Backend DevelopmentC#.Net TutorialSeveral methods of ASP.NET MVC background parameter verification
Foreword
Parameter verification is a common problem. Whether it is the front-end or the back-end, user input needs to be verified to ensure the correctness of the system data. For the web, some people may want to just verify it on the front end as a matter of course, but this is a very wrong approach. The front-end code is transparent to users, and people with a little bit of technology can bypass this verification and submit data directly. Go backstage. Whether it is the interface submitted by the front-end web page or the interface provided to the outside, parameter verification can be seen everywhere and is essential. In short, all user input is untrustworthy.
There are many ways to verify parameters. Let's take mvc as an example to list several common verification methods. Suppose there is a user registration method
[HttpPost] public ActionResult Register(RegisterInfo info)
1. Judge through if-if
if(string.IsNullOrEmpty(info.UserName))
{
return FailJson("用户名不能为空");
}
if(string.IsNullOrEmpty(info.Password))
{
return FailJson("用户密码不能为空")
}
Verify the parameters one by one. This method is the crudest, but it was indeed used under WebForm at the time. It's okay for the method with few parameters. If there are more parameters, you have to write n more if-ifs, which is quite tedious. More importantly, this part of the judgment cannot be reused. Another method makes the same judgment.
2. Through DataAnnotation
mvc provides DataAnnotation to verify the Action Model. In the final analysis, DataAnnotation is a series of characteristics that inherit ValidationAttribute, such as RangeAttribute, RequiredAttribute, etc. The virtual method IsValid of ValidationAttribute is used to determine whether the marked object conforms to the current rules. When asp.net mvc performs model binding, it will obtain the marked ValidationAttribute through reflection, and then call IsValid to determine whether the current parameters comply with the rules. If the verification fails, error information will also be collected. This is why we can Use ModelState.IsValid to determine whether the Model verification passes, and use ModelState to obtain the reason for the verification failure. For example, the above example:
public class RegisterInfo
{
[Required(ErrorMessage="用户名不能为空")]
public string UserName{get;set;}
[Required(ErrorMessage="密码不能为空")]
public string Password { get; set; }
}
In fact, this process can also be implemented on webform by referring to the implementation principle of mvc. The advantage of this method is that it is very elegant and flexible to implement. If there are multiple Actions sharing a Model parameter, it is enough to write it in one place. The key is that it makes our code look very concise.
However, this method also has shortcomings. Usually our projects may have many interfaces, such as dozens of interfaces. Some interfaces only have two or three parameters. It is a bit luxurious to define a class packaging parameter for each interface, and in fact it is Naming this class is also a very headache.
3. DataAnnotation can also be marked on parameters
You can see through the AttributeUsage of the verification feature that it can be marked not only on attributes and fields, but also on parameters. In other words, we can also write like this:
public ActionResult Register([Required(ErrorMessage="用户名不能为空")]string userName, [Required(ErrorMessage="密码不能为空")]string password)
It’s OK to write like this, but obviously, it will make the method parameters look ugly, especially when there are multiple parameters, or the parameters have multiple validation rules when.
4. Customize ValidateAttribute
We know that we can use filters to do some processing before the execution of mvc's Action, such as authentication and authorization processing. In the same way, it can also be used to verify parameters. FilterAttribute is a common filter that allows us to do some operations before and after the Action is executed. What we have to do here is to verify the parameters before the Action. If the verification fails, it will no longer be executed.
Define a BaseValidateAttribute base class as follows:
public class BaseValidateAttribute : FilterAttribute
{
protected virtual void HandleError(ActionExecutingContext context)
{
for (int i = ValidateHandlerProviders.Handlers.Count; i > 0; i--)
{
ValidateHandlerProviders.Handlers[i - 1].Handle(context);
if (context.Result != null)
{
break;
}
}
}
}
HandleError is used to handle the results when validation fails. Here ValidateHandlerProviders mentions IValidateHandler for processing the results, which can be registered externally. IValidateHandler is defined as follows:
public interface IValidateHandler
{
void Handle(ActionExecutingContext context);
}
ValidateHandlerProviders is defined as follows, it has a default processor.
public class ValidateHandlerProviders
{
public static List<IValidateHandler> Handlers { get; private set; }
static ValidateHandlerProviders()
{
Handlers = new List<IValidateHandler>()
{
new DefaultValidateHandler()
};
}
public static void Register(IValidateHandler handler)
{
Handlers.Add(handler);
}
}
The purpose of this is that since we may have many specific ValidateAttributes, we can separate this module and leave the final processing to external decisions. For example, we can define a processing in the project Device:
public class StanderValidateHandler : IValidateHandler
{
public void Handle(ActionExecutingContext filterContext)
{
filterContext.Result = new StanderJsonResult()
{
Result = FastStatnderResult.Fail("参数验证失败", 555)
};
}
}
Then register when the application starts: ValidateHandlerProviders.Handlers.Add(new StanderValidateHandler());
ValidateRegexAttribute:
public class ValidateNullAttribute : BaseValidateAttribute, IActionFilter
{
public bool ValidateEmpty { get; set; }
public string Parameter { get; set; }
public ValidateNullAttribute(string parameter, bool validateEmpty = false)
{
ValidateEmpty = validateEmpty;
Parameter = parameter;
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
string[] validates = Parameter.Split(',');
foreach (var p in validates)
{
string value = filterContext.HttpContext.Request[p];
if(ValidateEmpty)
{
if (string.IsNullOrEmpty(value))
{
base.HandleError(filterContext);
}
}
else
{
if (value == null)
{
base.HandleError(filterContext);
}
}
}
}
public void OnActionExecuted(ActionExecutedContext filterContext)
{
}
}
More verifications can be implemented in the same way.
In this way, our above writing method becomes:
public class ValidateRegexAttribute : BaseValidateAttribute, IActionFilter
{
private Regex _regex;
public string Pattern { get; set; }
public string Parameter { get; set; }
public ValidateRegexAttribute(string parameter, string pattern)
{
_regex = new Regex(pattern);
Parameter = parameter;
}
public void OnActionExecuting(ActionExecutingContext filterContext)
{
string[] validates = Parameter.Split(',');
foreach (var p in validates)
{
string value = filterContext.HttpContext.Request[p];
if (!_regex.IsMatch(value))
{
base.HandleError(filterContext);
}
}
}
public void OnActionExecuted(ActionExecutedContext filterContext)
{
}
}
On the whole, it seems ok, and the above DataAnnotation can be weighed and used. Here we can expand more useful information, such as error descriptions, etc. wait.
Summary
Of course, each method has its shortcomings. This choice depends on the specific situation. Generally, if there are too many parameters, it is recommended to wrap them with an object.
For more related articles on several methods of ASP.NET MVC background parameter verification, please pay attention to the PHP Chinese website!
C# and .NET: Understanding the Relationship Between the TwoApr 17, 2025 am 12:07 AMThe relationship between C# and .NET is inseparable, but they are not the same thing. C# is a programming language, while .NET is a development platform. C# is used to write code, compile into .NET's intermediate language (IL), and executed by the .NET runtime (CLR).
The Continued Relevance of C# .NET: A Look at Current UsageApr 16, 2025 am 12:07 AMC#.NET is still important because it provides powerful tools and libraries that support multiple application development. 1) C# combines .NET framework to make development efficient and convenient. 2) C#'s type safety and garbage collection mechanism enhance its advantages. 3) .NET provides a cross-platform running environment and rich APIs, improving development flexibility.
From Web to Desktop: The Versatility of C# .NETApr 15, 2025 am 12:07 AMC#.NETisversatileforbothwebanddesktopdevelopment.1)Forweb,useASP.NETfordynamicapplications.2)Fordesktop,employWindowsFormsorWPFforrichinterfaces.3)UseXamarinforcross-platformdevelopment,enablingcodesharingacrossWindows,macOS,Linux,andmobiledevices.
C# .NET and the Future: Adapting to New TechnologiesApr 14, 2025 am 12:06 AMC# and .NET adapt to the needs of emerging technologies through continuous updates and optimizations. 1) C# 9.0 and .NET5 introduce record type and performance optimization. 2) .NETCore enhances cloud native and containerized support. 3) ASP.NETCore integrates with modern web technologies. 4) ML.NET supports machine learning and artificial intelligence. 5) Asynchronous programming and best practices improve performance.
Is C# .NET Right for You? Evaluating its ApplicabilityApr 13, 2025 am 12:03 AMC#.NETissuitableforenterprise-levelapplicationswithintheMicrosoftecosystemduetoitsstrongtyping,richlibraries,androbustperformance.However,itmaynotbeidealforcross-platformdevelopmentorwhenrawspeediscritical,wherelanguageslikeRustorGomightbepreferable.
C# Code within .NET: Exploring the Programming ProcessApr 12, 2025 am 12:02 AMThe programming process of C# in .NET includes the following steps: 1) writing C# code, 2) compiling into an intermediate language (IL), and 3) executing by the .NET runtime (CLR). The advantages of C# in .NET are its modern syntax, powerful type system and tight integration with the .NET framework, suitable for various development scenarios from desktop applications to web services.
C# .NET: Exploring Core Concepts and Programming FundamentalsApr 10, 2025 am 09:32 AMC# is a modern, object-oriented programming language developed by Microsoft and as part of the .NET framework. 1.C# supports object-oriented programming (OOP), including encapsulation, inheritance and polymorphism. 2. Asynchronous programming in C# is implemented through async and await keywords to improve application responsiveness. 3. Use LINQ to process data collections concisely. 4. Common errors include null reference exceptions and index out-of-range exceptions. Debugging skills include using a debugger and exception handling. 5. Performance optimization includes using StringBuilder and avoiding unnecessary packing and unboxing.
Testing C# .NET Applications: Unit, Integration, and End-to-End TestingApr 09, 2025 am 12:04 AMTesting strategies for C#.NET applications include unit testing, integration testing, and end-to-end testing. 1. Unit testing ensures that the minimum unit of the code works independently, using the MSTest, NUnit or xUnit framework. 2. Integrated tests verify the functions of multiple units combined, commonly used simulated data and external services. 3. End-to-end testing simulates the user's complete operation process, and Selenium is usually used for automated testing.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
Zend Studio 13.0.1
Powerful PHP integrated development environment
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.
Dreamweaver CS6
Visual web development tools
