据,直到关闭边界。
POST or GET, it doesn't matter, the parameters would still show up in the URL and you definitely don't want that. WCF does not come with support for form posting out of the box, but if you change your method to take just a Stream, you will receive the entire POSTed body in whatever format it was in in raw bytes which you can then parse yourself.
Since you'd be uploading both form data (application/x-Www-form-urlencoded) and file data, that means the POST would actually be multi-part MIME (multipart/form-data). Assuming single file upload only, you would simply need to read the front of the Stream until the first boundary to get the form data which you can easily split and URL decode the values for. Then skip the boundary and the the rest of the Stream would be the file data until the closing boundary.
URI 将始终是公开的,除非您通过 HTTPS 发送它。
您可以在调用 WCF 服务之前在客户端加密密码,然后解密字符串,但我预测这可能并不理想。
通常人们会在 HTTP POST 请求的正文中发送此内容,因此它在参数列表中不可见。
The URI will always be public unless you send it through HTTPS.
You could encrypt the password on the client side before calling the WCF service and decrypt the string afterwards, but I predict that may not be ideal.
Usually people would send this up in the body of the HTTP POST request so it is not visible in the parameter list.