Stop validating user input like a rookie

We bring IBM i RPG assets forward 1© 2014 by ASNA. All rights reserved.

Server side data validation using data annotations and the .NET validator class

Stop validating user input like a rookie

Presented by Tim Daniels


Server side validation

• Takes place during a post back• When the user request requires server resources

• Use in conjunction with client side validation• Malicious users can easily bypass client side validation

• Client side validation provides a better user experience • A more responsive web page


Server side validation

• A server side validation design pattern;• Validation rules defined at the domain object model

level

• Each domain entity contains its own specific data validation rules

• A validation class that is reusable by all domain objects


The .Net Validator Class

• A helper class for validating objects

• Capable of validating all properties of an object

• Dependent on data annotation attributes


The .Net Validator Class

• A member of the System.ComponentModel.DataAnnotations name space

• A static class • Does not require instantiation

• We will utilize the TryValidateObject method

• The DetailsMSDN Validator Class

http://msdn.microsoft.com/en-us/library/system.componentmodel.dataannotations.validationresult(v=vs.110).aspx


The TryValidateObject Method

• A public method of the Validator class

• Capable of validating all properties of an object

• Returns a value of Type: System.Boolean• true if the object validates; otherwise false

• The Details• MSDN Validator.TryValidateObject Method

http://msdn.microsoft.com/en-us/library/dd411772(v=vs.110).aspx


The TryValidateObject Method • Requires four arguments passed to it;

1. Type: System.Object• The object to Validate

2. Type: ValidationContext Class• The Context that describes the object to validate

3. Type: Collections.Generic.Icollection<ValidationResult>• A Collection to hold each failed validation

4. Type: System.Boolean• true to validate all properties• false only required attributes are validated


The Object to Validate

BegClass Customer Access(*Public)

begconstructor Access(*Public)

endconstructor

dclprop Number type(*decimal) access(*public) attributes(Key(), ScaffoldColumn(*false))

dclprop CustomerName type(*string) access(*public) attributes(DisplayAttribute(Name:="Name"), RequiredAttribute(), +

StringLengthAttribute(40, ErrorMessage:="Name cannot be longer than 40 characters"))

dclprop Address type(*string) access(*public) attributes(DisplayAttribute(Name:="Street Address"), RequiredAttribute())


The Validation Context Class • Describes the context in which a validation check is performed

• The object to be validated is placed into a context suitable for input to the Validator class

• The object to be validated is passed to the constructor of the Validator class

• The Details

• MSDN Validation Context Class

http://msdn.microsoft.com/en-us/library/system.componentmodel.dataannotations.validationcontext(v=vs.110).aspx


The Validation Result Class

• Represents a container for the results of a validation request

• Properties;• Error Message

• The error message associated with the validation

• Member Name• The name of the property validated

• The Details• MSDN ValidationResult Class

http://msdn.microsoft.com/en-us/library/system.componentmodel.dataannotations.validationresult(v=vs.110).aspx


A Boolean specifies which properties to validate

• True• Validate all properties

• False• Only required attributes are validated


First add a reference to this assembly:

System.ComponentModel.DataAnnotations

Add this using statement:Using System.ComponentModel.DataAnnotations

Coding the Customer Validator Example


Unit Test• Visual Studio Test Explorer

• Test Validator

Customer Validator Demonstration

Documents

Stop validating user input like a rookie