current community

your communities

more stack exchange communities

company blog
Stack Exchange Inbox Reputation and Badges
tour help
Stack Overflow is a community of 4.7 million programmers, just like you, helping each other.

Join them; it only takes a minute:

Sign up
Join the Stack Overflow community to:
  1. Ask programming questions
  2. Answer and help your peers
  3. Get recognized for your expertise
up vote 0 down vote favorite

I am developing a Restful service using .net web API.

There are a few posts about input validation for the post request using model validation. However, I am wondering what is the best practice of doing the validation for Get request.

For example

public HttpResponseMessage Get(int id, string type)
{
    // validation
    if (id <= 500 & id >= 0) {
        // invalid request
        throw new HttpResponseException();
    }
    // type validation
    if (type is not in a predefined allowed type list from database) {
        // throw validation error
    }
    // more validation ... ...
    // do something else
}

I would like to know what is the best place to put the validation logic in in .net web api framework.

The id validation is just an example and the validation logic could go quite complicated for some cases.

I don't want to create a class just for the id and put some custom validator attribute on the ID property. I think .net has a better support for that already.

share|improve this question
3  
Do you even need it? If the request is for id 122334534 and there is no record in the database for that id, you would just return 404 Not Found anyway... – Trevor Pilley Jun 10 '13 at 13:19
    
If the validation is that basic, do it in the controller method – Joanna Turban Jun 10 '13 at 13:59
    
This is just an example, the validation logic could be complicated in some case. – Stay Foolish Jun 10 '13 at 21:30
    
Then explain what "complicated" is. – CodeCaster Jun 10 '13 at 23:11
    
I updated the example a bit and hopefully that explain more. – Stay Foolish Jun 10 '13 at 23:24
up vote 1 down vote

You can use route constraints for this parameter

 routes.MapRoute(
            name: "Default",
            url: "{controller}/{action}/{id}",
            defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional },                
            constraints: new { id = "@[1-500]+" } //this is not valid code. use correct regular expression to implement validation behavior you need.
        );

Answer on comment. What u mean - complicated vlidation? You asked about GET request and the siplest way is use the route constraint. Another way is ActiontFilter. For example 

public class SomeFilter : ActionFilterAttribute
{
    public override void OnActionExecuting(HttpActionContext filterContext)
    {
        string param = filterContext.ActionArguments["id"].ToString();
        //do some validation stuff here. for example data anotations
        var validator = new RangeAttribute(1, 500); //numeric range.
        if (validator.IsValid(Convert.ToInt64(param)));
            do valid//
        //if u need validate entire model from post request try 
        if (!filterContext.ModelState.IsValid)
        {
            filterContext.Response = filterContext.Request.CreateErrorResponse(
                HttpStatusCode.BadRequest, filterContext.ModelState);
        }

    }
}

or google for "web api model validation"

share|improve this answer
    
How about some complicated validation? – Stay Foolish Jun 10 '13 at 21:31

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.