Sending POCO DTO objects from Server to Client?

[michaelcsikos]

What's the recommended way to send POCO DTO objects over the wire without CSLA classes? I've experimented with the following CSLA wrapper which uses System.Text.Json.JsonSerializer to serialize the POCO object to and from string:

[Serializable]
public class CslaJsonWrapper<T>
    : ReadOnlyBase<CslaJsonWrapper<T>>
{
    public static readonly PropertyInfo<string> JsonProperty
                     = RegisterProperty<string>(nameof(Json));
    public string Json
    {
        get => ReadProperty(JsonProperty);
        private set => LoadProperty(JsonProperty, value);
    }

    public T GetObject()
    {
        return JsonSerializer.Deserialize<T>(Json);
    }

    private void SetObject(T obj)
    {
        Json = JsonSerializer.Serialize(obj);
    }

    [Fetch]
    [FetchChild]
    private void Fetch(T obj)
    {
        SetObject(obj);
    }
}

This can be used with a CommandBase and a CslaJsonWrapper<WidgetDto> Result property. Are there any other recommended approaches?

[tkyle]

I don't know that I'd call this a recommended way, but on the rare occasion that I've needed to send a POCO to or from the server without a business object base, I've just implemented IMobileObject.

    [Serializable]
    public sealed class FooDto : IMobileObject {

        #region Properties

        public string FakeName { get; set; }
        public bool IsFake { get; set; }

        #endregion

        #region IMobileObject

        private readonly string FakeNameKey = "FakeName";
        private readonly string IsFakeKey = "IsFake";

        public void GetState(SerializationInfo info) {
            info.AddValue(FakeNameKey, FakeName);
            info.AddValue(IsFakeKey, IsFake);
        }

        public void SetState(SerializationInfo info) {
            FakeName = info.GetValue<string>(FakeNameKey);
            IsFake = info.GetValue<bool>(IsFakeKey);
        }

        public void SetChildren(SerializationInfo info, MobileFormatter formatter) { }

        public void GetChildren(SerializationInfo info, MobileFormatter formatter) { }

        #endregion
    }

I suppose I could have a base class that used reflection, etc, to do this for me, but it hasn't really come up too many times, to be honest.

Also, I wouldn't say that this is better than what you're doing. It's just what I've done in the past.

[michaelcsikos]

The big advantage of the JSON approach is you can automatically handle huge nested trees of objects.

[TheCakeMonster]

As part of the work for CSLA 6 I wrote a source generator to automatically implement IMobileObject, triggered by attributes applied to the class. This was intended for use on DTOs. However, we found a problem with it when it came to using it on .NET 6, and I realised it needed to change to overcome the problem. When I subsequently tried to rewrite it to overcome the .NET 6 problem I hit an issue with debugging it - some change to Visual Studio I think, and so it became difficult to fix. After struggling for a while to get debugging to work, I had to sideline it for more important things, and as a result, it didn't make it into the package.

It is work I intend to revisit at some point, but I'm not sure when.

It became less attractive when I realised that it could potentially open a bit of a security vulnerability in people's systems. The flow you are using wouldn't be a problem - server to client would be OK. However, the flow in the other direction might be problematic because there are no validation rules applied to a DTO, so an end user could submit anything to the server and have it processed without checks being applied. That doesn't make it useless, but it does make it less useful and more difficult to educate about.

[rockfordlhotka]

There are at least a couple relevant issues on the backlog:

#2148

and

#2154

#2148 has some prototype code that might be useful in building a workaround until someone has time to submit a PR to address the request.

[michaelcsikos]

@TheCakeMonster True, I wouldn't use this to push inserts or updates; that would always require a BO. In my case I was needing a way to load configuration data which had lists within lists within lists, a fairly tedious structure to set up CSLA classes for.

[rockfordlhotka]

Another option that just occurred to me is that you could have one root domain class that serializes your POCO graph into a JSON string, and so the domain class would just have that one string property containing the JSON.

It would then have SetData(object graph) and object GetData() methods to convert the graph into and out of the JSON string.

[michaelcsikos]

Yes, this is what I did with the CslaJsonWrapper<T> above. It works well, and it's nice that System.Text.Json.JsonSerializer is part of .NET.

[michaelcsikos]

Here's an example of how it can be used:

public class ExampleDtoFactory
{
    public async Task<List<ExampleDtoDto>> GetExampleDtosAsync()
    {
        var cmd = await DataPortal.CreateAsync();

        cmd     = await DataPortal.ExecuteAsync(cmd);

        return cmd.Result.GetObject();
    }

    IDataPortal<GetExampleDtosCmd> DataPortal { get; set; }

    public ExampleDto(IDataPortal<GetExampleDtosCmd> dataPortal)
    {
        DataPortal = dataPortal;
    }

    [Serializable]
    public class GetExampleDtosCmd
        : CommandBase<GetExampleDtosCmd>
    {
        public static readonly PropertyInfo<CslaJson<List<ExampleDto>>> ResultProperty
                         = RegisterProperty<CslaJson<List<ExampleDto>>>(nameof(Result));
        public CslaJson<List<ExampleDto>> Result
        {
            get => ReadProperty(ResultProperty);
            private set => LoadProperty(ResultProperty, value);
        }

        [Create]
        private void Create()
        {
        }

        [Execute]
        private async Task Execute([Inject] IExampleDtoDal                               dal,
                                   [Inject] IChildDataPortal<CslaJson<List<ExampleDto>>> portal)
        {
            var dtos = await dal.GetExampleDtosAsync();

            Result   = portal.FetchChild(dtos);
        }
    }
}