La validación de ModelBinder se interrumpe en getter usando la reflexión

I've ran across a problem which seems to be related to reflection and model binder validation, and FormatterParameterBinding.ExecuteBindingAsync(..) in particular, and though I can use a Method to do what I want I would prefer it if I could use a Property.

Here I'm looking for some insight into the model binder validation process, why I am unable to do what I want and how I can fix the problem, or get around it.

La puesta en marcha

public class ModelBindingValidationBreaker
{
    public ModelBindingValidationBreaker()
    {
        Properties = new List<string>();
    }

    public int A { get; set; }
    public int B { get; set; }
    public IList<string> Properties { get; set; }

    /*// Uncomment to break the model binder validation!
    public IList<PropertyInfo> PropertyInfos
    {
        get
        {
            return GetType()
                .GetProperties()
                .Where(pi => Properties.Contains(pi.Name))
                .ToList();
        }
    }//*/

    public IList<PropertyInfo> GetPropertyInfos()
    {
        return GetType()
            .GetProperties()
            .Where(pi => Properties.Contains(pi.Name))
            .ToList();
    }

    public IList<int> LetterCounts
    {
        get
        {
            return Properties.Select(p => p.Length).ToList();
        }
    }
}

And a controller with a post action defined like this

public void Post(ModelBindingValidationBreaker breaker){...}

Call it with this kind of json:

{
    "Properties": [
        "A"
    ],
    "A": 1,
    "B": 2
}

If you step into the action you can see that the breaker is correctly instantiated and you can call GetPropertyInfos() sin ningún problema.

How it breaks

However, if you uncomment the PropertyInfos property, the model binder validation breaks. I added a simple tracer to figure this out. It shows the following relevant output:

System.Web.Http.Action: ApiControllerActionSelector;SelectAction;Selected action 'Post(ModelBindingValidationBreaker breaker)'
System.Web.Http.ModelBinding: HttpActionBinding;ExecuteBindingAsync;
System.Web.Http.ModelBinding: FormatterParameterBinding;ExecuteBindingAsync;Binding parameter 'breaker'
System.Net.Http.Formatting: JsonMediaTypeFormatter;ReadFromStreamAsync;Type='ModelBindingValidationBreaker', content-type='application/json'
System.Net.Http.Formatting: JsonMediaTypeFormatter;ReadFromStreamAsync;Value read='OverPostCount.Models.ModelBindingValidationBreaker'
System.Web.Http.ModelBinding: FormatterParameterBinding;ExecuteBindingAsync;
System.Web.Http.ModelBinding: HttpActionBinding;ExecuteBindingAsync;
System.Web.Http.Controllers: CustomController;ExecuteAsync;
System.Net.Http.Formatting: DefaultContentNegotiator;Negotiate;Type='HttpError', formatters=[JsonMediaTypeFormatterTracer, FormUrlEncodedMediaTypeFormatterTracer, FormUrlEncodedMediaTypeFormatterTracer]

Which contains this line instead, when you exclude the offending get_PropertyInfos:

System.Web.Http.ModelBinding: FormatterParameterBinding;ExecuteBindingAsync;Parameter 'breaker' bound to the value 'OverPostCount.Models.ModelBindingValidationBreaker'

Adición DataContract, and related attributes like [IgnoreDataMember] on Properties does not fix the problem. Neither does [Bind(Exclude="Properties")] from the mvc namespace. Linq does not seem to be the problem, since LetterCount does not break the model binder validation.

Mis preguntas

  1. Why does the PropertyInfos getter break the model binder validator?
  2. Is this a bug in the Asp.NET web-api?
  3. Is there a way to prevent this breakage through attributes, a custom model binder validator, service or similar?

Basically I don't want to turn off model binding validation for the whole class or controller, but if I could turn it off for the Properties property, that would be great!

preguntado el 31 de julio de 12 a las 11:07

I wonder why I even bother asking non-trivial questions on SO. People just want to grind points and don't really care about helping anyhow it seems. -

1 Respuestas

As a general rule you should avoid using complex classes like PropertyInfos that have properties with other complex types...in classes used for model binding, but you should use just simple classes that contains JUST THE PROPERTIES you need for the model binding process, moreover the whole object graph should contain no loops. Model binding process analyze the type of properties for different purposes (validation attributes, etc.) an i may recusrively analyze the sub-properties of contained in the type of eac property...so complex .net classes containing loops and a lot of other .net types may break it. Try making the property PropertyInfos internal or turn it into a method so it shgould not be processed, by any model binder component.

Respondido 08 ago 12, 09:08

That's very unsatisfying to be honest. What I'm hearing is that I should only use dumb classes, structs really, for all my model binding, meaning for all my models. Meaning I'm being forced to use dumb DTO's. That may be best pracitice and recommended. But what if that doesn't fit my scenario? C# is an oo language and I should be allowed to bind to smart classes with complex properties. The least they could offer is a way to disable model binding validation for specific properties through attributes, for rebels like me. - Gaute Loken

What exactly is it the model binder is doing that requires it to go into my getter and what causes it to break? When I have IgnoreDataMemberAttribute on it, it's not being bound so it shouldn't be validated, and the code shouldn't break. Looks unfinished to me. - Gaute Loken

you are looking at the problem from the wrong perpspective. You are not limited to use struct! What is not recommended is using complex business classes in the presntation layer. In the presentation layer you work with viewmodels, not with business classes. You are free to add complkexity that you need in the presentation layer. The model binding process involve a tree of objects(subobjects contained in properties). Loops are not allowed since all algorithms are not able to recognize to properties point to the same object and duplicate it. - francesco abruzzese

The model binding and validation algorithms explore recursively the object tree to find validation attributes and metadata. This means that if you use properties whose datatype is a complex system type with hundreds of properties, that complex datatype is explored recursively with all its properties...and the probability that it contains loops or that you go into a security issue (if you dont run with full thrust) is almost 100% - francesco abruzzese

Ignore attributes should affect just the serialization deserialization stage, not the validation. - francesco abruzzese

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.