Client validation / configuration best practices RRS feed

  • Question

  • I've spent the last few hours pouring through blogs, articles and forum posts trying to determine the best approach to expose business and/or validation rules and configuration information from my service for use by client applications.  Note that I am not in control of the client apps, this will be a public facing service.  For the most part, providing rules and settings would be a convenience and we will be applying all rules on the server because, as you know, we simply can't trust the incoming data.  Validation rules could be used by clients to provide a more responsive UI and reduce round-trip calls to the service.  On the other hand, configuration information that has been defined at the server could be used by client applications to configure their interfaces accordingly.  My solution is multi-tenant and allows customization through configurable settings.

    Let's use the example of submitting an entry to a timesheet service.  One client may require the user to provide a description next to each time entry explaining what was done while other clients may not care.  This is one of our configuration settings on the server.  In addition, we may have a rule that the Hours value cannot be negative.  Perhaps one client won't allow the daily total to exceed eight (8) hours but another permits overtime, so the only limit is the absolute max of 24.  Hopefully you see where I'm going...

    From the service's perspective, no problem.  We can simply check the setting and bounce the request back if the description is required and missing then validate the value submitted against the appropriate rules for that client.  However, it would be nice if we had a way to communicate these settings to the client so that they can design their UI accordingly.  For instance, if the client was an ASP.NET application, perhaps they would use the setting to toggle whether a RequiredFieldValidator was included in the page for the Description field or not.  The min and max limits could be used to flag invalid values before the user ever submitted the request.

    Because I am not in control, I believe the ChannelFactory option I have read about is out.  So, I am wondering how others have handled this situation?  Are there any "best practices" when it comes to providing this type of metadata to clients?

    Please share your thoughts.
    Monday, February 2, 2009 7:38 PM

All replies