MicroLite.Extensions.WebApi 6.6.0

The OData query parsing library which was spun out of the MicroLite WebApi extension has undergone quite a few changes and some of those have been incorporated into the MicroLite WebApi extension.

The main difference is that the OData query support has been split out into a separate library so if you want to use WebApi controllers but don’t use OData, you no longer have a dependency on the Net.Http.WebApi.OData library. Starting with version 6.6.0 of the MicroLite WebApi extension, there are now 2 packages available:

• MicroLite.Extensions.WebApi – this contains the base WebApi integration (MicroLiteApiController etc)
• MicroLite.Extensions.WebApi.OData – this contains the MicroLiteODataApiController and supports OData 4.0 (via Net.Http.WebApi.OData 4.0.0)

What do I need to do?

“I use the WebApi extension and want OData 4.0!”

1. PM> Install-Package MicroLite.Extensions.WebApi.OData -Version 6.6.0

“I use the WebApi extension and don’t use OData query support”

1. PM> Install-Package MicroLite.Extensions.WebApi -Version 6.6.0
2. PM> Uninstall-Package Net.Http.WebApi.OData

Query Option Changes
$inlinecount=allpages has been replaced by $count=true.

The JSON response for paged results ($count=true) has changed as follows:

1. data.__count is now data['@odata.count']
2. data.results is now data.value

Function Changes
The substringof function has been replaced by contains in the $filter query option so substringof('Alfreds', CompanyName) would become contains(CompanyName, 'Alfreds')

Data Type Changes:
The DateTime type has been removed, there is a new Date type for dates only which is a literal and doesn’t need a type prefix or quotes $filter=DateOfBirth eq 1974-08-19. To specify date and time, use DateTimeOffset literal instead which also no longer requires a type prefix or quotes $filter=Created gt 2002-10-15T17:34:23Z don’t forget the timezone!.

The Guid type no longer requires a prefix or quotes TransactionId eq guid'0D01B09B-38CD-4C53-AA04-181371087A00' becomes TransactionId eq 0D01B09B-38CD-4C53-AA04-181371087A00

The library now requires the entity model to be defined, see the Wiki for further details.

MicroLite.Extensions.Mvc 6.3.0

MicroLite.Extensions.Mvc 6.3.0 has been released on NuGet.

The main changes in this release are:

1. .NET 4.5 only build targeting ASP.NET MVC 5.2.3
2. MicroLiteSessionAttribute has been removed, it is strongly recommended that you use an IOC container to manage dependencies.

This does mean that the release is not necessarily a “drop-in” update if you were previously using an older version of .NET or ASP.NET MVC.

To see the full set of changes, please refer to the Github release page

MicroLite.Extensions.WebApi 6.5.0

MicroLite.Extensions.WebApi 6.5.0 has been released on NuGet.

The main changes in this release are:

1. .NET 4.5 only build targeting ASP.NET WebApi 5.2.3 and Net.Http.WebApi.OData 3.4.0
2. MicroLiteSessionAttribute has been removed, it is strongly recommended that you use an IOC container to manage dependencies.

This does mean that the release is not necessarily a “drop-in” update if you were previously using an older version of .NET or ASP.NET WebApi.

To see the full set of changes, please refer to the Github release page

Logging Extension Updates

The logging extensions for MicroLite have been updated as follows and are available on nuget.org.

log4net

The log4net extension has been updated to target log4net 2.0.5 or later and a .NET 4.6 compiled build has been added.

NLog

The NLog extension has been updated to target NLog 4.4.0 or later and a .NET 4.6 compiled build has been added.

Serilog

The Serilog extension has been updated to target Serilog 2.3.0 or later, a .NET 4.6 compiled build has been added and the .NET 4.0 build has been removed.

MicroLite 6.3.1

MicroLite 6.3.1 has been released and it is strongly recommended that anyone using 6.3.0 upgrades immediately.

A defect has been identified in 6.3.0 whereby the Identifier value of a newly inserted record isn’t set on the object. This was inadvertently introduced when the Listener code was refactored in 6.3.0 so it only affects that version which has now been hidden on nuget.org.

Upgrading to MicroLite 6.3

MicroLite 6.3.0 has been released on NuGet, the main changes in this release are detailed below.

New Convention Mappings

There are now 2 new helper convention mappings:

1. ConventionMappingSettings.LowercaseWithUnderscores – Maps a Pascal Cased property name to an underscore separated lower cased column e.g. a property called ‘CreditCard’ would map to a column called ‘credit_card’
2. ConventionMappingSettings.UppercaseWithUnderscores – Maps a Pascal Cased property name to an underscore separated upper cased column e.g. a property called ‘CreditCard’ would map to a column called ‘CREDIT_CARD’

DateTime mapping

The default mapping for System.DateTime is now System.Data.DbType.DateTime2. If you need to change it back to System.Data.DbType.DateTime do the following:

// In startup code (before calling Configure.Fluently()...):

// Reset the DbType mapping for DateTime:
TypeConverter.RegisterTypeMapping(typeof(DateTime), DbType.DateTime);
TypeConverter.RegisterTypeMapping(typeof(DateTime?), DbType.DateTime);

XDocument mapping

The default mapping for System.Xml.Linq.XDocument is now System.Data.DbType.Xml. If you need to change it back to System.Data.DbType.String do the following:

// In startup code (before calling Configure.Fluently()...):

// Reset the DbType mapping for XDocument:
TypeConverter.RegisterTypeMapping(typeof(XDocument), DbType.String);

MicroLite 6.3

MicroLite development has been quiet for a while, although I have some plans for version 7.0, they are quite big and as part of that is moving to support .NET Core it’s a way off. In the interim I’m planning another build for version 6 which will pull some of the quicker and easier changes which were waiting for 7.0.

The biggest change will be that the support for databases other than MS SQL will be moved into separate libraries which reference the third party drivers explicitly. The only real impact will be pulling in MicroLite.Database.<DbType> in addition to MicroLite if you use MySQL, PostgreSQL etc.

To see what else is to be included, view the milestone for 6.3

Edit 24 Aug 2016: The split for databases into separate projects will now not happen until MicroLite 7.0 to avoid introducing a breaking change in 6.3

Matching Database Types

In order for SQL queries to perform as fast as possible, it is important to ensure that the types you use in your .NET code match the types you use in your database. This is especially important when you have indexes because if the data type of the SQL parameter doesn’t match the data type of the column, the index for that column won’t be used!

Consider the following table and class:

CREATE TABLE [dbo].[Customers]
(
    [Id] [int] IDENTITY(1,1) NOT NULL,
    [Forename] NVARCHAR(50) NOT NULL,
    [Surname] NVARCHAR(50) NOT NULL,
    [DateOfBirth] DATETIME2 NOT NULL,
    [CustomerStatusId] INT NOT NULL
)

public class Customer
{
    public int Id { get; set; }
    public string Forename { get; set; }
    public string Surname { get; set; }
    public DateTime DateOfBirth { get; set; }
    public CustomerStatus Status { get; set; }
}

The default configuration of MicroLite is to map string to DbType.String (NVARCHAR) since .NET strings are unicode. If you don’t use unicode columns in your database, you should change the default type mapping for strings as follows:

// Map strings as ANSI instead of unicode
TypeConverter.RegisterTypeMapping(typeof(string), DbType.AnsiString);

Also, the default mapping for DateTime is to DbType.DateTime so if you use DATETIME2 columns, you should change the default mapping as follows:

// Always use DbType.DateTime2 instead of DbType.DateTime for System.DateTime
TypeConverter.RegisterTypeMapping(typeof(DateTime), DbType.DateTime2);

Note, in MicroLite 7 we plan to change the default DateTime mapping to DbType.DateTime2.

You can see the full set of default mappings Here

Avoiding SQL injection

During a code review the other day, I encountered an example of how it is still trivial to write queries which are susceptible to SQL injection.

Take the following example:

var query = new SqlQuery(
    string.Format(
      "SELECT * FROM [Documents] WHERE DocumentName = '{0}' AND [Searched] = 1",
      criteria.DocumentName));

The fact that you are doing string.Format is a strong indication that you are making a mistake which could lead to SQL injection.

You should always use parameterised queries, all the examples for MicroLite are shown in this way and we provide a powerful fluent SQL Builder to allow you to easily construct more complex queries. There will be cases where using the SQL Builder, but even in those situations do not concatenate inline SQL.

The correct way to create the above query would be:

var query = new SqlQuery(
      "SELECT * FROM [Documents] WHERE DocumentName = @p0 AND [Searched] = @p1",
      criteria.DocumentName,
      true);

The lesson here is “just because you are using an ORM, you are not guaranteed to be safe from SQL injection”.

Comparing which is better

I received an email asking

I am comparing “MicroLite 6.2.5” with EF & nhibernate for PostgreSQL.

May I ask you in two lines, why “MicroLite 6.2.5” is better?

Unfortunately it’s not actually possible to answer that question without actually defining how are we measuring “better”.

What would have been more sensible would have been to ask “How are they different?” and then compare the features each offers and the pros and cons to decide which is better for you.