Join Jess Chadwick for an in-depth discussion in this video Validating form post data, part of ASP.NET Core: Razor Pages.
- [Instructor] Now that I've shown how to use Razor Pages to create a form and post date it back to the server, let's look at how we can put some restrictions in place to control what kinds of data the users are allowed to post to avoid things that don't make sense, like creating a recipe without a name. There are two aspects that go into validating form data. First, you've got to define the validation rules then you've got to apply those rules against the form when users attempt to post data back to the server.
Defining rules in an ASP.net core web application is very straight forward. All that is required for most cases is to place one of ASP.net cores many validation attributes on the property and the model that you wish to validate. These attributes come right out of the box and you can find them in the system.componentmodel.dataannotations main space. For instance, I don't want a recipe to ever have an empty name.
In order to keep this from occurring, there are actually two attributes I can use; the required attribute or the minLength attribute. As it's name suggest, the required attribute will ensure that the name is not empty during validation. And while I'm at it, I'll go ahead and add this to all the other properties as well since I don't want any of them to be empty either or in addition to the required attribute, I could be a little more specific and use the minLength attribute to require that the recipe name be at least some characters long, say five.
Likewise, I can apply the maxLength attribute to ensure that a recipe name is no longer than a certain number of characters. I'll set mine to 100. Or if this seems a little too verbose to you, you can combine both the min and max length attributes. With a single string length attribute. This attribute takes the maximum length first and then you can set the minimum length as a property.
Note that all of these validation attributes also have an optional property named error message that allow you to specify the message that will be displayed to the user when this rule is violated. For example, when the user enters a name that is less than five characters or over a hundred characters, I can let them know my own language instead of ASP.net's default boring wording. To provide my own message, I'll just set the value of the error message property to a string containing the text I'd like to display.
And it's important to note these are only a few and the most common of the validation attributes available to you. And I encourage you to read Microsoft's documentation of the system.componentmodel.dataannotations main space to learn about all the others. Once you've got your model all decorated with the appropriate validation attributes, it's time to apply them to the form. To do this, I'll head over to the on post, a sync method that is processing the posted data, the interesting thing about validating a model with these validation attributes applied, is that you don't actually have to do anything to validate them.
Razor Page's model binding frame work validates them automatically as it performs its binding. That means that by the time the on post day sync method runs, any models using the bind property attribute approach of model binding have already been bound. In order to see whether there are any validation errors in these bindings, you can check the model state property on the page model.
Specifically, you'll want to inspect the IS valid property on the model state. If this property is false that means they were validation errors in which case you'll probably want to send the user back to the page to correct their mistakes. Don't worry, when taking this approach, the ASP four tag helpers will automatically re-populate all of the form fields for you with the data the user just posted.
So none of their changes will be lost. Now that I've shown you how to apply validation rules on the server the next step is to provide feedback to the user about which validation rules they've broken so that being sent back to the page isn't so confusing.
- Creating a new application
- Setting up pages
- Rendering dynamic content
- Reusing markup with layouts
- Increasing the maintainability of pages
- Processing data
- Validating input
- Securing an application