stop validating user input like a rookie
DESCRIPTION
ASNApalooza 2014 session: Stop validating user input like a rookieTRANSCRIPT
We bring IBM i RPG assets forward 1© 2014 by ASNA. All rights reserved.
Server side data validation using data annotations and the .NET validator class
Stop validating user input like a rookie
Presented by Tim Daniels
We bring IBM i RPG assets forward 2© 2014 by ASNA. All rights reserved.
Server side validation
• Takes place during a post back• When the user request requires server resources
• Use in conjunction with client side validation• Malicious users can easily bypass client side validation
• Client side validation provides a better user experience • A more responsive web page
We bring IBM i RPG assets forward 3© 2014 by ASNA. All rights reserved.
Server side validation
• A server side validation design pattern;• Validation rules defined at the domain object model
level
• Each domain entity contains its own specific data validation rules
• A validation class that is reusable by all domain objects
We bring IBM i RPG assets forward 4© 2014 by ASNA. All rights reserved.
The .Net Validator Class
• A helper class for validating objects
• Capable of validating all properties of an object
• Dependent on data annotation attributes
We bring IBM i RPG assets forward 5© 2014 by ASNA. All rights reserved.
The .Net Validator Class
• A member of the System.ComponentModel.DataAnnotations name space
• A static class • Does not require instantiation
• We will utilize the TryValidateObject method
• The DetailsMSDN Validator Class
We bring IBM i RPG assets forward 6© 2014 by ASNA. All rights reserved.
The TryValidateObject Method
• A public method of the Validator class
• Capable of validating all properties of an object
• Returns a value of Type: System.Boolean• true if the object validates; otherwise false
• The Details• MSDN Validator.TryValidateObject Method
We bring IBM i RPG assets forward 7© 2014 by ASNA. All rights reserved.
The TryValidateObject Method • Requires four arguments passed to it;
1. Type: System.Object• The object to Validate
2. Type: ValidationContext Class• The Context that describes the object to validate
3. Type: Collections.Generic.Icollection<ValidationResult>• A Collection to hold each failed validation
4. Type: System.Boolean• true to validate all properties• false only required attributes are validated
We bring IBM i RPG assets forward 8© 2014 by ASNA. All rights reserved.
The Object to Validate
BegClass Customer Access(*Public)
begconstructor Access(*Public)
endconstructor
dclprop Number type(*decimal) access(*public) attributes(Key(), ScaffoldColumn(*false))
dclprop CustomerName type(*string) access(*public) attributes(DisplayAttribute(Name:="Name"), RequiredAttribute(), +
StringLengthAttribute(40, ErrorMessage:="Name cannot be longer than 40 characters"))
dclprop Address type(*string) access(*public) attributes(DisplayAttribute(Name:="Street Address"), RequiredAttribute())
We bring IBM i RPG assets forward 9© 2014 by ASNA. All rights reserved.
The Validation Context Class • Describes the context in which a validation check is performed
• The object to be validated is placed into a context suitable for input to the Validator class
• The object to be validated is passed to the constructor of the Validator class
• The Details
• MSDN Validation Context Class
We bring IBM i RPG assets forward 10© 2014 by ASNA. All rights reserved.
The Validation Result Class
• Represents a container for the results of a validation request
• Properties;• Error Message
• The error message associated with the validation
• Member Name• The name of the property validated
• The Details• MSDN ValidationResult Class
We bring IBM i RPG assets forward 11© 2014 by ASNA. All rights reserved.
A Boolean specifies which properties to validate
• True• Validate all properties
• False• Only required attributes are validated
We bring IBM i RPG assets forward 12© 2014 by ASNA. All rights reserved.
First add a reference to this assembly:
System.ComponentModel.DataAnnotations
Add this using statement:Using System.ComponentModel.DataAnnotations
Coding the Customer Validator Example
We bring IBM i RPG assets forward 13© 2014 by ASNA. All rights reserved.
Unit Test• Visual Studio Test Explorer
• Test Validator
Customer Validator Demonstration