1

I have a .NET Core 3.1 Web API and have multiple controllers and actions. I am using some models in my actions to receive data from request payload (as JSON). I need to verify each JSON input parameter keys with the model in order to prevent parameter tampering.

[HttpPost]
public JsonResult GetData(SelectnObject obj)
{               
    return Ok(JsonConvert.SerializeObject(output));
}

My model is like

public class SelectnObject
{
    public string id { get; set; }
    public string name { get; set; }
}

Here I need to validate 2 things

  1. Validate JSON structure, for example bellow one also valid (duplicated property keys)

    {
   "id": "id1",
   "id": "id2",
   "name": "name1"
}

    For this I got a solution from How to validate json request body as valid json in asp.net core (but here I need a combined solution for the bellow issue also)

  2. Validate all keys before get in to actions (to avoid parameter tampering) - here my input request (SelectnObject) should only contain the valid keys in the model (like id and name). If the request has any modified key, I should not allow to get in to the action. For example

    {
    "idTmp": "id1",
    "name": "name1"
}

    The above request should through some exception because it is altered from 3rd party. Here I want some global configuration for both issues because I have so many actions and controllers.

Can we achieve both in a single custom filter configuration in the API?

Improve this question
9
  • 2
    Which JSON parser you used? Commented Dec 28, 2020 at 11:16
  • Have you considered using anti forgery tokens? Commented Dec 28, 2020 at 11:49
  • @MichaelMao : Newtonsoft.Json Commented Dec 28, 2020 at 12:03
  • 1
    In an existing property or a new property (if it is a new property - no problem, the JSON parser will ignore it anyway)? Plus, who cares if they do add that script tag? HTML encoding will fix that for you if needed. Commented Dec 28, 2020 at 12:09
  • 1
    Have you tried stackoverflow.com/questions/21030712/… ? Commented Dec 28, 2020 at 13:05
Related questions
2
Validating JSON before it gets deserialized in asp.net web api
0
How to force JSON request body to contain some specific parameter in ASP.NET Web API 2
0
Web API 2.0 - Can I pre-parse Json Body before model validation?
Load 7 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.