6

I have a set of services hosted with WCF Web Api, what I need to do is validate the properties inside the models of the app.

In MVC 3 for example I decorate properties in the model like this:

    [StringLength(30)]
    public string UserName { get; set; }

and then in the controller I proceed like this to verify os the model has met the validation parameters:

    [HttpPost]
    ActionResult Create(Model myModel)
    { 
        if(ModelState.IsValid(){
           Post the model
        }
        else
        {
           Don't post the model
        }
    }

Is there a way to do something similar in WCF Web Api?

Daniel
  • 2,484
  • 4
  • 27
  • 35

4 Answers4

6

Ok I finally managed to get validations for my models working. I wrote a validation handler and a couple of extensions methods. First thing the validation handler:

 public class ValidationHandler<T> : HttpOperationHandler
 {
    private readonly HttpOperationDescription _httpOperationDescription;

    public ValidationHandler(HttpOperationDescription httpOperationDescription) 
    {
        _httpOperationDescription = httpOperationDescription;
    }

    protected override IEnumerable<HttpParameter> OnGetInputParameters()
    {
        return _httpOperationDescription.InputParameters
            .Where(prm => prm.ParameterType == typeof(T));
    }

    protected override IEnumerable<HttpParameter> OnGetOutputParameters()
    {
        return _httpOperationDescription.InputParameters
            .Where(prm => prm.ParameterType == typeof(T));
    }

    protected override object[] OnHandle(object[] input)
    {
        var model = input[0];
        var validationResults = new List<ValidationResult>();
        var context = new ValidationContext(model, null, null);
        Validator.TryValidateObject(model, context, validationResults,true);
        if (validationResults.Count == 0)
        {
            return input;
        }
        else
        {
            var response = new HttpResponseMessage() 
            { 
                Content = new StringContent("Model Error"),
                StatusCode = HttpStatusCode.BadRequest
            };
            throw new HttpResponseException(response);
        }
    }
}

Notice how the Handler receives a T object, this is mainly because I would like to validate all the model types within the API. So the OnGetInputParameters specifies that the handler needs to receive a T type object, and the OnGetOutputParameters specifies that the handler needs to return an object with the same T type in case validations policies are met, if not, see how the on handle method throws an exception letting the client know that there's been a validation problem.

Now I need to register the handler, for this I wrote a couple of extensions method, following an example of a Pedro Felix's blog http://pfelix.wordpress.com/2011/09/24/wcf-web-apicustom-parameter-conversion/ (this blog helped me a lot, there are some nice explanations about the whole handler operations thing). So these are the extensions methods:

public static WebApiConfiguration ModelValidationFor<T>(this WebApiConfiguration conf)
    {
        conf.AddRequestHandlers((coll, ep, desc) => 
            {
                if (desc.InputParameters.Any(p => p.ParameterType == typeof(T)))
                { 
                    coll.Add(new ValidationHandler<T>(desc));
                }
            });
        return conf;
    }

so this methos checks if there is a T type parameter in the operations, and if so, it adds the handler to that specific operation.

This one calls the other extension method AddRequestHandler, and that method add the new handler without removing the previous registered ones, if the exist.

public static WebApiConfiguration AddRequestHandlers(
        this WebApiConfiguration conf,
        Action<Collection<HttpOperationHandler>,ServiceEndpoint,HttpOperationDescription> requestHandlerDelegate) 
    {
        var old = conf.RequestHandlers;
        conf.RequestHandlers = old == null ? requestHandlerDelegate :
                                        (coll, ep, desc) => 
                                        {
                                            old(coll, ep, desc);
                                        };
        return conf;
    }

The last thing is to register the handler:

        var config = new WebApiConfiguration();
        config.ModelValidationFor<T>(); //Instead of passing a T object pass the object you want to validate
        routes.SetDefaultHttpConfiguration(config);

        routes.MapServiceRoute<YourResourceObject>("SomeRoute");

So this is it.. Hope it helps somebody else!!

Daniel
  • 2,484
  • 4
  • 27
  • 35
5

I am currently working on a HttpOperationHandler that does exactly what you need. It's not done by now, but this psuedo code might give you an idea of how you can do it.

public class ValidationHandler : HttpOperationHandler
{
    private readonly HttpOperationDescription _httpOperationDescription;
    private readonly Uri _baseAddress;

    public ValidationHandler(HttpOperationDescription httpOperationDescription, Uri baseAddress)
    {
        _httpOperationDescription = httpOperationDescription;
        _baseAddress = baseAddress;
    }

    protected override IEnumerable<HttpParameter> OnGetInputParameters()
    {
        return new[] { HttpParameter.RequestMessage };
    }

    protected override IEnumerable<HttpParameter> OnGetOutputParameters()
    {
        var types = _httpOperationDescription.InputParameters.Select(x => x.ParameterType); 

        return types.Select(type => new HttpParameter(type.Name, type));
    }

    protected override object[] OnHandle(object[] input)
    {
        var request = (HttpRequestMessage)input[0];
        var uriTemplate = _httpOperationDescription.GetUriTemplate();

        var uriTemplateMatch = uriTemplate.Match(_baseAddress, request.RequestUri);

        var validationResults = new List<ValidationResult>();

        //Bind the values from uriTemplateMatch.BoundVariables to a model

        //Do the validation with Validator.TryValidateObject and add the results to validationResults

        //Throw a exception with BadRequest http status code and add the validationResults to the message

        //Return an object array with instances of the types returned from the OnGetOutputParmeters with the bounded values
    }
}

The OnGetInputParameters value tells what's expected into the OnHandle method, and the OnGetOutputParameters tells what's the expected output from the OnHandle method (which later on is injected into the method in the service).

You can then add the handler to the routing with a HttpConfiguration as follows:

 var httpConfiguration = new HttpConfiguration
            {
                RequestHandlers = (collection, endpoint, operation) => collection.Add(new ValidationHandler(operation, endpoint.Address.Uri))
            };
 RouteTable.Routes.MapServiceRoute<MyResource>("MyResource", httpConfiguration);
Thern
  • 71
  • 4
  • OK there are a couple of things I don't understand. For instance, where do you pass these parameters to the constructor?. Another thing is, can you use _httpOperationDescripton.KnownTypes instead of writing an extension method? Why do you provide the handler with an IEnumerable, and why the handler provides the operation with this same type? – Daniel Nov 02 '11 at 16:39
  • I have updated my answer and I hope that it answers all your questions. As you can see I'm not calling the extension method for getting all parameter types, I realized you can get those from _httpOperationDescription.InputParameters (not sure if you can get them from KnownTypes). – Thern Nov 03 '11 at 09:22
  • Yes, I have been reading a lot about operations handlers because I knew that was the way to go, but I just didn't understand its purpose. I finally managed to get this to work.. Thank you very much! I'll post my handler, hope you check it out and give me your opinion. – Daniel Nov 03 '11 at 16:12
  • @Thern great example but I am struggling about the issue. can you have a look at it? http://wcf.codeplex.com/discussions/280533 – tugberk Nov 24 '11 at 08:31
3

There is an example of this posted on MSDN of creating a behavior for this that should work. You could also call the validators manually with Validator.ValidateObject (or wrap it as an extension method) and return the validation errors, which is essentially what that behavior is doing.

bkaid
  • 51,465
  • 22
  • 112
  • 128
1

Firstly I should say awesome question+answer Daniel

However, I've taken it a little further, refined it and added to it.

ValidationHander

I've refined this a little. It is now based on a generic HttpOperationHandler so it can take the HttpRequestMessage. The reason for this is so that I can return error messages formatted using the correct media type (from the accept header). 

public class ValidationHandler<TResource> : HttpOperationHandler<TResource, HttpRequestMessage, HttpRequestMessage>
{
    public ValidationHandler() : base("response") { }

    protected override HttpRequestMessage OnHandle(TResource model, HttpRequestMessage requestMessage)
    {
        var results = new List<ValidationResult>();
        var context = new ValidationContext(model, null, null);
        Validator.TryValidateObject(model, context, results, true);

        if (results.Count == 0)
        {
            return requestMessage;
        }

        var errorMessages = results.Select(x => x.ErrorMessage).ToArray();

        var mediaType = requestMessage.Headers.Accept.FirstOrDefault();
        var response = new RestValidationFailure(errorMessages);
        if (mediaType != null)
        {
            response.Content = new ObjectContent(typeof (string[]), errorMessages, mediaType);
        }
        throw new HttpResponseException(response);
    }
}

Extension Methods

The 2 you provided stay virtually the same about from the desc paramter no longer being needed when adding the ValidationHandler in the ModelValidationFor method

I've added an extra extension method. This is to make sure that all "Resource" classes are validated. This is mainly me being lazy and forgetful. I am forever forgetting to add some class to a list somewhere. (It's why I write generic windsor installers!)

public static void ValidateAllResourceTypes(this WebApiConfiguration config, string assemblyFilter = "MyCompany*.dll")
{
    var path = Path.GetDirectoryName((new Uri(Assembly.GetExecutingAssembly().CodeBase)).AbsolutePath);
    var dc = new DirectoryCatalog(path, assemblyFilter);
    var assemblies = dc.LoadedFiles.Select(Assembly.LoadFrom).ToList();
    assemblies.ForEach(assembly =>
    {
        var resourceTypes = assembly.GetTypes()
            .Where(t => t.Namespace != null && t.Namespace.EndsWith("Resources"));

        foreach (var resourceType in resourceTypes)
        {
            var configType = typeof(Extensions);
            var mi = configType.GetMethod("ModelValidationFor");
            var mi2 = mi.MakeGenericMethod(resourceType);
            mi2.Invoke(null, new object[] { config });
        }
    });            
}

I made use of the System.ComponentModel.Composition.Hosting namespace (formerly known as MEF) for the DirectoryCatalog class. In this case I've just used the namespace ending with "Resources" to find my "Resource" classes. It wouldn't take much work to change it to use a custom attribute or whatever other way you might prefer to identify which classes are your "Resources".

RestValidationFailure

This is a little helper class I made to allow consistent behaviour for validation failure responses.

public class RestValidationFailure : HttpResponseMessage
{
    public RestValidationFailure(string[] messages)
    {
        StatusCode = HttpStatusCode.BadRequest;
        foreach (var errorMessage in messages)
        {
            Headers.Add("X-Validation-Error", errorMessage);
        }
    }
}

So, now I get a nice list (in my preferred mediatype) of all the validation errors.

Enjoy! :)

Community
  • 1
  • 1
Antony Scott
  • 21,690
  • 12
  • 62
  • 94