Simple question on where clause

Simple question on where clause

nicoledramirez@hotmail.comnicoledramirez@hotmail.com Posts: 60Questions: 14Answers: 2
edited December 2016 in DataTables 1.10

I see this referenced in the user manuals .Where("update_user", Session["UserName"], "=") But how do I use a cookie call in the where statement instead? I am thinking I just don't understand the info because only a few lines are displayed in the sample code.
Entire code:

using System.Web;
using System.Web.Http;
using DataTables;
using WebApiExamples.Models;

namespace WebApiExamples.Controllers
{

    public class module_userController : ApiController
    {
        [Route("api/module_user")]
        [HttpGet]
        [HttpPost]
        public IHttpActionResult module_user()
        {
            var request = HttpContext.Current.Request;
            var settings = Properties.Settings.Default;
           

            using (var db = new Database(settings.DbType, settings.DbConnection))
            {
                var response = new Editor(db, "Modules")
                    .Model<module_userModel>()

                    .TryCatch(false)
                        .Field(new Field("Module"))
                        .Field(new Field("URL"))
       .Where("update_user", , "=")


                    .Process(request)
                    .Data();

                return Json(response);

            }


        }
       
    }
 
}

Edited by Allan - Syntax highlighting. Details on how to highlight code using markdown can be found in this guide.

Replies

  • allanallan Posts: 63,692Questions: 1Answers: 10,500 Site admin

    I think the key question is how to get a cookie value.

    Based on that you could use something like:

    .Where("update_user", Request.Cookies["key"].Value;, "=")
    

    I would suggest you be very careful with that though. It is trivial to change the value of a cookie, which would lead to a security breach if you use the cookie value in a where statement.

    I would suggest instead that you use a session variable to store sensitive information such as that, so it can't be changed by someone on the client-side.

    Allan

  • nicoledramirez@hotmail.comnicoledramirez@hotmail.com Posts: 60Questions: 14Answers: 2

    Hi Allan,
    I have tried that.

    The problem is it comes up with an error 'HttpRequestMessage' does not contain a definition for 'Cookies' and no extension method 'Cookies' accepting a first argument of type 'HttpRequestMessage' could be found...

    I have tried pushing a form parameter but get the same message just subbing 'Form' for 'Cookies'.

  • allanallan Posts: 63,692Questions: 1Answers: 10,500 Site admin

    This is where the fun of .NET and its various ways of working begins!

    This documentation from Microsoft details how you can access a cookie inside a Web API controller.

    Allan

  • nicoledramirez@hotmail.comnicoledramirez@hotmail.com Posts: 60Questions: 14Answers: 2

    A little frustrating. Set the session and now nothing else works. URI error that wasn't happening before. :(

  • allanallan Posts: 63,692Questions: 1Answers: 10,500 Site admin

    What is the error? What code did you use? Did you get any compiler errors?

  • nicoledramirez@hotmail.comnicoledramirez@hotmail.com Posts: 60Questions: 14Answers: 2

    Nope. It gives me the tn/7 error. When I debug, it returns no callback. Moved it to another server, it started returning values. Once I added sessions and configured for inproc session storage, it crashed again with the same error. Not sure if one is related to the other or not because I didn't even add it to the where clause yet so that is kind of why I can't put my finger on it. :(

  • nicoledramirez@hotmail.comnicoledramirez@hotmail.com Posts: 60Questions: 14Answers: 2

    This is all I have:

    Request URL:http://***.***.*.**/api/cdi_master?_=1481826453194
    Request Method:GET
    Status Code:401 Unauthorized

  • nicoledramirez@hotmail.comnicoledramirez@hotmail.com Posts: 60Questions: 14Answers: 2

    I am now at just a 500 error. Seems like it doesn't like my routing. Is there another method other than using "ajax": "/api/cdi_master",

  • allanallan Posts: 63,692Questions: 1Answers: 10,500 Site admin

    I am now at just a 500 error

    You'd probably need to refer to your server's error logs to see what the error that the server is throwing is.

    Allan

  • nicoledramirez@hotmail.comnicoledramirez@hotmail.com Posts: 60Questions: 14Answers: 2

    I did. Not really giving me anything to go on other than 500.0.0.62. Which if I am looking at this right, refers to ISAPI. But nothing I've tried works. I know IIS is out of your scope (not a sys admin so kinda out of mine too). so to rephrase the question a little better, is there a different method to route and callback to the controller?

  • allanallan Posts: 63,692Questions: 1Answers: 10,500 Site admin

    is there a different method to route and callback to the controller?

    Its possible, but that really depends upon your application since Editor doesn't provide any routing itself.

    If the server is giving a 500 error rather than a 4xx error, then you probably are hitting the correct URL, but it simply isn't able to process the request and is giving an error.

    If there are any options to enable more verbose logging in IIS, then that would be the place to start. Usually the error message will say how to do that in my experience. Does the server return anything as part of the 500 error (using your browser's dev tools)?

    Allan

  • nicoledramirez@hotmail.comnicoledramirez@hotmail.com Posts: 60Questions: 14Answers: 2
    edited December 2016

    Nope, not really. It seems to keep trying to push the data. Just isn't going anywhere. I am kind of thinking I am running out of options trying to fix it myself and need to push this issue back to the sys admin because it worked before I added the session lock down in so from the programming side of my brain, what you're saying makes sense. I just thought I would ask the question so I can say I have exercised all options. And I do agree with you on the session vs. cookie thing. It was just the only way to get my demo on the road but I am at the point that I do need to change it so I can go live in the new year. :)

    If I can pick your brain one more time: Looking in W3SVC:

    2016-12-16 00:07:00 ..*.21 GET /api/cdi_client _=1481846371680 80 - ***.**.*.81 Mozilla/5.0+(Windows+NT+10.0;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/55.0.2883.87+Safari/537.36 http://***.***.*.21/******/******/CDI/cdi_client_report.html 500 0 0 687

    One thing I did notice is that the IP addresses extensions are different (see 21/81). (Think I had been dissecting the logs for too long yesterday and it was starting to make me cross-eyed) Thinking this could be a cause...?

    Your suggestions this year have steered me in the right directions so thank you for all your help and Happy Holidays! :)

  • allanallan Posts: 63,692Questions: 1Answers: 10,500 Site admin

    I'm not too familiar with the logging in IIS, but my guess is that .81 is your own computer's IP address - would that be correct? And that .21 is the server's address.

    Allan

This discussion has been closed.