Model validation in ASP.NET Core MVC and Razor Pages
webapi:Create web APIs with ASP.NET Core
Automatic HTTP 400 responses
The [ApiController] attribute makes model validation errors automatically trigger an HTTP 400 response. Consequently, the following code is unnecessary in an action method:
if (!ModelState.IsValid)
{
return BadRequest(ModelState);
}
ASP.NET Core MVC uses the ModelStateInvalidFilter action filter to do the preceding check.
Default BadRequest response
With a compatibility version of 2.1, the default response type for an HTTP 400 response is SerializableError. The following request body is an example of the serialized type:
{
"": [
"A non-empty request body is required."
]
}
With a compatibility version of 2.2 or later, the default response type for an HTTP 400 response is ValidationProblemDetails. The following request body is an example of the serialized type:
{
"type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
"title": "One or more validation errors occurred.",
"status": 400,
"traceId": "|7fb5e16a-4c8f23bbfc974667.",
"errors": {
"": [
"A non-empty request body is required."
]
}
}
The ValidationProblemDetails type:
- Provides a machine-readable format for specifying errors in web API responses.
- Complies with the RFC 7807 specification.
Log automatic 400 responses
See How to log automatic 400 responses on model validation errors (aspnet/AspNetCore.Docs #12157).
Customizing automatic HTTP 400 error response in ASP.NET Core Web APIs
//中间件定义
public class ValidatorActionFilter : IActionFilter
{
public void OnActionExecuting(ActionExecutingContext filterContext)
{
if (!filterContext.ModelState.IsValid)
{
var result = new OAProxyOPResult();
var invalidExceptionContent = ConstructErrorMessages(filterContext.ModelState);
var exception = new OAProxyException(Base.OAProxyOpResultCode.ParameterInvalid, JsonConvert.SerializeObject(invalidExceptionContent));
result.Result = exception.ResultCode;
result.ResultContent = exception;
filterContext.Result = new JsonResult(result);
//filterContext.Result = new BadRequestObjectResult(filterContext.ModelState);
}
}
private Dictionary<string, string[]> ConstructErrorMessages(ModelStateDictionary modelState)
{
var errorsResult = new Dictionary<string, string[]>();
foreach (var keyModelStatePair in modelState)
{
var key = keyModelStatePair.Key;
var errors = keyModelStatePair.Value.Errors;
if (errors != null && errors.Count > 0)
{
if (errors.Count == 1)
{
var errorMessage = GetErrorMessage(errors[0]);
errorsResult.Add(key, new[] { errorMessage });
}
else
{
var errorMessages = new string[errors.Count];
for (var i = 0; i < errors.Count; i++)
{
errorMessages[i] = GetErrorMessage(errors[i]);
}
errorsResult.Add(key, errorMessages);
}
}
}
return errorsResult;
}
string GetErrorMessage(ModelError error)
{
return string.IsNullOrEmpty(error.ErrorMessage) ? "The input was not valid." : error.ErrorMessage;
}
public void OnActionExecuted(ActionExecutedContext filterContext)
{
}
//startup中添加
services.AddControllers(config =>
{
config.Filters.Add(typeof(ValidatorActionFilter));
})
https://stackoverflow.com/questions/49646688/custom-middleware-for-input-validation