2

Background

I'm working on building an ASP.Net MVC 3 application that utilizes:

  • JQueryUI for many UI widgets/controls
  • An existing SOA-based system for CRUD operations (built using DDD concepts). This includes a service optimized for read operations (see CQRS). The services are RESTful (hosted in IIS/Appfabric) and hence can be accessed via simple HTTP requests from javascript. The services can also easily be consumed directly by referencing the service binary and accessed from the Controller (or course, via layers to decouple the Controller from the service and so on).

Question

Is it ever appropriate to perform, for example, a read operation by using the existing RESTful API directly from javascript rather than invoking a Controller method that then makes the service call? Or should we always utilize Controller methods for any sort of CRUD operation?

Concerns

  • Seems to break the rule that says you should never bypass a layer
  • On the other hand, if we always utilize the Controller it then feels somewhat redundant in that we are wrapping the services essentially in another RESTful API this time using ASP.Net MVC.

My gut feel when I started looking at this was that we would end up writing Controller methods for some operations where perhaps manipulation of page output (the view) is easiest when we have the data in a model. Then there would be other operations, perhaps pulling a list of employees for a simple lookup for example, that would not need to utilize a Controller method and could go straight to our existing RESTful API. It feels messy and some developers will be confused as to when to use a Controller method or the existing RESTful API directly.

Any thoughts or suggestions would be appreciated.

Thanks.

Improve this question

1 Answer 1

Reset to default
3

I guess this is a matter of opinion, but I’d always go through a controller for consistency if nothing else. As you say, if you sometimes use the API directly, but other times go through a controller, then your devs are likely to get confused as to how they should access the data.

Another thing worth considering is that by using the controller, you’re hiding the API from the end user, which is probably a good thing as malicious users could quite easily change the Javascript to do things that you weren’t expecting (although I’d expect the API to have measures for dealing with this), but if you’re always going via a controller you can ensure that the user can’t directly manipulate the data via the API.

Even if security isn’t a problem, as I said, I’d still go with controller access every time just for the sake of being consistent.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

+1, agreed totally. Though both ways will work, consistency makes life easier in the long run. You won't have to explain to a new developer why some stuff goes through a controller and some doesn't. You also won't have to try and remember yourself what has to go where if you come back to the project in a couple years.
Thanks. As you mention, it's open to debate but I accepted this as the answer since I just appreciate some opinions.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.