Backend Development
C#.Net Tutorial
Several methods of ASP.NET MVC background parameter verification
Several methods of ASP.NET MVC background parameter verification
Foreword
Parameter verification is a common problem. Whether it is the front-end or the back-end, user input needs to be verified to ensure the correctness of the system data. For the web, some people may want to just verify it on the front end as a matter of course, but this is a very wrong approach. The front-end code is transparent to users, and people with a little bit of technology can bypass this verification and submit data directly. Go backstage. Whether it is the interface submitted by the front-end web page or the interface provided to the outside, parameter verification can be seen everywhere and is essential. In short, all user input is untrustworthy.
There are many ways to verify parameters. Let's take mvc as an example to list several common verification methods. Suppose there is a user registration method
[HttpPost] public ActionResult Register(RegisterInfo info)
1. Judge through if-if
if(string.IsNullOrEmpty(info.UserName))
{
return FailJson("用户名不能为空");
}
if(string.IsNullOrEmpty(info.Password))
{
return FailJson("用户密码不能为空")
}
Verify the parameters one by one. This method is the crudest, but it was indeed used under WebForm at the time. It's okay for the method with few parameters. If there are more parameters, you have to write n more if-ifs, which is quite tedious. More importantly, this part of the judgment cannot be reused. Another method makes the same judgment.
2. Through DataAnnotation
mvc provides DataAnnotation to verify the Action Model. In the final analysis, DataAnnotation is a series of characteristics that inherit ValidationAttribute, such as RangeAttribute, RequiredAttribute, etc. The virtual method IsValid of ValidationAttribute is used to determine whether the marked object conforms to the current rules. When asp.net mvc performs model binding, it will obtain the marked ValidationAttribute through reflection, and then call IsValid to determine whether the current parameters comply with the rules. If the verification fails, error information will also be collected. This is why we can Use ModelState.IsValid to determine whether the Model verification passes, and use ModelState to obtain the reason for the verification failure. For example, the above example:
public class RegisterInfo
{
[Required(ErrorMessage="用户名不能为空")]
public string UserName{get;set;}
[Required(ErrorMessage="密码不能为空")]
public string Password { get; set; }
}
In fact, this process can also be implemented on webform by referring to the implementation principle of mvc. The advantage of this method is that it is very elegant and flexible to implement. If there are multiple Actions sharing a Model parameter, it is enough to write it in one place. The key is that it makes our code look very concise.
However, this method also has shortcomings. Usually our projects may have many interfaces, such as dozens of interfaces. Some interfaces only have two or three parameters. It is a bit luxurious to define a class packaging parameter for each interface, and in fact it is Naming this class is also a very headache.
3. DataAnnotation can also be marked on parameters
You can see through the AttributeUsage of the verification feature that it can be marked not only on attributes and fields, but also on parameters. In other words, we can also write like this:
public ActionResult Register([Required(ErrorMessage="用户名不能为空")]string userName, [Required(ErrorMessage="密码不能为空")]string password)
It’s OK to write like this, but obviously, it will make the method parameters look ugly, especially when there are multiple parameters, or the parameters have multiple validation rules when.
4. Customize ValidateAttribute
We know that we can use filters to do some processing before the execution of mvc's Action, such as authentication and authorization processing. In the same way, it can also be used to verify parameters. FilterAttribute is a common filter that allows us to do some operations before and after the Action is executed. What we have to do here is to verify the parameters before the Action. If the verification fails, it will no longer be executed.
Define a BaseValidateAttribute base class as follows:
public class BaseValidateAttribute : FilterAttribute
{
protected virtual void HandleError(ActionExecutingContext context)
{
for (int i = ValidateHandlerProviders.Handlers.Count; i > 0; i--)
{
ValidateHandlerProviders.Handlers[i - 1].Handle(context);
if (context.Result != null)
{
break;
}
}
}
}
HandleError is used to handle the results when validation fails. Here ValidateHandlerProviders mentions IValidateHandler for processing the results, which can be registered externally. IValidateHandler is defined as follows:
public interface IValidateHandler
{
void Handle(ActionExecutingContext context);
}
ValidateHandlerProviders is defined as follows, it has a default processor.
public class ValidateHandlerProviders
{
public static List<IValidateHandler> Handlers { get; private set; }
static ValidateHandlerProviders()
{
Handlers = new List<IValidateHandler>()
{
new DefaultValidateHandler()
};
}
public static void Register(IValidateHandler handler)
{
Handlers.Add(handler);
}
}
The purpose of this is that since we may have many specific ValidateAttributes, we can separate this module and leave the final processing to external decisions. For example, we can define a processing in the project Device:
public class StanderValidateHandler : IValidateHandler
{
public void Handle(ActionExecutingContext filterContext)
{
filterContext.Result = new StanderJsonResult()
{
Result = FastStatnderResult.Fail("参数验证失败", 555)
};
}
}
Then register when the application starts: ValidateHandlerProviders.Handlers.Add(new StanderValidateHandler());
ValidateRegexAttribute:
public class ValidateNullAttribute : BaseValidateAttribute, IActionFilter
{
public bool ValidateEmpty { get; set; }
public string Parameter { get; set; }
public ValidateNullAttribute(string parameter, bool validateEmpty = false)
{
ValidateEmpty = validateEmpty;
Parameter = parameter;
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
string[] validates = Parameter.Split(',');
foreach (var p in validates)
{
string value = filterContext.HttpContext.Request[p];
if(ValidateEmpty)
{
if (string.IsNullOrEmpty(value))
{
base.HandleError(filterContext);
}
}
else
{
if (value == null)
{
base.HandleError(filterContext);
}
}
}
}
public void OnActionExecuted(ActionExecutedContext filterContext)
{
}
}
More verifications can be implemented in the same way.
In this way, our above writing method becomes:
public class ValidateRegexAttribute : BaseValidateAttribute, IActionFilter
{
private Regex _regex;
public string Pattern { get; set; }
public string Parameter { get; set; }
public ValidateRegexAttribute(string parameter, string pattern)
{
_regex = new Regex(pattern);
Parameter = parameter;
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
string[] validates = Parameter.Split(',');
foreach (var p in validates)
{
string value = filterContext.HttpContext.Request[p];
if (!_regex.IsMatch(value))
{
base.HandleError(filterContext);
}
}
}
public void OnActionExecuted(ActionExecutedContext filterContext)
{
}
}
On the whole, it seems ok, and the above DataAnnotation can be weighed and used. Here we can expand more useful information, such as error descriptions, etc. wait.
Summary
Of course, each method has its shortcomings. This choice depends on the specific situation. Generally, if there are too many parameters, it is recommended to wrap them with an object.
For more related articles on several methods of ASP.NET MVC background parameter verification, please pay attention to the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1376
52
How to use various symbols in C language
Apr 03, 2025 pm 04:48 PM
The usage methods of symbols in C language cover arithmetic, assignment, conditions, logic, bit operators, etc. Arithmetic operators are used for basic mathematical operations, assignment operators are used for assignment and addition, subtraction, multiplication and division assignment, condition operators are used for different operations according to conditions, logical operators are used for logical operations, bit operators are used for bit-level operations, and special constants are used to represent null pointers, end-of-file markers, and non-numeric values.
The difference between multithreading and asynchronous c#
Apr 03, 2025 pm 02:57 PM
The difference between multithreading and asynchronous is that multithreading executes multiple threads at the same time, while asynchronously performs operations without blocking the current thread. Multithreading is used for compute-intensive tasks, while asynchronously is used for user interaction. The advantage of multi-threading is to improve computing performance, while the advantage of asynchronous is to not block UI threads. Choosing multithreading or asynchronous depends on the nature of the task: Computation-intensive tasks use multithreading, tasks that interact with external resources and need to keep UI responsiveness use asynchronous.
How to use char array in C language
Apr 03, 2025 pm 03:24 PM
The char array stores character sequences in C language and is declared as char array_name[size]. The access element is passed through the subscript operator, and the element ends with the null terminator '\0', which represents the end point of the string. The C language provides a variety of string manipulation functions, such as strlen(), strcpy(), strcat() and strcmp().
What is the role of char in C strings
Apr 03, 2025 pm 03:15 PM
In C, the char type is used in strings: 1. Store a single character; 2. Use an array to represent a string and end with a null terminator; 3. Operate through a string operation function; 4. Read or output a string from the keyboard.
How to handle special characters in C language
Apr 03, 2025 pm 03:18 PM
In C language, special characters are processed through escape sequences, such as: \n represents line breaks. \t means tab character. Use escape sequences or character constants to represent special characters, such as char c = '\n'. Note that the backslash needs to be escaped twice. Different platforms and compilers may have different escape sequences, please consult the documentation.
How to convert char in C language
Apr 03, 2025 pm 03:21 PM
In C language, char type conversion can be directly converted to another type by: casting: using casting characters. Automatic type conversion: When one type of data can accommodate another type of value, the compiler automatically converts it.
What is the function of C language sum?
Apr 03, 2025 pm 02:21 PM
There is no built-in sum function in C language, so it needs to be written by yourself. Sum can be achieved by traversing the array and accumulating elements: Loop version: Sum is calculated using for loop and array length. Pointer version: Use pointers to point to array elements, and efficient summing is achieved through self-increment pointers. Dynamically allocate array version: Dynamically allocate arrays and manage memory yourself, ensuring that allocated memory is freed to prevent memory leaks.
The difference between char and wchar_t in C language
Apr 03, 2025 pm 03:09 PM
In C language, the main difference between char and wchar_t is character encoding: char uses ASCII or extends ASCII, wchar_t uses Unicode; char takes up 1-2 bytes, wchar_t takes up 2-4 bytes; char is suitable for English text, wchar_t is suitable for multilingual text; char is widely supported, wchar_t depends on whether the compiler and operating system support Unicode; char is limited in character range, wchar_t has a larger character range, and special functions are used for arithmetic operations.
