Adrian Hall

PM/Architect at Microsoft Developer Division. All opinions expressed are my own and may not reflect my employer.

6 minute read

There are times when I look at code I have written and think to myself “there has to be a better way.” When I start thinking like this, I start by looking at the documentation - the .NET official documentation is incredibly well written and simple to digest, and the fundamentals section is something I believe every language documentation should aspire to. Take exceptions, for example. When I started my career in software development, methods were written with a block of validations at the top. I couldn’t be certain if bad data was going to creep in somewhere, so I checked all arguments religiously. Then I added tests for each of those validations.

These days, it’s much simpler. Today I want to show you how I leverage data annotations, custom exception handlers, and extension methods to make my code readable and predictable, yet also fully testable without a mountain of tests for validation.

Parameter validation the hard way

Let’s take you back to the beginning of time. How did I start doing argument validation? I wrote something like this:

public void myMethod(string arg)
{
  if (arg == null)
  {
    throw new ArgumentNullException(nameof(arg));
  }
  if (string.IsNullOrEmpty(arg))
  {
    throw new ArgumentException("Argument is empty", nameof(arg));
  }
}

This is an incredibly naive way of writing a method for a number of reasons. The main one, however, is that you have to test all these conditions individually for every single method you write. This leads to an explosion of tests and your development energy is better spent elsewhere. As the number of arguments (and validations) increases, the code also becomes unreadable.

Improving data validation

Eventually, I switched to a static class:

public static class Arguments
{
  public static IsNotNullOrEmpty(string arg, string paramName)
  {
    if (arg == null)
    {
      throw new ArgumentNullException(paramName);
    }
    if (string.IsNullOrEmpty(arg))
    {
      throw new ArgumentException("Argument is empty", paramName);
    }
  }
}

Centralizing the argument handling makes the code much more readable. It also means I can write unit tests for the central arguments class and ignore testing individual methods, resulting in a smaller unit test footprint and more time spent writing the code that matters. In fact, the core team noticed that there were some common validations, like null checks, and they built them into the exception classes:

public void myMethod(string arg)
{
  ArgumentNullException.ThrowIfNullOrEmpty(arg, nameof(arg));
}

Best practices for parameter validation

Putting the checker for the arguments with the ArgumentException makes a whole lot of sense! Unfortunately, ArgumentException is a core class, so I can’t extend it with a new static method. Fortunately, it’s relatively easy to create new exception classes. Here is one I use all the time:

using System.ComponentModel.DataAnnotations;

public class ArgumentValidationException : ArgumentException
{
  public ArgumentValidationException() : base() { }
  public ArgumentValidationException(string? message) : base(message) { }
  public ArgumentValidationException(string? message, Exception? innerException) : base(message, innerException) { }
  public ArgumentValidationException(string? message, string? paramName) : base(message, paramName) { }
  public ArgumentValidationException(string? message, string? paramName, Exception? innerException) : base(message, paramName, innerException) { }

  public IList<ValidationResult>? ValidationErrors { get; private set; }

  public static void ThrowIfNotValid(object? value, string? paramName)
    => ThrowIfNotValid(value, paramName, "Object is not valid");

  public static void ThrowIfNotValid(object? value, string? paramName, string? message)
  {
    ArgumentNullException.ThrowIfNull(value, paramName);
    List<ValidationResult> results = [];
    if (!Validator.TryValidateObject(value, new ValidationContext(value), results, validateAllProperties: true))
    {
      throw new ArgumentValidationException(message, paramName) { ValidationErrors = results };
    }
  }
}

This exception is designed to be thrown when an input variable with data annotations isn’t valid.

I use data annotations a lot - even outside ASP.NET Core. Let’s say I have a model where each value has a range of valid values. I might write this model class like this:

public class PaginationRequest
{
  private int _skip = 0, _take = Constants.MaxPageSize;

  public int Skip
  {
    get => _skip;
    set
    {
      ArgumentOutOfRangeException.ThrowIfLessThan(value, 0, nameof(Skip));
      _skip = value;
    }
  }

  public int Take
  {
    get => _take;
    set
    {
      ArgumentOutOfRangeException.ThrowIfLessThanOrEqual(value, 0, nameof(Take));
      ArgumentOutOfRangeException.ThrowIfGreaterThan(value, Constants.MaxPageSize, nameof(Take));
      _take = value;
    }
  }
}

The use of a backing variable just for range checking doesn’t seem right to me, and I need to write two model classes - one for doing data validation in the ASP.NET Core application that doesn’t throw, and one for using in the rest of the system that does throw an exception.

So if this is bad, what’s the alternative? I use data annotations:

public class PaginationRequest
{
  [GreaterThanOrEqual(0, ErrorMessage = "The Skip value must be positive")]
  public long Skip { get; set; } = 0;

  [Range(0, Constants.MaxPageSize, ErrorMessage = "The Take value must be between 0 and the maximum page size")]
  public long Take { get; set; } = Constants.MaxPageSize;
}

Firstly, can we appreciate how much easier to read this code is. I can easily discern the range of valid values and the default value without jumping away. Consider a model that is much larger and you will start to see the benefits. What is not so obvious is that I can use the same model class for both a controller and a service. In a controller, bad input is a fairly common occurence and it’s considered bad form to throw exceptions for normal situations. I can write my controller like this:

public async Task<IActionResult> GetModelsAsync([FromQuery] PaginationRequest request, CancellationToken ct = default)
{
  // Good version
  if (!ModelState.IsValid)
  {
    return BadRequest(ModelState)
  }
}

In a service, I want to throw an exception on a validation error. I can use the ArgumentValidationException I developed earlier:

public async Task<IEnumerable<Model>> GetModelsAsync(PaginationRequest request, CancellationToken ct = default)
{
  ArgumentValidationException.ThrowIfNotValid(request, nameof(request));
  // Rest of my method goes here
}

Because the ArgumentValidationException is also an ArgumentException, tests that use this (including try/catch blocks elsewhere in the app) will happily understand that an argument was at fault. If one of my methods actually needs to know the validation errors, then I can see the validation errors in the exception object through the debugger.

Avoid using exceptions in ASP.NET Core Controllers and Minimal APIs

Exceptions should be used for “extraordinary” situations that cannot be resolved in other ways. Data validation errors are common and expected, so they should be handled as such. See the advice on exceptions from the dotNET team for more information.

Using data annotations and my validation exception allows me to avoid using backing variables for my models, yet still allow for throwing or validation checks in the right way. This leads me to my final extension method - the validator:

public static ValidatorExtensions
{
  public static bool IsValid(this object value, [NotNullWhen(false)] out IList<ValidationResult>? validationErrors)
  {
    List<ValidationResult> results = [];
    if (!Validator.TryValidateObject(value, new ValidationContext(value), results, validateAllProperties: true))
    {
      validationErrors = results;
      return false;
    }
    return true;
  }
}

I think this is what .TryValidateObject() should look like. Most of the time, this is the code I want to run when I am validating an object. I can easily validate three different ways now, depending on my needs:

// Throw if not valid
ArgumentValidationException.ThrowIfNotValid(request, nameof(request));

// Test for validation and handle errors
if (!request.IsValid(out var validationErrors))
{
  // Handle validation errors here
}

// Within a controller
if (!ModelState.IsValid) 
{
  // Handle validation errors here
}

Each form is testable without an explosion of tests that are there just to test validation logic. The validation logic is also well-known (use data annotations) which makes the code very readable.

Final thoughts

Extension methods, custom data annotations, and custom exception classes with static validators are three techniques I use on a regular basis to make my code more readable and to ensure that I have great test coverage for everything. I used to have a growing collection of data annotations, but I found that someone has inevitably written a data annotation that I can use in my project.

My final thought of this blog. Occassionally, I am reminded of a fundamental feature of dotNET that I had forgotten about. It’s always worth reading .NET Fundamentals on a regular basis. Things do get updated and the updates are inevitably good guidance that improves your productivity. If you ever stare at your code and think “there has to be a better way to express this!”, there probably is and you will likely find it in the documentation.

Further reading

Leave a comment

You may also enjoy

Local development for the cloud: Transitioning to .NET Aspire

14 minute read

I’ve been working on a new project recently. It requires that I work with microservices and containers as it will eventually be runnable on either Kubernetes or (more likely) Azure Container Apps. My latest bit is to get ASP.NET identity working with PostgreSQL. And here lies a problem. In order to properly debug the code, I need the ASP.NET bits to be running locally. But to integrate wit...

ASP.NET Identity deep dive - Part 2 (Registration)

12 minute read

This article is one of a number of articles I will write over the coming month and will go into depth about the ASP.NET Identity system. My outline thus far: Project setup. Account registration. Signing in and out with a username and password. Password reset. Email confirmations. Social logins. Two-factor authentication. Going passwordless with magic links. As you may remem...

Enforcing code style with eslint, prettier, and husky

14 minute read

You may have noticed that I am developing a new project from my last couple of articles: TypeScript, ES Modules, and root-relative imports Building TypeScript projects with the swc compiler The project is a command line tool written in TypeScript and will be distributed on npmjs.org eventually. I’m still working on the application, so it will be a while before it’s released. Today, I’m ...

The State of React state management in 2024

13 minute read

I’ve been away from React development for a while. I stupidly asked what the best way to create a React app was in 2024 on the React subreddit, and found that reddit is not a friendly or welcoming community. For those wondering, there are three ways of creating a React app - Vite, Remix, and NextJS - but the community suggests Vite. Given the somewhat frosty reception I got on the React subre...