Web Service Limitations

For the first time in a while I have started to write a web service for a real world problem.
Effectively I have some data that I need to write to a remote database that I don’t want to grant direct access to.
(The “database” is actually a Sharepoint list).

I found that out of the box web services allow you to define the call interface in a simple manner.
This is easy – one parameter per field. It even accepts nullable types.

The problem comes when you getr to strings. There does not seem to be a sensible way of declaring the maximum expected length of the string. This does make ensuring that the caller is passing the correct values difficult. For now I resulted to comments.

is an article on adding (limited) validation to an ASP.NET web service.

Someone needs to explain to people that business rules are more than attribute level validation!

Buisness Rules include:

  • Field level validation
  • Entity level validation (including compound entities)
  • Defaults
  • Calculations
  • Creation and updating of Business entities (for example routing rules to create delivery instructions)

Business rules can be context specific – the rules that apply to one object in one state may not apply to another.

For example given a User object and rules around change password you may have several sets of rules.

However the rules for an administrator to change a password are different to those for the current user.
The administrator should not know the prior password, where as the user in question should.
This means that if you want to use the same user object for both scenarios you cannot simply use C# attributes to mark up the fields as mandatory!  Rules must exist externally to the object and be applied.