I am working on a ASP.NET WebApi project. I have a model class that has a property that I don't want to serialize in public calls. For this purpose I am usin [JsonIgnore] for that property and it is excluded from jsons as expected. Now in a [Authorize] controller method I want to serialize object with all properties, even the one that excluded by [JsonIgnore]. Any idae?
Related
I have a view model that implements IValidatableObject and also has several validation attributes. When I attempt to call an action on my ApiController, only the attribute validation is performed. Does ASP.NET Web API not support IValidatableObject? What's the alternative for complex validation that cannot be represented by a single attribute?
Edit: Somewhere along the line, I must have fudged something up. The validation mysteriously started working as expected. Looks like IValidatableObject is definitely supported by default.
With Web API 2.1 (Microsoft.AspNet.WebApi nuget 5.1.x), I experienced IValidatableObject's Validate method not being called if any of the validation attributes are invalid. Hence, all validation attributes that have been applied to your class's properties must first pass as valid before that class's Validate method will be called.
If, for example, you have a property with the RequiredAttribute and you do not put a value in that field, your implementation of IValidatableObject's Validate method will not be called. Although not technically a bug, I expected the Validate method to be called every time I validate.
Not yet tried IValidatableObject on webapi, but it should be supported according to the documentation the Validation provider for DataAnnotations (DataAnnotationsModelValidatorProvider) provide also IValidatableObject validation. See here: http://msdn.microsoft.com/en-us/library/system.web.http.validation.providers(v=vs.108)
Anyway, you can use also Object level ValidationAttribute that you can use to decorated a class...It is not so easy as IValidatableObject, but should work.
As of now, IValidatableObject is supported.
We have to use a custom ModelBinder that implements IModelBinder. We cannot directly change this code at all. It currently doesn't have support for updating ModelState from the DataAnnotations of the model passed in. We want to subclass the ModelBinder and add that support. What do we need to do to add that support so it works like DefaultModelBinder works with DataAnnotations?
I have a custom DataAnnotationsModelValidatorProvider for doing model validation in a more dynamic way then just adding attributes. I tried to add my provide to the global.asax.cs like so:
ModelValidatorProviders.Providers.Clear();
ModelValidatorProviders.Providers.Add(new AttributeValidatorProvider());
But once I load my form, I get an error saying "Validation type names in unobtrusive client validation rules must be unique. The following validation type was seen more than once: required".
According to a comment on this blog, this is because Ninject is overriding custom validator providers.
I'm fairly new to MVC and I can't seem to find a way to tell Ninject to accept my custom providers as well, how would I go about fixing this problem?
For the record: I do not wish to use Fluentvalidation.net, I want to stick with the default MVC validations (for the most part).
There is another way (works in MVC 4 for sure):
Find your class which inherit IdependencyResolver interface and add to constructor _kernel.Unbind<ModelValidatorProvider>(); - you just unbind ninject validator and there should be no colission with default validator.
In my case my constructor looks like this:
public NinjectDependencyResolver()
{
_kernel = new StandardKernel();
_kernel.Unbind<ModelValidatorProvider>();
AddBindings();
}
Change the registration of the provider to
Rebind<ModelValidatorProvider>().To<AttributeValidatorProvider>();
I'm trying to setup an 'Authorization' Filter on an Action, creating my own ActionFilterAttribute where I do a database lookup to determine if a user has access to a certain resource.
On my class inheriting from ActionFilterAttribute, I have created an Injected(Ninject) property to hold the service that I am using for the database access. I have a parameterless constructor so that I can use this as an attribute on my actions. In the 'OnActionExecuting' Method, I am able to gain access to the Injected property (it's not null), but the base DBCotext that it is using is closed.
This working fine, up until the RTM of MVC3, where the Release Notes stated:
Breaking Changes:
In previous versions of ASP.NET MVC, action filters are create per
request except in a few cases. This
behavior was never a guaranteed
behavior but merely an implementation
detail and the contract for filters
was to consider them stateless. In
ASP.NET MVC 3, filters are cached more
aggressively. Therefore, any custom
action filters which improperly store
instance state might be broken.
The first time I use this filter, it works as expected, but if I refresh the page or another user access this filter, I get the error:
The operation cannot be completed
because the DbContext has been
disposed.
which is what I guess I should expect given the breaking changes notes.
My question is this, what would be the preferred/recommended way of accomplishing what I need to do? Should this be in an ActionFilterAttribute, or should this 'authorization' be done somewhere else?
I'd do authentication in Application_AuthenticateRequest and authorization in your attribute using Thread.CurrentPrincipal, but your method should work too. You just need to count with fact that DbContext will be different for each request but your attribute won't. Something like this should do the trick (I'm assuming you are using DependencyResolver):
public class MyMightyAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var context = (DbContext)DependencyResolver.Current.GetService(typeof(DbContext))
// authenticate, authorize, whatever
base.OnActionExecuting(filterContext);
}
}
I have been battling with this for a while and finally solved my problem. So here is my solution in the hope it may help someone else.
The setup:
1. I have an MVC3 project, a custom action filter that accesses the db using EF5 via a business service.
2. I use Unity and unity.MVC to resolve my dependencies on a per request basis.
3. I use property injection into my custom Action filter, as it has a parameterless constructor.
The result.
Dependency injection works correctly for all the services used by actions, my EF DbContext is correctly disposed of at the end of each request.
The Problem
Although my property dependency is resolved in my custom action filter, it contains a stale instance of my DbContext (e.g. it seems to have been cached from the previous request)
As mentioned in previous posts, MVC3 is more aggressive with filter caching and the state of a filter cannot be relied on. So the suggestion was to resolve the dependency in the OnActionExecuting method. So I removed my injected property and did just that called resolve on my unity container. However I still got a stale version of the DbContext. Any changes in the DB were correctly queried in my main actions, but the custom action filter didn’t pick them up.
The solution.
Unity.MVC Manages per-request lifetime by using child containers and disposing these at the end of each request. By resolving my dependency’s in the action filter from my unity container I was resolving from the parent container which is not disposed of on each request.
So rather than
IoC.Instance.CurrentContainer.Resolve<IService>();
I used this to obtain an instance of the child container rather than parent.
var childContainer = HttpContext.Current.Items["perRequestContainer"] as IUnityContainer;
var service = childContainer.Resolve<IServcie>();
I'm sure there must be a clean way to achive the same result, so please add suggestions.
Ok slight refinement to allow my unit test to inject a mock of the service.
1. remove the dependency resolve from the the OnActionexecuting and add two constructors.
public MyCustomActionfilter() : this(((IUnityContainer)HttpContext.Current.Items["perRequestContainer"].Resolve<IService>())
and
public MyCustomActionfilter(IService service)
{
this.service = service;
}
Now the constructor resolves your service and stores it as a private readonly. This can now be consumed in your OnActionExecutng function. Unit tests can now call the second constructor and inject a mock.
What could the best strategy for writing validation layer for mid-enterprise level business application built on Spring 2.5
I know that Spring provides facility where we can implement Validator interface and write validation logic in validate method. But this will be restricted to only web requests coming through spring controller.
I would like to develop the validation framework which can be utilized during web-services calls.
In other words, the framework can remain and be called independently without the need of implementing Validator interface and then too it can be automatically integrated into Spring MVC flow.
Hope you get my point.
The Spring Validation framework can be used outside of Spring MVC. What WebServices Stack are you using? If you are using Spring-WS (Spring's Web Services stack) they have special instructions on how to set up the validator here:
http://static.springframework.org/spring-ws/sites/1.5/reference/html/server.html#d0e2313
If you are using some other stack, it is probably easier to implement something for that stack (or find one) that will use Spring's validation framework.
Recall that the Validator interface defines two methods:
boolean supports(Class clazz)
void validate(Object target, Errors errors)
The Object target is your form object, which is the whole object representing the page to be shown to the user. The Errors instance will contain the errors that will be displayed to the user.
So, what you need to do is define an intermediary that can be called with the specifics in your form that you want to validate which are also the same as in your web service. The intermediary can take one of two forms:
(probably the best):
public interface ErrorReturning {
public void getErrors(Errors errors);
}
(this can get ugly really fast if more than two states are added):
public interface ValidationObject {
public Errors getErrors(Errors errors);
public Object getResultOfWebServiceValidation();
}
I would suggest that the first approach be implemented. With your common validation, pass an object that can be used for web service validation directly, but allow it to implement the getErrors() method. This way, in your validator for Spring, inside your validation method you can simply call:
getCommonValidator().validate(partialObject).getErrors(errors);
Your web service would be based around calls to getCommonValidator().validate(partialObject) for a direct object to be used in the web service.
The second approach is like this, though the interface only allows for an object to be returned from the given object for a web service validation object, instead of the object being a usable web service validation object in and of itself.