• WebApi过滤器使用和请求实体合法性验证


    1、 在WebApiConfig中注册 请求数据处理(如做签名认证)注册 (继承MessageProcessingHandler)

    2、 在WebApiConfig中注册 对请求数据实体注解验证注册(继承ActionFilterAttribute)

    3、 在WebApiConfig中注册  如红色部分

    public static void Register(HttpConfiguration config)
            {           
                var jsonFormatter = new JsonMediaTypeFormatter {
                    UseDataContractJsonSerializer = false
                };
                var serializerSettings = jsonFormatter.SerializerSettings;       
                config.Services.Replace(typeof(IContentNegotiator), new JsonContentNegotiator(jsonFormatter));
    
               // Web API 路由
                config.MapHttpAttributeRoutes();
    
                config.Routes.MapHttpRoute(
                    name: "DefaultApi",
                    routeTemplate: "api/{controller}/{id}",
                    defaults: new { id = RouteParameter.Optional }
                );
                 // 对请求数据做验证处理
                config.MessageHandlers.Add(new CmbMessageProcesssingHandler ());
                 // 对接收的实体对象参数做合法性验证         
                config.Filters.Add(new CmbActionFilterAttribute());
                config.Filters.Add(new ExceptionFilterAttribute());
            }


      

    4、详细说明 CmbMessageProcesssingHandler和CmbActionFilterAttribute

    CmbMessageProcesssingHandler:对请求数据和响应数据做处理  
    public class CmbMessageProcesssingHandler : MessageProcessingHandler
        {
            private static readonly ILog Logger = LogManager.GetLogger(typeof(CmbMessageProcesssingHandler));
    
     // 数据结构 不是重点
            protected class AbcDataTransferDto
            {
                public string VisitCode { get; set; }
    
                public string Sign { get; set; }
    
                public string Content { get; set; }
            }
    
    // 请求数据做处理是重点
            protected override HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken)
            {
                var contentType = request.Content.Headers.ContentType;
                var stringContent = string.Empty;
                var formData = request.Content.ReadAsFormDataAsync(cancellationToken).Result;
               
    
                var sign = formData.Get("Sign");
                var visitCode = formData.Get("VisitCode");
                var content = formData.Get("Content");
    
                if (!string.IsNullOrWhiteSpace(sign) && !string.IsNullOrWhiteSpace(visitCode) && !string.IsNullOrWhiteSpace(content))
                {
                    var baseContent = CommonUtils.RijndaelDecrypt(content, Consts.EncryptKey);
                    if (VertifySign(visitCode, baseContent, sign))
                    {
                        stringContent = baseContent;
                        Logger.Info($"api 接口请求参数解密报文:{stringContent}");
                    }
                    else
                    {
                        Logger.Error($"api 接口请求参数签名无效:{request.Content.ReadAsStringAsync().Result}");
                    }
                }
                else
                {
                    Logger.Error($"api 接口请求参数格式无效:{request.Content.ReadAsStringAsync().Result}");
                }
    
                // 将解密后的BODY数据 重置
                request.Content = new StringContent(stringContent);
                //此contentType必须最后设置 否则会变成默认值
                // contentType.MediaType = "application/json"; 当实际内容content是json时 Sing=22&VisitCode=ssss&Content=加密({"/Yurref":22,"/Dbtacc"/:yinghang01})
                //当实际内容content是Yurref=22&Dbtacc=yinghang01 时 application/x-www-form-urlencoded   Sing=22&VisitCode=ssss&Content=加密(Yurref=22&Dbtacc=yinghang01)不修改情况content-type:application/x-www-form-urlencoded  现在是这种方案
                request.Content.Headers.ContentType = contentType;
                return request;
            }
    // 响应数据做处理是重点
            protected override HttpResponseMessage ProcessResponse(HttpResponseMessage response, CancellationToken cancellationToken)
            {
                if (response.StatusCode != HttpStatusCode.OK)
                    return response;
                var result = response.Content.ReadAsStringAsync().Result;
                var visitCode = Consts.VisitCode;//后续可以考虑随机颁发
                var encodeResult = CommonUtils.RijndaelEncrypt(result, Consts.EncryptKey);
                var dto = new AbcDataTransferDto {
                    VisitCode = visitCode,
                    Content = encodeResult,
                    Sign = GetEncryptSign(visitCode, result)
                };
                response.Content = new StringContent(JsonConvert.SerializeObject(dto));
                return response;
            }        
    }

    5、 CmbActionFilterAttribute:对请求实体对象验证做处理

    public class CmbActionFilterAttribute : ActionFilterAttribute
        {
            private static readonly ILog Logger = LogManager.GetLogger(typeof(CmbActionFilterAttribute));
    
            public override void OnActionExecuting(HttpActionContext actionContext)
            {
                base.OnActionExecuting(actionContext);
                // 查看接收到的实体对象各属性是否合法
                if (actionContext.ModelState.IsValid)
                    return;
                var errorMessage = actionContext.ModelState.ErrorMessage();
                Logger.Error($"模型绑定参数验证无效-RequestUri:{actionContext.Request.RequestUri} errorMessage:{errorMessage}");
                // 如果不合法直接返回 结果信息
                actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, new {
                    status = -1,
                    message = errorMessage
                });
            }
        }
    补充说明如实体对象验证信息
            /// <summary>
            /// 业务参考号
            /// </summary>  
            [Required(AllowEmptyStrings = false, ErrorMessage = "业务参考号不能为空")]
            [StringLength(30, ErrorMessage = "业务参考号长度无效,最多30位")]
            public string Yurref { get; set; }

     

     

  • 相关阅读:
    Android json操作之取得一个对象
    Uubntu E: Sub-process /usr/bin/dpkg returned an error code问题的解决办法
    转 Android
    Android 将从网络获取的数据缓存到私有文件
    Android 每隔3s更新一次title
    Android UI主线程与子线程
    Android 解析JSON数组
    MySql中的内外联结查询
    MySQL执行外部sql脚本
    Ubuntu 下启动/停止/重启mysql服务
  • 原文地址:https://www.cnblogs.com/liyanbofly/p/12100316.html
Copyright © 2020-2023  润新知