How to Protect Your Queryable API with ASP.NET Web OPI Data

You can enable OData query syntax using Web API OData by simply adding a Queryable attribute to your action like:
[Queryable]
public IQueryable<WorkItem> Get(int projectId)

However, it only works for action that are using the OData format and it just applies to any vanilla web API actions using other formats. However, adding Queryable to your action can expose your service to DOS attack.

Starting with the Web API OData RC release, there are some convenient properties on QueryableAttribue to help in validating incoming queries. With this, you are protected from DOS attacks.

Read the rest of the article in Blog.msdn.com to find out.

Leave a Reply

Your email address will not be published. Required fields are marked *