Model validation in ASP.NET Core MVC and Razor Pages
webapi:Create web APIs with ASP.NET Core
Automatic HTTP 400 responses
The [ApiController]
attribute makes model validation errors automatically trigger an HTTP 400 response. Consequently, the following code is unnecessary in an action method:
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
ASP.NET Core MVC uses the ModelStateInvalidFilter action filter to do the preceding check.
Default BadRequest response
With a compatibility version of 2.1, the default response type for an HTTP 400 response is SerializableError. The following request body is an example of the serialized type:
{
"": [
"A non-empty request body is required."
]
}
With a compatibility version of 2.2 or later, the default response type for an HTTP 400 response is ValidationProblemDetails. The following request body is an example of the serialized type:
{
"type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
"title": "One or more validation errors occurred.",
"status": 400,
"traceId": "|7fb5e16a-4c8f23bbfc974667.",
"errors": {
"": [
"A non-empty request body is required."
]
}
}
The ValidationProblemDetails
type:
- Provides a machine-readable format for specifying errors in web API responses.
- Complies with the RFC 7807 specification.
Log automatic 400 responses
See How to log automatic 400 responses on model validation errors (aspnet/AspNetCore.Docs #12157).
Customizing automatic HTTP 400 error response in ASP.NET Core Web APIs
//中间件定义 public class ValidatorActionFilter : IActionFilter { public void OnActionExecuting(ActionExecutingContext filterContext) { if (!filterContext.ModelState.IsValid) { var result = new OAProxyOPResult(); var invalidExceptionContent = ConstructErrorMessages(filterContext.ModelState); var exception = new OAProxyException(Base.OAProxyOpResultCode.ParameterInvalid, JsonConvert.SerializeObject(invalidExceptionContent)); result.Result = exception.ResultCode; result.ResultContent = exception; filterContext.Result = new JsonResult(result); //filterContext.Result = new BadRequestObjectResult(filterContext.ModelState); } } private Dictionary<string, string[]> ConstructErrorMessages(ModelStateDictionary modelState) { var errorsResult = new Dictionary<string, string[]>(); foreach (var keyModelStatePair in modelState) { var key = keyModelStatePair.Key; var errors = keyModelStatePair.Value.Errors; if (errors != null && errors.Count > 0) { if (errors.Count == 1) { var errorMessage = GetErrorMessage(errors[0]); errorsResult.Add(key, new[] { errorMessage }); } else { var errorMessages = new string[errors.Count]; for (var i = 0; i < errors.Count; i++) { errorMessages[i] = GetErrorMessage(errors[i]); } errorsResult.Add(key, errorMessages); } } } return errorsResult; } string GetErrorMessage(ModelError error) { return string.IsNullOrEmpty(error.ErrorMessage) ? "The input was not valid." : error.ErrorMessage; } public void OnActionExecuted(ActionExecutedContext filterContext) { }
//startup中添加 services.AddControllers(config => { config.Filters.Add(typeof(ValidatorActionFilter)); })
https://stackoverflow.com/questions/49646688/custom-middleware-for-input-validation