验证ASP.NET Web API模型绑定器中的参数

时间:2014-11-10 16:53:07

标签: .net validation asp.net-web-api model-binding asp.net-web-api2

我的模型有一个自定义IModelBinder

public class MyBinder : IModelBinder {

public bool BindModel(HttpActionContext actionContext, ModelBindingContext bindingContext) {
        // bla-bla-bla

        bindingContext.ModelState.AddModelError(
            bindingContext.ModelName, "Request value is invalid.");
        return false;
    }
}

我希望在请求中传递无效值时,会自动返回HTTP 400 Bad Request。但是,这不会发生。如果存在任何绑定错误,我该怎么做才能使Web API返回HTTP 400?

2 个答案:

答案 0 :(得分:2)

将其归还给您的控制器:

if (!ModelState.IsValid)
{
    return new HttpResponseMessage(HttpStatusCode.BadRequest);
}

答案 1 :(得分:2)

你可以像beautifulcoder建议那样做,但是因为你需要在每一个动作上重复这一点,所以还有很多不足之处。我建议你创建一个ActionFilterAttribute,onActionExecuting和onActionExecuted验证模型状态是否有效并返回BadRequest。然后,您可以将此操作应用于[BadRequestIfModelNotValid]或全局过滤器以将其应用于每个请求。

public sealed class BadRequestIfModelNotValidAttribute : System.Web.Http.Filters.ActionFilterAttribute
{
  /// <summary>
  /// if the modelstate is not valid before invoking the action return badrequest
  /// </summary>
  /// <param name="actionContext"></param>
  public override void OnActionExecuting(System.Web.Http.Controllers.HttpActionContext actionContext)
  {
    var modelState = actionContext.ModelState;
    if (!modelState.IsValid)
      actionContext.Response = generateModelStateBadRequestResponse(modelState, actionContext.Request);

    base.OnActionExecuting(actionContext);//let other filters run if required
  }

  /// <summary>
  /// if the action has done additional modelstate checks which made it invalid we are going to replace the response with a badrequest
  /// </summary>
  /// <param name="actionExecutedContext"></param>
  public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
  {
    var modelState = actionExecutedContext.ActionContext.ModelState;
    if (!modelState.IsValid)
      actionExecutedContext.Response = generateModelStateBadRequestResponse(modelState, actionExecutedContext.Request);

    base.OnActionExecuted(actionExecutedContext);
  }

  private HttpResponseMessage generateModelStateBadRequestResponse(IEnumerable<KeyValuePair<string, ModelState>> modelState, HttpRequestMessage request)
  {
    var errors = modelState
      .Where(s => s.Value.Errors.Count > 0)
      .Select(s => new ApiErrorMessage {
          Parameter = s.Key,
          Message = getErrorMessage(s.Value.Errors.First())
        }) //custom class to normalize error responses from api
        .ToList();

    return request.CreateResponse(System.Net.HttpStatusCode.BadRequest, new ApiError
    {
      ExceptionType = typeof(ArgumentException).FullName,
      Messages = errors
    });
  }

  /// <summary>
  /// retrieve the error message or fallback to exception if possible
  /// </summary>
  /// <param name="modelError"></param>
  /// <returns></returns>
  private static string getErrorMessage(ModelError modelError)
  {
    if(!string.IsNullOrWhiteSpace(modelError.ErrorMessage))
      return modelError.ErrorMessage;

    if(modelError.Exception != null)
      return modelError.Exception.Message;

    return "unspecified error";
  }
}
相关问题
最新问题