WebApi过滤器使用和请求实体合法性验证

1、 在WebApiConfig中注册 请求数据处理（如做签名认证）注册 （继承MessageProcessingHandler）

2、 在WebApiConfig中注册 对请求数据实体注解验证注册（继承ActionFilterAttribute）

3、 在WebApiConfig中注册  如红色部分

public static void Register(HttpConfiguration config)
        {           
            var jsonFormatter = new JsonMediaTypeFormatter {
                UseDataContractJsonSerializer = false
            };
            var serializerSettings = jsonFormatter.SerializerSettings;       
            config.Services.Replace(typeof(IContentNegotiator), new JsonContentNegotiator(jsonFormatter));

           // Web API 路由
            config.MapHttpAttributeRoutes();

            config.Routes.MapHttpRoute(
                name: "DefaultApi",
                routeTemplate: "api/{controller}/{id}",
                defaults: new { id = RouteParameter.Optional }
            );
             // 对请求数据做验证处理
            config.MessageHandlers.Add(new CmbMessageProcesssingHandler ());
             // 对接收的实体对象参数做合法性验证         
            config.Filters.Add(new CmbActionFilterAttribute());
            config.Filters.Add(new ExceptionFilterAttribute());
        }

　　

4、详细说明 CmbMessageProcesssingHandler和CmbActionFilterAttribute

CmbMessageProcesssingHandler：对请求数据和响应数据做处理  
public class CmbMessageProcesssingHandler : MessageProcessingHandler
    {
        private static readonly ILog Logger = LogManager.GetLogger(typeof(CmbMessageProcesssingHandler));

 // 数据结构 不是重点
        protected class AbcDataTransferDto
        {
            public string VisitCode { get; set; }

            public string Sign { get; set; }

            public string Content { get; set; }
        }

// 请求数据做处理是重点
        protected override HttpRequestMessage ProcessRequest(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var contentType = request.Content.Headers.ContentType;
            var stringContent = string.Empty;
            var formData = request.Content.ReadAsFormDataAsync(cancellationToken).Result;
           

            var sign = formData.Get("Sign");
            var visitCode = formData.Get("VisitCode");
            var content = formData.Get("Content");

            if (!string.IsNullOrWhiteSpace(sign) && !string.IsNullOrWhiteSpace(visitCode) && !string.IsNullOrWhiteSpace(content))
            {
                var baseContent = CommonUtils.RijndaelDecrypt(content, Consts.EncryptKey);
                if (VertifySign(visitCode, baseContent, sign))
                {
                    stringContent = baseContent;
                    Logger.Info($"api 接口请求参数解密报文：{stringContent}");
                }
                else
                {
                    Logger.Error($"api 接口请求参数签名无效：{request.Content.ReadAsStringAsync().Result}");
                }
            }
            else
            {
                Logger.Error($"api 接口请求参数格式无效：{request.Content.ReadAsStringAsync().Result}");
            }

            // 将解密后的BODY数据 重置
            request.Content = new StringContent(stringContent);
            //此contentType必须最后设置 否则会变成默认值
            // contentType.MediaType = "application/json"; 当实际内容content是json时 Sing=22&VisitCode=ssss&Content=加密({"/Yurref":22,"/Dbtacc"/:yinghang01})
            //当实际内容content是Yurref=22&Dbtacc=yinghang01 时 application/x-www-form-urlencoded   Sing=22&VisitCode=ssss&Content=加密(Yurref=22&Dbtacc=yinghang01)不修改情况content-type:application/x-www-form-urlencoded  现在是这种方案
            request.Content.Headers.ContentType = contentType;
            return request;
        }
// 响应数据做处理是重点
        protected override HttpResponseMessage ProcessResponse(HttpResponseMessage response, CancellationToken cancellationToken)
        {
            if (response.StatusCode != HttpStatusCode.OK)
                return response;
            var result = response.Content.ReadAsStringAsync().Result;
            var visitCode = Consts.VisitCode;//后续可以考虑随机颁发
            var encodeResult = CommonUtils.RijndaelEncrypt(result, Consts.EncryptKey);
            var dto = new AbcDataTransferDto {
                VisitCode = visitCode,
                Content = encodeResult,
                Sign = GetEncryptSign(visitCode, result)
            };
            response.Content = new StringContent(JsonConvert.SerializeObject(dto));
            return response;
        }        
}

5、 CmbActionFilterAttribute:对请求实体对象验证做处理

public class CmbActionFilterAttribute : ActionFilterAttribute
    {
        private static readonly ILog Logger = LogManager.GetLogger(typeof(CmbActionFilterAttribute));

        public override void OnActionExecuting(HttpActionContext actionContext)
        {
            base.OnActionExecuting(actionContext);
            // 查看接收到的实体对象各属性是否合法
            if (actionContext.ModelState.IsValid)
                return;
            var errorMessage = actionContext.ModelState.ErrorMessage();
            Logger.Error($"模型绑定参数验证无效-RequestUri:{actionContext.Request.RequestUri} errorMessage:{errorMessage}");
            // 如果不合法直接返回 结果信息
            actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.OK, new {
                status = -1,
                message = errorMessage
            });
        }
    }
补充说明如实体对象验证信息
        /// <summary>
        /// 业务参考号
        /// </summary>  
        [Required(AllowEmptyStrings = false, ErrorMessage = "业务参考号不能为空")]
        [StringLength(30, ErrorMessage = "业务参考号长度无效，最多30位")]
        public string Yurref { get; set; }