Is everything from the table returned and the filtration is happening locally?

Question

i am connecting to my remote tables and retrieving a user via his email and password like this:

 var x = await _table.GetAsyncItems().Where(x => x.Email == email).Where(x => x.Password == password).ToListAsync();

But when I do this step, I have noticed that inside my terminal, I see every entry that is inside that table:

See the last line. There I see [email protected], but I requested a whole different user. That user does exist and in the end is returned to me, but why can I see every content inside that table?

My fear now is that the above statement gets ALL items from the table and then filters them locally, which of course is not just a huge security risk but especially work intens. Obviously I wanted the server to just return the items in question and not my local system.

Am I wrong here or did I misunderstand the way .Where() works?

Thanks for your input!

Answer 1

I never use Entity Framework, only used Entity Framework Core,

But I suspect the GetAsyncItems() is the one retrieving all rows from the database.

So by removing that piece of code to be like this :

var x = await _table.Where(x => x.Email == email).Where(x => x.Password == password).ToListAsync();

I believe the filtering will work on database site and the data will only be returned to client when this piece of code are called: ToListAsync();

Answer 2

The GetAsyncItems() method is from the Azure Mobile Apps SDK, from a feature named offline data sync.

The method is meant to return, through an OData call to your Azure-hosted TableController<Foo>, "all instances from the table as an IAsyncEnumerable<T>".

So what it does, is build an OData query (without the actual query part), retrieve all records as JSON, and lets you asynchronously enumerate the results:

DatasyncClient _cliend = new DatasyncClient(...)
IRemoteTable<User> _table = _client.GetRemoteTable<User>();

await foreach (var user in _table.GetAsyncItems())
{
}

This is for offline data synchronization purposes. You then query your offline database after synchronizing.

If you want to execute a specific query, build and pass that:

IRemoteTable<User> _table;

var query = _table.CreateQuery().Where(u => u.Email == email);

await foreach (var user in _table.GetAsyncItems(query))
{
}

If you don't want IAsyncEnumerable<T> for await foreach (), you can just call the query on the remote table directly:

var users = await _table.Where(u => u.Email == email).ToListAsync();

Here, Where() will build the OData query and ToListAsync() will call the service, deserialize the JSON and materialize the results.