1

I am developing a Restful service using .net web API.

There are a few posts about input validation for the post request using model validation. However, I am wondering what is the best practice of doing the validation for Get request.

For example

public HttpResponseMessage Get(int id, string type)
{
    // validation
    if (id <= 500 & id >= 0) {
        // invalid request
        throw new HttpResponseException();
    }
    // type validation
    if (type is not in a predefined allowed type list from database) {
        // throw validation error
    }
    // more validation ... ...
    // do something else
}

I would like to know what is the best place to put the validation logic in in .net web api framework.

The id validation is just an example and the validation logic could go quite complicated for some cases.

I don't want to create a class just for the id and put some custom validator attribute on the ID property. I think .net has a better support for that already.

Improve this question
5
  • 3
    Do you even need it? If the request is for id 122334534 and there is no record in the database for that id, you would just return 404 Not Found anyway... Commented Jun 10, 2013 at 13:19
  • If the validation is that basic, do it in the controller method Commented Jun 10, 2013 at 13:59
  • This is just an example, the validation logic could be complicated in some case. Commented Jun 10, 2013 at 21:30
  • Then explain what "complicated" is. Commented Jun 10, 2013 at 23:11
  • I updated the example a bit and hopefully that explain more. Commented Jun 10, 2013 at 23:24

1 Answer 1

Reset to default
1

You can use route constraints for this parameter

 routes.MapRoute(
            name: "Default",
            url: "{controller}/{action}/{id}",
            defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional },                
            constraints: new { id = "@[1-500]+" } //this is not valid code. use correct regular expression to implement validation behavior you need.
        );

Answer on comment. What u mean - complicated vlidation? You asked about GET request and the siplest way is use the route constraint. Another way is ActiontFilter. For example 

public class SomeFilter : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext filterContext)
    {
        string param = filterContext.ActionArguments["id"].ToString();
        //do some validation stuff here. for example data anotations
        var validator = new RangeAttribute(1, 500); //numeric range.
        if (validator.IsValid(Convert.ToInt64(param)));
            do valid//
        //if u need validate entire model from post request try 
        if (!filterContext.ModelState.IsValid)
        {
            filterContext.Response = filterContext.Request.CreateErrorResponse(
                HttpStatusCode.BadRequest, filterContext.ModelState);
        }

    }
}

or google for "web api model validation"

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

How about some complicated validation?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.