I have an Web API project with lots of the Controllers, Validators, Services and Repositories in asp.net core
I am going to disable all the 400 Bad requests message bodies (Validate a Property from a model or ...) on production mode due to the security
how I can do this in asp.net core 2.2 ?
As others have pointed out in the comments, this probably isn't a good idea and it's unlikely to improve security if your error messages are properly designed.
But in case you would like this nonetheless, one way to do it is to implement an MVC action filter:
public class BadRequestEmptyBodyFilter : IActionFilter, IOrderedFilter
{
public void OnActionExecuting(ActionExecutingContext context)
{
if (context.Result == null && !context.ModelState.IsValid)
{
context.Result = new ObjectResult(null)
{
StatusCode = StatusCodes.Status400BadRequest
};
}
}
public void OnActionExecuted(ActionExecutedContext context)
{
if (context.Exception != null || context.Result == null)
{
return;
}
var statusCodeResult = context.Result as IStatusCodeActionResult;
if (statusCodeResult?.StatusCode == StatusCodes.Status400BadRequest)
{
context.Result = new ObjectResult(null)
{
StatusCode = StatusCodes.Status400BadRequest
};
}
}
// Set this to a large negative number so it runs early in the pipeline
public int Order => -1000000;
}
Then register this in Startup. Also, you should set ApiBehaviorOptions.SuppressModelStateInvalidFilter to true to disable the default bad request filter:
services.AddMvc(options =>
{
options.Filters.Add<BadRequestEmptyBodyFilter>();
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2)
.ConfigureApiBehaviorOptions(options =>
{
options.SuppressModelStateInvalidFilter = true;
});
