1

I am working on ASP.NET Core project and have a dilemma: I have got a table of items filled from ajax request (from api controller). Now clicking individual item I want to open Details view - pretty simple.

But I have 2 choices:

1 - Pass item's id to my mvc "Details" controller, then from there call database again, get the requested object and return the view.

2 - Pass the whole JSON object to my mvc "Details" controller via @Html.ActionLink (since I already have one in my table), and build the view.

Choice #2 seems better at first sight, because I am saving extra trip to the database and all operation happens on the client.

But I have a hesitation if it's ok to do it this way (pass the whole objects via url) from all further prospectives, like security?

As you know I can't annotate my "Details" mvc controller with [ChildActionOnly] anymore, so the url query is easily editable.

Apri478
  • 71
  • 1
  • 5
  • 1
    Always option 1. In order for option 2 to work, you would need to pass every property of every item in the collection to the browser and store it in the view. Getting an object again from the database based on a PK is insignificant (that's what databases are designed for) and by having to pass every property of the object, you now prevent users from navigating to it via the address bar. And then there is the really ugly string it generates. You might also through an exception if the query string limit is exceeded. –  Jul 22 '16 at 05:54
  • Great comment, thanks Stephen! Absolutely agree. You should have posted it as an answer. Will go option 1. – Apri478 Jul 22 '16 at 18:20

2 Answers2

2

If your models are large (or may become large in the future), you won't be able to serialize the whole thing to the URL. There is a limit of approximately 2000 characters.

It's more common to see an Id passed to the controller and a database call there to get the full model. Then, if at some point you no longer need or want to load the entire object model on the Index page, you will not need to change anything about how the Details page works. (Good separation).

Cass
  • 870
  • 8
  • 21
0

I will select second choices for the sake of simplicity and separation. The performance saving of round trip to database is not significant since we are talking single item not batch processing or something iterative but we have elasticity and flexibility to change/extend.

Turbot
  • 5,095
  • 1
  • 22
  • 30