ASP.NET Core中Fluent Validation验证失败时,如何访问Filter/Action的ModelState?
嘿,这个问题我之前也碰到过,咱们一步步来捋清楚:
问题背景
我最近在把旧的ASP.NET MVC 4项目的验证逻辑替换为ASP.NET Core的Fluent Validation时遇到了麻烦:当前请求流程是 Middleware => Controller构造函数 => FluentValidator => Filter => Action,但只要FluentValidator的规则验证失败,系统就直接通过Middleware返回400错误响应,导致我没法在Filter或者Action里访问ModelState。想搞明白原因,或者找到修改方法让请求能进到Action/Filter里。
相关代码
Startup配置
public void ConfigureServices(IServiceCollection services) { services.AddMvc(options => { options.Filters.Add(typeof(ValidateModelAttribute)); }) .SetCompatibilityVersion(CompatibilityVersion.Version_2_1) .AddFluentValidation(fv => fv.RegisterValidatorsFromAssemblyContaining<Startup>()); } public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddNLog(); env.ConfigureNLog("nlog.config"); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseHsts(); } app.UseHttpsRedirection(); app.UseSwagger(); app.UseSwaggerUI(c => { c.SwaggerEndpoint("/swagger/v1/swagger.json", "CorpLight API V1"); }); app.UseMiddleware<RequestResponseLoggingMiddleware>(); app.UseMiddleware<ErrorHandlingMiddleware>(); app.UseMiddleware<AuthenticateMiddleware>(); app.UseMvc(); }
ErrorHandlingMiddleware
private readonly RequestDelegate _next; public ErrorHandlingMiddleware(RequestDelegate next) { _next = next; } public async Task Invoke(HttpContext context) { try { await _next(context); } catch (Exception ex) { await HandleExceptionAsync(context, ex); } }
验证器
public class CardInformationRequestValidator : AbstractValidator<RequestModel<CardInformationRequest>> { public CardInformationRequestValidator() { RuleFor(x => x.Request.RU).NotNull().NotEmpty(); RuleFor(x => x.Request.Currency).NotNull().NotEmpty(); RuleFor(x => x.Request.AccountNumber).NotNull().NotEmpty(); } }
控制器
[Route("api/[controller]")] [ApiController] public class CardController : ControllerBase { private readonly ICardRepo _cardRepo; private readonly IMapper _mapper; public CardController(ICardRepo cardRepo, IMapper mapper) { _cardRepo = cardRepo; _mapper = mapper; } [HttpPost] public async Task<MessageWithElements<CardInformation, CardInfo>> CardInformations(RequestModel<CardInformationRequest> request) { if (!ModelState.IsValid) throw new InvalidParametersException($"can't be empty"); //业务逻辑 } }
过滤器
public class ValidateModelAttribute : ActionFilterAttribute { public override void OnActionExecuting(ActionExecutingContext context) { if (!context.ModelState.IsValid) { //处理逻辑 } } }
测试情况
- 有效请求JSON:
{ "request": { "ru": "string", "accountNumber": "string", "currency": 1 } },验证通过可到达Filter; - 无效请求JSON(currency为0):
{ "request": { "ru": "string", "accountNumber": "string", "currency": 0 } },验证失败直接返回400错误:{ "Request.Currency": [ "'Request. Currency' must not be empty." ] }
原因分析
核心问题出在**ApiController特性的自动模型验证响应机制**上:
当你给控制器加上[ApiController]时,ASP.NET Core会自动注册一个ModelStateInvalidFilter过滤器,这个过滤器会在模型验证失败(也就是Fluent Validation校验不通过导致ModelState.IsValid为false)时,直接返回400 Bad Request响应,而且这个过滤器的执行顺序在你自定义的ValidateModelAttribute之前,甚至在Action执行之前。所以你的自定义Filter和Action根本没机会被触发,请求就被拦截返回了。
解决方案
有两种方式可以实现你的需求,让请求能进入Filter/Action:
方案1:全局关闭自动模型验证响应
在Startup的ConfigureServices方法中,修改AddMvc的配置,关闭自动返回400的模型验证过滤器:
services.AddMvc(options => { options.Filters.Add(typeof(ValidateModelAttribute)); // 关闭自动返回400的模型验证过滤器 options.SuppressModelStateInvalidFilter = true; }) .SetCompatibilityVersion(CompatibilityVersion.Version_2_1) .AddFluentValidation(fv => fv.RegisterValidatorsFromAssemblyContaining<Startup>());
这样配置后,即使ModelState无效,请求也会继续流转到你的自定义ValidateModelAttribute过滤器,以及Action方法里。你可以在Filter或者Action中自己检查ModelState.IsValid,然后处理错误逻辑。
方案2:针对单个控制器关闭自动验证
如果你不想全局关闭,也可以在特定控制器的[ApiController]特性中单独设置:
[Route("api/[controller]")] [ApiController(SuppressModelStateInvalidFilter = true)] public class CardController : ControllerBase { // ... 控制器代码 }
额外说明
关闭自动验证后,你需要确保自己的Filter或者Action里处理了ModelState无效的情况——比如你已经写好的ValidateModelAttribute就可以在这里发挥作用,或者Controller里的if (!ModelState.IsValid)判断也能正常执行了。
内容的提问来源于stack exchange,提问作者Roman Makarenko
