我使用下面的代码来反序列化一个实例的 MyModel
public async Task<IHttpActionResult> DoSomething([FromBody] MyModel model)
class MyModel {
string a;
int b;
}
有什么办法可以强制执行更严格的模型绑定,使下面的输入无法工作?
{
"a":"someString",
"b": 4,
"c": "somethingIWantToCauseAnErrorWhenPresent"
}
你可以写你自己的ActionFilter来查找请求体,并根据你的逻辑抛出一个异常。
public class CustomValidationFilter : IActionFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{
var bodyLength = context.HttpContext.Request.Body.Length;
var buffer = new byte[bodyLength];
context.HttpContext.Request.EnableRewind();
context.HttpContext.Request.Body.Position = 0;
var streamReader = new StreamReader(context.HttpContext.Request.Body);//do not dispose this streamReader
var requestBody = streamReader.ReadToEnd();
var jsonBody = JsonConvert.DeserializeObject<JObject>(requestBody);
if (jsonBody.Property("c") != null) // your custom validation
{
}
}
public void OnActionExecuted(ActionExecutedContext context)
{
}
}
你可以在整个API中全局地应用这个过滤器,像这样(.net core 2.2)。
services.AddMvc(options => options.Filters.Add(typeof(CustomValidationFilter))).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
或者从Attribute类中继承,并把它放在特定的actioncontroller中。