Category: Rest api multiple filters

28.10.2020 By Mazukazahn

Rest api multiple filters

An authentication filter is a component that authenticates an HTTP request. Web API 2 and MVC 5 both support authentication filters, but they differ slightly, mostly in the naming conventions for the filter interface.

This topic describes Web API authentication filters. Authentication filters let you set an authentication scheme for individual controllers or actions. That way, your app can support different authentication mechanisms for different HTTP resources. The filter is implemented in a class named IdentityBasicAuthenticationAttribute. I won't show all of the code from the sample, just the parts that illustrate how to write an authentication filter.

Like other filters, authentication filters can be applied per-controller, per-action, or globally to all Web API controllers. To apply an authentication filter to a controller, decorate the controller class with the filter attribute.

The following code sets the [IdentityBasicAuthentication] filter on a controller class, which enables Basic Authentication for all of the controller's actions. To apply the filter to one action, decorate the action with the filter. The following code sets the [IdentityBasicAuthentication] filter on the controller's Post method.

IAuthenticationFilter interface. They should also inherit from System. Attributein order to be applied as attributes. The server can also return from an anonymous request. In fact, that's typically how the authentication process is initiated:. In Web API, authentication filters handle authentication, but not authorization. Authorization should be done by an authorization filter or inside the controller action.

The following diagrams show two possible cases.

rest api multiple filters

In the first, the authentication filter successfully authenticates the request, an authorization filter authorizes the request, and the controller action returns OK. In the second example, the authentication filter authenticates the request, but the authorization filter returns Unauthorized.

In this case, the controller action is not invoked. The authentication filter adds a Www-Authenticate header to the response. Other combinations are possible—for example, if the controller action allows anonymous requests, you might have an authentication filter but no authorization.

The AuthenticateAsync method tries to authenticate the request. Here is the method signature:. Option 1 means the request did not have any credentials that the filter understands. Option 2 means the filter successfully authenticated the request. Option 3 means the request had invalid credentials like the wrong passwordwhich triggers an error response. The follow code shows the AuthenticateAsync method from the Basic Authentication sample.

The comments indicate each step.

REST API Design Best Practices for Sub and Nested Resources

If the credentials are invalid, the filter must set context. The Basic Authentication sample includes an AuthenticationFailureResult class that is suitable for this purpose.It is a pretty simple list.


The title field holds the state and there is a SalesDivision field which is a lookup to another list. Also, there is enough data for me to play around with filters and see how it manipulates the results. It looks like:. Nothing earth shattering to see here. The OData specification says that if you run the same query twice, you should get back the same items in the same order unless the underlying data has changed in the interim.

For SharePoint, the default result set order is to sort by Id ascending. You can reverse the sort order by tacking on a space followed by desc for descending :. You can also tack on asc for ascendingbut this is obviously the default sort order given the results from my first example. Below is a pictorial representation of the order by syntax. This is mostly borrowed directly from the Microsoft documentation, but they omitted the loop around with a comma, making it look as though you can only sort by a single field, which is not the case.

It is only a partial implementation of the specification. Now before I go further, I want to mention some stuff about case-sensitivity. First, the query term is not case-sensitive, since I query all lower case and the actual value is title case. If you try this yourself in the browser, you will get a query exception.

The basic query operators will work as you would expect for both strings and numbers, but if the field is numeric you should not quote the literal value, so:.

Filters in Azure Cognitive Search

It may be on OData. First, here is a pictorial representation for the basic syntax:. The operators must be lower case, and are:. A compound expression, which may or may not be logically grouped in parens, is expressed as:. This site uses Akismet to reduce spam. Learn how your comment data is processed. Home Privacy Policy About.Studied UMichigan. However, there is no standard or official API design guidelines.

RESTful is only an architectural style. There are many beginner api-guide for API design readily available such as this guide and this guide. However, this only works for exact matches. What if you want to do a range such as a price or date range?

The problem is URL parameters only have a key and a value but filters are composed of three components:. One way to encode operators is the use of square brackets [] on the key name. We can have as many operators as needed such as [lte][gte][exists][regex][before]and [after]. LHS Brackets are a little harder to parse on server side, but provides greater flexibility in what the filter value is for clients. No need to handle special characters differently.

Ease of use for clients. There are many query string parsing libraries available that easily encode nested JSON objects into square brackets. Simple to parse on server side. The URL parameter key contains both the field name and operator. No need to escape special characters in the filter value when operator is taken as a literal filter term.

This is especially true when your filters include additional custom metadata fields that your user may set. May require more work on server side to parse and group the filters. You may have to write a custom URL parameter binder or parser to split the query string key into two components: The field name and the operator.

Special characters in variable names can be awkward. You may have to write a custom binder to split the query string key into two components: The field name and the operator.

Hard to manage custom combinational filters. Multiple filters with the same property name and operator result in an implicit AND.

If you require search on your endpoint, you can add support for filters and ranges directly with the search parameter. Almost no parsing required on backend, can pass directly to search engine or database Just be careful of sanitizing inputs for security.However, in a few cases, some SharePoint objects include properties that are very resource intensive to retrieve; to optimize REST service performance, these properties are not included in the default query, and must be explicitly requested.

For example, the SPWeb. You can also specify that the request returns projected fields from other lists and the values of lookups. For example:. Single value lookup fields are represented by two separate fields in the SharePoint REST service: one field representing the actual field value, and another representing the field name.

You can execute queries against the lookup field value as you would any other field of that data type. For example, if the lookup field value is a string, you can use string comparison options in your query.

Therefore, you must construct user queries against users' friendly names.

$filter and $orderBy in SharePoint REST requests

Membership-based user queries are not supported. Usage of the Current operator to do queries using the ID of the current user isn't supported. Because multi-value lookup fields are returned as a string of multiple values, there's no way to query for them for example, the equivalent of an Includes element or NotIncludes element isn't supported. To sort by multiple fields, specify a comma-separated list of fields. You can also specify whether to sort the items in ascending or descending order by appending the asc or desc keyword to your query.

For example, the following URI requests that only the first 10 items in the prospective return set actually be returned:. When using these query options, take into account that paging in OData is ordinal. For example, suppose you are implementing a next page button to display SharePoint list items. You use the REST service to enable the button to return items 1 through 20 when clicked, and then items 21 through 40, and so on.

However, suppose another user deletes items 4 and 18 between clicks of the next button. In such a case, the ordinal positioning of the remaining items is reset, and displaying items 21 through 40 actually skips over two items. You may also leave feedback directly on GitHub. Skip to main content. Exit focus mode. Note Membership-based user queries are not supported. Note When using these query options, take into account that paging in OData is ordinal.

Is this page helpful? Yes No.By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service. The dark mode beta is finally here. Change your preferences any time. Stack Overflow for Teams is a private, secure spot for you and your coworkers to find and share information.

rest api multiple filters

I have successfully scraped all the data and stored it in a database, and am now working on the API. The courses can be filtered on the basis of many criteria: instructor, college, credits, time, day etc. I would need to have a URL for all permutations. Or is there another way of doing this I am not aware of? If it is the third option that is the best option, could you provide a short summary best to prepare a SQL query on the basis of a JSOn string that may have variable number of values?

To expand on the answer from J. Filtering that resource is usually accomplished using query parameters to filter that single resource, e. By doing this, you avoid the issue with all possible permutations creating a proliferation of resources. Learn more. Ask Question. Asked 8 years, 3 months ago. Active 2 years, 9 months ago. Viewed 11k times.

What is the best way to provide an API in this situation? Option 1 Provide numerous URLs such as example. Option 2 Only provide APIs for the major options like: example. Yami Odymel 1, 1 1 gold badge 13 13 silver badges 31 31 bronze badges. Active Oldest Votes. Fundamentally: There's one resource, which can be filtered as necessary. Pete Pete Technically, those are still distinct resources.A filter provides criteria for selecting documents used in an Azure Cognitive Search query.

Unfiltered search includes all documents in the index. A filter scopes a search query to a subset of documents. For example, a filter could restrict full text search to just those products having a specific brand or color, at price points above a certain threshold. If instead your goal is targeted search on specific data structures scoping search to a customer-reviews fieldthere are alternative methods, described below.

rest api multiple filters

Filters are foundational to several search experiences, including "find near me", faceted navigation, and security filters that show only those documents a user is allowed to see.

If you implement any one of these experiences, a filter is required. It's the filter attached to the search query that provides the geolocation coordinates, the facet category selected by the user, or the security ID of the requestor. Use a filter to slice your index based on data values in the index. Given a schema with city, housing type, and amenities, you might create a filter to explicitly select documents that satisfy your criteria in Seattle, condos, waterfront.

Full text search with the same inputs often produces similar results, but a filter is more precise in that it requires an exact match of the filter term against content in your index. Numeric fields are retrievable in the document and can appear in search results, but they are not searchable subject to full text search individually. If you need selection criteria based on numeric data, use a filter. If you want a narrowing effect in your search results, filters are not your only choice.

These alternatives could be a better fit, depending on your objective:. For example, if your index provides separate fields for English and Spanish descriptions, you can use searchFields to target which fields to use for full text search. This parameter does not refine the query or reduce the document collection, but if a smaller response is your goal, this parameter is an option to consider.

At query time, a filter parser accepts criteria as input, converts the expression into atomic Boolean expressions represented as a tree, and then evaluates the filter tree over filterable fields in an index. Filtering occurs in tandem with search, qualifying which documents to include in downstream processing for document retrieval and relevance scoring.

When paired with a search string, the filter effectively reduces the recall set of the subsequent search operation.By using our site, you acknowledge that you have read and understand our Cookie PolicyPrivacy Policyand our Terms of Service. It only takes a minute to sign up. Assuming there is a list of Students each with a zip-code, how can I get records for multiple but not all zip-codes.

You have to use and or or inside the filter. Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered. Asked 4 years, 4 months ago. Active 4 years, 4 months ago. Viewed 62k times. Here's what I have so far: site. Active Oldest Votes. Patrick Patrick 3, 2 2 gold badges 17 17 silver badges 38 38 bronze badges. Sign up or log in Sign up using Google.

Sign up using Facebook. Sign up using Email and Password.

Use OData query operations in SharePoint REST requests

Post as a guest Name. Email Required, but never shown. The Overflow Blog. The Overflow How many jobs can be done at home? Featured on Meta. Community and Moderator guidelines for escalating issues via new response…. Feedback on Q2 Community Roadmap. Related 6. Hot Network Questions. Question feed.