{ideas}

One of the biggest problems you will have while implementing RESTful services is that most of today’s browsers and firewalls will not allow PUT and DELETE requests. An easy way to fix this is to add a custom HTTP header to your post requests and send the real method in there. Since Google is using “X-HTTP-Method-Override” it looks like a smart choice to follow that pattern and use it too.

This simple jquery code shows how to do it in the client side:

$.ajax({
    type: "POST",
    url: serviceURL,
    data: "data",
    success: function(data, textStatus) { alert("success"); },
    error: function(xhr, status, error) { alert("error"); },
    beforeSend: function(xhr) { xhr.setRequestHeader("X-HTTP-Method-Override", "DELETE"); }
});

This C# code shows how to use the custom header in a WCF server:

public String PostProxy(String data)
{
    switch (HttpContext.Current.Request.Headers["X-HTTP-Method-Override"])
    {
        case "PUT": return Add(data);
        case "DELETE": return Delete(data);
        default: return Update(data);
    }
}

If you need to receive files bigger than 4MB using WCF services you have to change the default configuration in your web.config file to allow the size required.

<system.web>
    <httpRuntime maxRequestLength="131072" />
</system.web>

Note: this should work for any ASP application.

When you develop WCF services you might want to have some protected and unprotected methods on the same service. To do this you will need to do as follows.
Publish your service on an unprotected area of your site; change your web.config file to do it:

<location path="services">
    <system.web>
        <authorization>
            <allow users="*" />
        </authorization>
    </system.web>
</location>

Add this line of code to your service constructor method:

public Service()
{
    Thread.CurrentPrincipal = HttpContext.Current.User;
}

Finally use declarative permissions on the service methods you want to protect:

[PrincipalPermission(SecurityAction.Demand)]
public String YourMethod()
{
    return String.Empty;
}

First of all you don’t. You have to change the GeneratePassword method used in the ResetPassword method. To do this you need to write your own membership provider and override it like in this example:

public class MembershipProvider : System.Web.Security.SqlMembershipProvider
{
    const String UPPER = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    const String LOWER = "abcdefghijklmnopqrstuvwxyz";
    const String NUMBERS = "1234567890";
    const String SPECIAL = "*$-+?&=!%/";

    public override string GeneratePassword()
    {
        Random rand = new Random();
        String password = "";
        List<String> data = new List<String>();
        for (int i = 0; i < 10; i++)
        {
            if ( i < 3 ) data.Add(UPPER[rand.Next(UPPER.Length)].ToString());
            else if ( i < 6 ) data.Add(LOWER[rand.Next(LOWER.Length)].ToString());
            else if ( i < 8 ) data.Add(NUMBERS[rand.Next(NUMBERS.Length)].ToString());
            else if ( i < 10 ) data.Add(SPECIAL[rand.Next(SPECIAL.Length)].ToString());
        }
        while (data.Count > 0)
        {
            int pos = rand.Next(data.Count);
            password += data[pos];
            data.RemoveAt(pos);
        }
        return password;
    }
}

Note: After you do this you will not be able to use the IIS7 management for your users.

To continue with our previous posts about Facebook I’m going explain how to use the RESTful API from C# code. This time I’m writing a console application to read user Facebook’s statuses. This illustrates that you can really use the RESTful API from any application including desktop.
A very important thing you need to do before this code works is to ask your user for authorization to read his stream with offline access as shown in this post. After your user grants your application to have offline access you can read his session_key and use it everywhere because it will never expire.

You can download the source code for this post here.

First we need to write a Class that mimics Status FQL table.

public class Status
{
    public String status_id { get; set; }
    public String time { get; set; }
    public String source { get; set; }
    public String message { get; set; }
}

Then we create a method to generate our data signature.

public static String GetSignature(Dictionary<String, String> parameters)
{
    MD5 md5 = MD5.Create();
    String data = "";
    String[] keys = parameters.Keys.OrderBy(k => k.ToString()).ToArray();
    for (int i = 0; i < keys.Length; i++)
    {
        String key = keys[i];
        String value = parameters[key];
        data += key + "=" + value;
    }
    data += "APPLICATION_SECRET";
    byte[] bytes = md5.ComputeHash(Encoding.UTF8.GetBytes(data));
    String signature = "";
    foreach (byte b in bytes) signature += b.ToString("x2");
    return signature;
}

After that we just build our post data, post our request, read our response and deserialize the status objects.

static void Main(string[] args)
{
    Dictionary<String, String> parameters = new Dictionary<String, String>();
    parameters.Add("format", "json");
    parameters.Add("method", "Fql.query");
    parameters.Add("query", "select status_id, time, source, message from status where uid = USER_ID");
    parameters.Add("session_key", "SESSION_KEY");
    parameters.Add("api_key", "API_KEY");
    parameters.Add("v", "1.0");
    parameters.Add("call_id", DateTime.Now.Ticks.ToString());
    parameters.Add("sig", GetSignature(parameters));
    String postData = "";
    for (int i = 0; i < parameters.Keys.Count; i++)
    {
        String key = parameters.Keys.ElementAt(i);
        String value = parameters[key];
        String param = key + "=" + HttpUtility.UrlEncode(value);
        postData += param;
        if (i < parameters.Keys.Count - 1) postData += "&";
    }
    HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://api.facebook.com/restserver.php");
    request.Method = "POST";
    request.ContentType = "application/x-www-form-urlencoded";
    StreamWriter writer = new StreamWriter(request.GetRequestStream());
    writer.Write(postData);
    writer.Close();
    DataContractJsonSerializer serializer = new DataContractJsonSerializer(typeof(Status[]));
    HttpWebResponse response = (HttpWebResponse)request.GetResponse();
    Status[] statuses = (Status[])serializer.ReadObject(response.GetResponseStream());
    foreach (Status s in statuses)
    {
        DateTime time = new DateTime(long.Parse(s.time));
        Console.WriteLine(time.ToString() + ", " + s.message);
    }
    Console.ReadLine();
}

Note that you can use this approach to call any method in the RESTful API, not to just make FQL queries.

In this short post I’ll write the JavaScript code required to ask users to grant stream reading, stream publishing and offline access permissions for your application.

var read = "read_stream";
var offline = "offline_access";
var publish = "publish_stream";
FB_RequireFeatures(["Api"], function() {
    FB.Facebook.init("API_KEY", "xd_receiver.htm");
    var api = FB.Facebook.apiClient;
    FB.Connect.requireSession(function() {
        var session = api.get_session();
        api.users_hasAppPermission(read, function(hasRead) {
            api.users_hasAppPermission(publish, function(hasPublish) {
                api.users_hasAppPermission(offline, function(hasOffline) {
                    var permissions = [];
                    if (!hasRead) permissions.push(read);
                    if (!hasPublish) permissions.push(publish);
                    if (!hasOffline) permissions.push(offline);
                    if (permissions.length > 0) {
                        FB.Connect.showPermissionDialog(permissions.join(","), function(authorized) {
                            alert("Authorized: " + authorized);
                        });
                    }
                    else {
                        alert("Has Permissions");
                    }
                });
            });
        });
    });
});