绕过 get 请求的 MVC 验证
我的控制器中有这段代码:
[HttpGet]
public ActionResult Register(UserRegistrationModel model)
{
return View();
}
我喜欢这样的原因是因为注册页面可以预先填充从其他页面生成的查询字符串中的值。
问题是,当我的视图被渲染时,它显示验证错误......有没有办法绕过它?
I have this code in my controller:
[HttpGet]
public ActionResult Register(UserRegistrationModel model)
{
return View();
}
The reason I do like this is because the Register page can be pre-populated with values from querystring that are generated from other pages.
The problem is that when my view gets rendered, it shows the validation errors... Is there a way to bypass it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
快速回答:尝试在“GET”操作方法上使用 [ValidateInput(false)]
更新:
在 asp.net 4 中,要让框架确认 ValidateInput 属性,您还需要在 web.config 中配置验证模式。
将以下内容设置为
为什么在“GET”操作方法中包含 ViewModel?
要利用默认模型绑定器。
例如,我们有子操作返回绑定到复杂 ViewModel 设置的部分视图,并且我们不想为每个子操作显式实例化和重建 ViewModel。
例如,订单页面的编辑页面采用继承 BaseUserViewModel 的 EditOrderViewModel,而 BaseUserViewModel 又包含用户特定的显示数据(用户名、购物车商品计数等)。
因此,返回编辑视图的操作方法如下所示:
现在,只要对此子操作方法的请求以某种方式包含 BaseUserViewModel 的属性(例如通过 Cookies、Form 和 QueryString 属性),则默认模型绑定器将实例化并使用所有基本视图模型数据填充 EditOrderViewModel。
但是,当我们第一次加载此页面时,我们不希望验证消息以用户还没有机会编辑的形式显示...
因此,我们关闭“GET”请求的模型验证>只需确保您验证“POST”请求即可!
Quick Answer: try using [ValidateInput(false)] on your 'GET' action methods
UPDATE:
With asp.net 4, to get the framework to acknowledge the ValidateInput attribute, you'll need to configure the validation mode in the web.config as well.
Set the following as a child of the
<system.web>element:Why have a ViewModel in your 'GET' action methods?
To take advantage of the default model binder.
For example, we have Child Actions returning partial views that are bound to complex ViewModels setup and we don't want to explicitly instantiate and rebuild the ViewModel for each Child Action.
e.g The Edit page for a an Order page takes a an EditOrderViewModel which inherits the BaseUserViewModel which in turn contains user specific display data (username, cart item count, etc.).
So the action method to return the Edit view looks like:
Now as long as the Request to this child action method includes the properties of BaseUserViewModel somehow (e.g. through the Cookies, Form, and QueryString properties), then the default model binder will instantiate and populate the EditOrderViewModel with all the base view model data.
However, when we first load this page, we don't want the validation messages showing up in the form that the user hasn't had a chance to edit yet...
Hence, we turn off Model validation for the 'GET' request > just make sure you validate the 'POST' request!
通常,当运行这样的操作时,您倾向于使用单独的参数而不是完整的模型;看起来正在发生的是模型绑定器正在启动并为您验证您的模型。
您能否通过调试该操作来验证
ModelState.IsValid为 false,并且其中有一些与模型上无效字段相关的键?如果是这样,您可以在返回视图之前尝试执行ModelState.Clear(),以防止在这种情况下出现验证错误。Normally when running an action such as this you would tend to use individual parameters rather than a complete model; what it looks like is happening is the model binder is kicking in and validating your model for you.
Can you verify by debugging the action that
ModelState.IsValidis false and that it has some keys in it relating to the fields on your model which are invalid? If so you could try to do aModelState.Clear()before you return the view to prevent the validation errors from showing up in this case.我遇到了同样的问题,我在模型中使用 CustomValidation 属性进行创建操作,但对于另一个需要将更改保存到数据库的操作,验证导致了错误。所以我通过删除 CustomValidation 属性并仅验证 Create 操作方法内的模型来修复它
I had the same problem, I used CustomValidation attribute in model for Create action but for another action which requires saving changes to database the validation caused error. so I fixed it by removing the CustomValidation attribute and validating the model inside the Create action method only