Sanitize/validate input in ASP.NET 5 and MVC 6












6















Per this page, in ASP.NET 5, you cannot depend on request validation, which I believe was a feature of IIS/ASP.NET. Since ASP.NET 5 can be self-hosted with linux support, we must do it our selves. Sounds good.



The question is, what is the recommend way to do it for ASP.NET 5? Is there a built in MVC 6 attribute that will sanitize/validate? What exactly did the old way detect? Script tags? Style tags?






asp.net-core asp.net-core-mvc sanitization







share|improve this question























  • Regarding the article no difference for asp.net 5. Just use viewmodels with display annotations for the properties.

    – devfric
    Dec 26 '15 at 7:11











  • Before asp.net 5, the request framework itself (httpmodules/handlers) had request validation built in. You could disable it via the web.config, but it was a feature of the handlers in the GAC, used in IIS. I am aware of how to do this myself using model attributes, but so far, there is no official way to do this from Microsoft, and their should be. Perhaps a middleware that intercepts posted form values for site-wide usage by default? Idk. This is very important in web development, and an answer should be provided by Microsoft on how we should do it.

    – Paul Knopf
    Dec 29 '15 at 20:27
















6















Per this page, in ASP.NET 5, you cannot depend on request validation, which I believe was a feature of IIS/ASP.NET. Since ASP.NET 5 can be self-hosted with linux support, we must do it our selves. Sounds good.



The question is, what is the recommend way to do it for ASP.NET 5? Is there a built in MVC 6 attribute that will sanitize/validate? What exactly did the old way detect? Script tags? Style tags?






asp.net-core asp.net-core-mvc sanitization







share|improve this question























  • Regarding the article no difference for asp.net 5. Just use viewmodels with display annotations for the properties.

    – devfric
    Dec 26 '15 at 7:11











  • Before asp.net 5, the request framework itself (httpmodules/handlers) had request validation built in. You could disable it via the web.config, but it was a feature of the handlers in the GAC, used in IIS. I am aware of how to do this myself using model attributes, but so far, there is no official way to do this from Microsoft, and their should be. Perhaps a middleware that intercepts posted form values for site-wide usage by default? Idk. This is very important in web development, and an answer should be provided by Microsoft on how we should do it.

    – Paul Knopf
    Dec 29 '15 at 20:27














6












6








6


1






Per this page, in ASP.NET 5, you cannot depend on request validation, which I believe was a feature of IIS/ASP.NET. Since ASP.NET 5 can be self-hosted with linux support, we must do it our selves. Sounds good.



The question is, what is the recommend way to do it for ASP.NET 5? Is there a built in MVC 6 attribute that will sanitize/validate? What exactly did the old way detect? Script tags? Style tags?






asp.net-core asp.net-core-mvc sanitization







share|improve this question














Per this page, in ASP.NET 5, you cannot depend on request validation, which I believe was a feature of IIS/ASP.NET. Since ASP.NET 5 can be self-hosted with linux support, we must do it our selves. Sounds good.



The question is, what is the recommend way to do it for ASP.NET 5? Is there a built in MVC 6 attribute that will sanitize/validate? What exactly did the old way detect? Script tags? Style tags?






asp.net-core asp.net-core-mvc sanitization




asp.net-core asp.net-core-mvc sanitization






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Dec 25 '15 at 6:56









Paul KnopfPaul Knopf

4,1011754113




4,1011754113













  • Regarding the article no difference for asp.net 5. Just use viewmodels with display annotations for the properties.

    – devfric
    Dec 26 '15 at 7:11











  • Before asp.net 5, the request framework itself (httpmodules/handlers) had request validation built in. You could disable it via the web.config, but it was a feature of the handlers in the GAC, used in IIS. I am aware of how to do this myself using model attributes, but so far, there is no official way to do this from Microsoft, and their should be. Perhaps a middleware that intercepts posted form values for site-wide usage by default? Idk. This is very important in web development, and an answer should be provided by Microsoft on how we should do it.

    – Paul Knopf
    Dec 29 '15 at 20:27



















  • Regarding the article no difference for asp.net 5. Just use viewmodels with display annotations for the properties.

    – devfric
    Dec 26 '15 at 7:11











  • Before asp.net 5, the request framework itself (httpmodules/handlers) had request validation built in. You could disable it via the web.config, but it was a feature of the handlers in the GAC, used in IIS. I am aware of how to do this myself using model attributes, but so far, there is no official way to do this from Microsoft, and their should be. Perhaps a middleware that intercepts posted form values for site-wide usage by default? Idk. This is very important in web development, and an answer should be provided by Microsoft on how we should do it.

    – Paul Knopf
    Dec 29 '15 at 20:27

















Regarding the article no difference for asp.net 5. Just use viewmodels with display annotations for the properties.

– devfric
Dec 26 '15 at 7:11





Regarding the article no difference for asp.net 5. Just use viewmodels with display annotations for the properties.

– devfric
Dec 26 '15 at 7:11













Before asp.net 5, the request framework itself (httpmodules/handlers) had request validation built in. You could disable it via the web.config, but it was a feature of the handlers in the GAC, used in IIS. I am aware of how to do this myself using model attributes, but so far, there is no official way to do this from Microsoft, and their should be. Perhaps a middleware that intercepts posted form values for site-wide usage by default? Idk. This is very important in web development, and an answer should be provided by Microsoft on how we should do it.

– Paul Knopf
Dec 29 '15 at 20:27





Before asp.net 5, the request framework itself (httpmodules/handlers) had request validation built in. You could disable it via the web.config, but it was a feature of the handlers in the GAC, used in IIS. I am aware of how to do this myself using model attributes, but so far, there is no official way to do this from Microsoft, and their should be. Perhaps a middleware that intercepts posted form values for site-wide usage by default? Idk. This is very important in web development, and an answer should be provided by Microsoft on how we should do it.

– Paul Knopf
Dec 29 '15 at 20:27












1 Answer
1






active

oldest

votes


















0














I recommend FluentValidation for ASP.NET 5: 



public class PersonValidator : AbstractValidator<Person> {

    public PersonValidator() {

        RuleFor(x => x.Id).NotNull();

        RuleFor(x => x.Name).Length(0, 10);

        RuleFor(x => x.Email).EmailAddress();

        RuleFor(x => x.Age).InclusiveBetween(18, 60);

    }

}


https://fluentvalidation.net/aspnet#asp-net-mvc-5






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f34460724%2fsanitize-validate-input-in-asp-net-5-and-mvc-6%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    I recommend FluentValidation for ASP.NET 5: 



    public class PersonValidator : AbstractValidator<Person> {
    
    public PersonValidator() {
    
        RuleFor(x => x.Id).NotNull();
    
        RuleFor(x => x.Name).Length(0, 10);
    
        RuleFor(x => x.Email).EmailAddress();
    
        RuleFor(x => x.Age).InclusiveBetween(18, 60);
    
    }
    
}


    https://fluentvalidation.net/aspnet#asp-net-mvc-5






    share|improve this answer




























      0














      I recommend FluentValidation for ASP.NET 5: 



      public class PersonValidator : AbstractValidator<Person> {
      
    public PersonValidator() {
      
        RuleFor(x => x.Id).NotNull();
      
        RuleFor(x => x.Name).Length(0, 10);
      
        RuleFor(x => x.Email).EmailAddress();
      
        RuleFor(x => x.Age).InclusiveBetween(18, 60);
      
    }
      
}


      https://fluentvalidation.net/aspnet#asp-net-mvc-5






      share|improve this answer


























        0












        0








        0







        I recommend FluentValidation for ASP.NET 5: 



        public class PersonValidator : AbstractValidator<Person> {
        
    public PersonValidator() {
        
        RuleFor(x => x.Id).NotNull();
        
        RuleFor(x => x.Name).Length(0, 10);
        
        RuleFor(x => x.Email).EmailAddress();
        
        RuleFor(x => x.Age).InclusiveBetween(18, 60);
        
    }
        
}


        https://fluentvalidation.net/aspnet#asp-net-mvc-5






        share|improve this answer













        I recommend FluentValidation for ASP.NET 5: 



        public class PersonValidator : AbstractValidator<Person> {
        
    public PersonValidator() {
        
        RuleFor(x => x.Id).NotNull();
        
        RuleFor(x => x.Name).Length(0, 10);
        
        RuleFor(x => x.Email).EmailAddress();
        
        RuleFor(x => x.Age).InclusiveBetween(18, 60);
        
    }
        
}


        https://fluentvalidation.net/aspnet#asp-net-mvc-5







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 20 '18 at 12:19









        RebeccaRebecca

        9,7101068111




        9,7101068111
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f34460724%2fsanitize-validate-input-in-asp-net-5-and-mvc-6%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to pass form data using jquery Ajax to insert data in database?

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 1 I have 4 tables namely stud, country_master_academic,master_state and master_city. The main problem is that my form consists of many different fields like textbox, radio buttons, dropdown and an image file, so i am getting really confused. I can't insert data in database. Please help me. I tried many times but its not working. Thanks for the help in advance. Modal in home.php page <div class="container"> <div class="modal fade" id="add_data_modal" role="dialog"> <div class="modal-dialog"> <div class="modal-content"> ...
            Read more

            National Museum of Racing and Hall of Fame

            Image
            Coordinates: 43°04′35″N 73°46′24″W  /  43.0763°N 73.7734°W  / 43.0763; -73.7734 Professional sports hall of fame in Saratoga Springs, New York National Museum of Racing and Hall of Fame National Museum of Racing and Hall of Fame Established 1951 Location Saratoga Springs, New York Type Professional sports hall of fame Director Cathy Marino Curator Victoria Tokarowski Website racingmuseum.org The National Museum of Racing and Hall of Fame was founded in 1951 in Saratoga Springs, New York, to honor the achievements of American Thoroughbred race horses, jockeys, and trainers. In 1955, the museum moved to its current location on Union Avenue near Saratoga race course, at which time inductions into the hall of fame began. Each spring, following the tabulation of the final votes, the announcement of new inductees is made, usually during Kentucky Derby Week in early May. The actual inductions are held in mid-August during the Saratoga race meeting...
            Read more

            Guess what letter conforming each word

            Image
            6 $begingroup$ This is an entry in the Fortnightly Topic Challenge #41: Short and Sweet. 1 letter only could be mean anything . With an additional letter in front , could be used as medicine component and something you definitely learn or at least heard once. Add another letter in front , you would possibly hear that many times . Add an additional letter in front , you would found an independent country . With an additional letter, in the end , you would found something related to apple . Add another letter in the end , you would found something bad . Hint: Each letter is unique . word knowledge letters chemistry share | improve this question ...
            Read more