1 Introduction: The Case for Fluent Validation
Validation sits at the heart of every enterprise-grade system. Whether you’re processing user sign-ups, orchestrating financial transactions, or enforcing compliance checks, validation ensures that only correct and meaningful data enters your system. But how we implement validation has evolved. Relying on attributes alone worked for simple scenarios, but today’s business domains are messy, conditional, and full of exceptions. This is where FluentValidation shines—a flexible, testable, and expressive framework that elevates validation from scattered attributes to a coherent, maintainable architecture.
1.1 Beyond Attributes
For many developers, the first exposure to validation in .NET is through System.ComponentModel.DataAnnotations. Attributes like [Required], [StringLength], or [Range] are easy to sprinkle onto models, and they integrate nicely with ASP.NET Core’s model binding. On the surface, it feels like the problem is solved. But as soon as business rules get complex, cracks appear.
-
Lack of Testability Data annotations are metadata baked into the model. You can’t easily invoke them in isolation during unit tests. At best, you rely on reflection-heavy APIs or custom frameworks. This hinders clean TDD/BDD workflows.
-
Mixing Concerns Models become cluttered with validation attributes, often alongside serialization, ORM mappings, and domain logic. Suddenly, a simple DTO becomes a god object with too many responsibilities.
-
Limited Conditional Logic Attributes are inherently declarative and static. Expressing conditions like “PhoneNumber is required only if ContactMethod = Phone” is awkward or impossible without custom attributes, which quickly devolve into brittle spaghetti code.
-
Poor Reusability Need to validate the same rule across multiple models? With attributes, you either duplicate logic or write more custom attributes—both anti-patterns.
Example: Attribute-Heavy Model
public class RegistrationModel
{
[Required]
[StringLength(50, MinimumLength = 3)]
public string Username { get; set; }
[Required]
[EmailAddress]
public string Email { get; set; }
[Required]
[Compare("ConfirmPassword")]
public string Password { get; set; }
[Required]
public string ConfirmPassword { get; set; }
}At first glance, this looks fine. But what if password complexity rules change every six months? What if validation must differ between internal admins and external customers? Attributes quickly become a straitjacket.
1.2 The FluentValidation Philosophy
FluentValidation takes a different path, rooted in three guiding principles:
-
Separation of Concerns Validation belongs in validators, not tangled with DTOs or entities. This keeps your models lean and your validation logic centralized.
-
Expressive, Fluent Syntax Instead of attributes, rules are written in a fluent API that reads almost like prose. Complex conditions, custom logic, and cross-property checks become natural to express.
-
Testability and Maintainability Validators are just classes. They can be instantiated, tested, mocked, and composed like any other C# type. This lowers friction when evolving business rules.
-
Powerful Features for Real Projects Out of the box, FluentValidation supports async validation, conditional rules, child object graphs, collections, localization, and integration with ASP.NET Core. This isn’t an academic tool; it’s built for enterprise-grade systems.
Example: FluentValidation Style
public class RegistrationValidator : AbstractValidator<RegistrationModel>
{
public RegistrationValidator()
{
RuleFor(x => x.Username)
.NotEmpty()
.Length(3, 50);
RuleFor(x => x.Email)
.NotEmpty()
.EmailAddress();
RuleFor(x => x.Password)
.NotEmpty()
.MinimumLength(8)
.Matches("[A-Z]").WithMessage("Password must contain at least one uppercase letter.");
RuleFor(x => x.ConfirmPassword)
.Equal(x => x.Password).WithMessage("Passwords do not match.");
}
}Notice how the rules are isolated, expressive, and easily testable. No clutter on the model itself. Adding complexity or conditions is just a few more fluent calls away.
1.3 What You Will Learn
This guide is structured as both a deep dive and a reference companion. By the end, you’ll know not just how to use FluentValidation, but why to apply certain patterns over others. Specifically, we’ll explore:
- Fundamentals of creating validators and integrating them into ASP.NET Core.
- Handling complex business rules like cross-property validation, conditional logic, and async rules.
- Building maintainable and reusable validators through custom property validators, extension methods, and composition.
- Leveraging rule sets for contextual validation (e.g., Create vs. Update workflows).
- Fine-tuning ASP.NET Core integration to produce API responses that front-end teams actually want.
- Making validation messages localizable for international users.
- Embedding validation in enterprise architectures like CQRS with MediatR, along with performance and testing best practices.
Think of this as a journey from basics to enterprise readiness, with practical, runnable examples at every step.
1.4 Prerequisites & Setup
This guide assumes you’re comfortable with modern .NET (8 or 9) and building ASP.NET Core APIs. To follow along, you’ll need:
-
Development Environment
- .NET 8 or later installed.
- An ASP.NET Core Web API project (Minimal APIs or MVC—examples will cover both).
- An IDE like Visual Studio, Rider, or VS Code.
-
NuGet Packages Install FluentValidation and the ASP.NET Core integration package:
dotnet add package FluentValidation.AspNetCore -
Minimal Setup In your
Program.cs, wire FluentValidation into the ASP.NET Core pipeline:builder.Services.AddControllers() .AddFluentValidationAutoValidation() .AddFluentValidationClientsideAdapters(); builder.Services.AddValidatorsFromAssemblyContaining<Program>();This setup ensures validators are automatically discovered and executed during model binding.
With that foundation, let’s take a quick refresher on the core mechanics of FluentValidation before diving into advanced patterns.
2 FluentValidation Fundamentals (A Quick Refresher)
Before tackling async rules, rule sets, and enterprise-level patterns, let’s establish a strong foundation. FluentValidation is conceptually simple: you define validators, attach rules, and integrate them into your pipeline. Yet, understanding the idioms early will save you from awkward missteps later.
2.1 Creating Your First Validator
Every validator in FluentValidation inherits from AbstractValidator<T>, where T is the type being validated. Inside the constructor, you declare rules using the fluent API.
Example: Simple Product Validator
public class Product
{
public string Name { get; set; }
public decimal Price { get; set; }
public int Stock { get; set; }
}public class ProductValidator : AbstractValidator<Product>
{
public ProductValidator()
{
RuleFor(x => x.Name)
.NotEmpty()
.Length(2, 100);
RuleFor(x => x.Price)
.GreaterThan(0);
RuleFor(x => x.Stock)
.GreaterThanOrEqualTo(0);
}
}This validator ensures that:
- A product must have a non-empty name between 2–100 characters.
- Price must be positive.
- Stock cannot be negative.
To run this validator manually:
var validator = new ProductValidator();
var result = validator.Validate(new Product { Name = "", Price = -5, Stock = -1 });
if (!result.IsValid)
{
foreach (var error in result.Errors)
{
Console.WriteLine($"{error.PropertyName}: {error.ErrorMessage}");
}
}Output:
Name: 'Name' must not be empty.
Price: 'Price' must be greater than '0'.
Stock: 'Stock' must be greater than or equal to '0'.2.2 The RuleFor Powerhouse
At the core of every validator is RuleFor. This method defines a rule for a specific property. The fluent chain that follows specifies constraints.
Common Built-In Validators
NotEmpty()/NotNull()Length(min, max)EmailAddress()GreaterThan(value)/GreaterThanOrEqualTo(value)LessThan(value)/LessThanOrEqualTo(value)Matches(regex)for regular expressionsCreditCard(),Url(),InclusiveBetween(min, max)and many more
Example: User Validator
public class User
{
public string Email { get; set; }
public int Age { get; set; }
}
public class UserValidator : AbstractValidator<User>
{
public UserValidator()
{
RuleFor(x => x.Email)
.NotEmpty()
.EmailAddress();
RuleFor(x => x.Age)
.InclusiveBetween(18, 120);
}
}This reads almost like a requirements document: Email must not be empty and must be a valid email. Age must be between 18 and 120.
Incorrect vs Correct Example
Incorrect
RuleFor(x => x.Email).NotEmpty().WithMessage("Email is required");
RuleFor(x => x.Email).EmailAddress().WithMessage("Invalid email");Here, the same property has two separate RuleFor calls. While valid, this can lead to duplicated configuration and inconsistency.
Correct
RuleFor(x => x.Email)
.NotEmpty().WithMessage("Email is required")
.EmailAddress().WithMessage("Invalid email");Chaining rules keeps logic cohesive and readable.
2.3 Basic ASP.NET Core Integration
Running validators manually is useful in libraries or background services, but in ASP.NET Core APIs, you want validation to happen automatically during request handling. FluentValidation integrates seamlessly with model binding.
Setting Up Auto Validation
In Program.cs:
builder.Services.AddControllers()
.AddFluentValidationAutoValidation()
.AddFluentValidationClientsideAdapters();
builder.Services.AddValidatorsFromAssemblyContaining<Program>();AddFluentValidationAutoValidation()wires FluentValidation into ASP.NET Core’s model validation pipeline.AddValidatorsFromAssemblyContaining<T>()registers all validators in the given assembly.
Example: Automatic Validation in a Controller
[ApiController]
[Route("api/[controller]")]
public class ProductsController : ControllerBase
{
[HttpPost]
public IActionResult Create(Product product)
{
// At this point, FluentValidation has already validated `product`.
// If invalid, ASP.NET Core automatically returns a 400 with problem details.
return Ok(product);
}
}If the request body is invalid:
POST /api/products
{
"name": "",
"price": -10,
"stock": -5
}Response:
{
"errors": {
"Name": ["'Name' must not be empty."],
"Price": ["'Price' must be greater than '0'."],
"Stock": ["'Stock' must be greater than or equal to '0'."]
}
}Minimal API Integration
For Minimal APIs, validators are resolved from DI:
app.MapPost("/products", async (Product product, IValidator<Product> validator) =>
{
var result = await validator.ValidateAsync(product);
if (!result.IsValid)
return Results.ValidationProblem(result.ToDictionary());
return Results.Ok(product);
});This keeps endpoints lightweight while ensuring validation happens consistently.
3 Crafting Complex Business Rules
Up to this point, we have looked at simple validations—rules that check a single property in isolation. But in real-world applications, business logic is rarely that straightforward. Dates need to be compared. Requirements change depending on context. Sometimes you must query external systems to decide if a value is valid. This is where FluentValidation’s advanced features transform from “nice-to-have” into critical infrastructure.
3.1 Cross-Property Validation
Cross-property validation refers to situations where the validity of one property depends on the value of another. Consider the classic example: an EndDate must occur after a StartDate. These rules are everywhere in scheduling, finance, booking systems, and workflow engines.
3.1.1 Using Must() with Access to the Root Object
The Must() method lets you write custom predicates with access to the entire object, not just the property under validation. This makes it perfect for comparing two or more values.
Example: Validating Dates in an Event
public class Event
{
public DateTime StartDate { get; set; }
public DateTime EndDate { get; set; }
}public class EventValidator : AbstractValidator<Event>
{
public EventValidator()
{
RuleFor(x => x.EndDate)
.Must((eventObj, endDate) => endDate > eventObj.StartDate)
.WithMessage("End date must be after the start date.");
}
}Here, Must() provides both the root object (eventObj) and the property value (endDate). The logic is explicit, easy to read, and localized to one rule.
Incorrect vs Correct
- Incorrect: Writing validation logic inside controllers:
if (request.EndDate <= request.StartDate)
{
return BadRequest("End date must be after start date");
}This approach duplicates business rules across controllers, making them brittle and hard to test.
- Correct: Encapsulating the rule in the validator, as shown above. This centralizes validation logic and makes it reusable across API, UI, and services.
3.1.2 Building Custom Rule Builders
When you see cross-property checks repeating across your codebase, you can encapsulate them in reusable rule builders. This increases readability and reduces duplication.
Reusable Extension:
public static class DateValidationExtensions
{
public static IRuleBuilderOptions<T, DateTime> MustBeAfter<T>(
this IRuleBuilder<T, DateTime> ruleBuilder,
Func<T, DateTime> comparisonProperty,
string message = "Date must be after the comparison date.")
{
return ruleBuilder.Must((rootObject, date, context) =>
{
var comparisonValue = comparisonProperty(rootObject);
return date > comparisonValue;
}).WithMessage(message);
}
}Usage in Validator:
public class BookingValidator : AbstractValidator<Booking>
{
public BookingValidator()
{
RuleFor(x => x.CheckOut)
.MustBeAfter(x => x.CheckIn, "Check-out must be after check-in.");
}
}Now your rule reads naturally, scales to multiple validators, and remains easy to maintain.
3.2 Conditional Validation with When() and Unless()
Many business rules only apply under specific conditions. FluentValidation provides When() and Unless() to declare conditions that wrap one or more rules.
3.2.1 Simple Conditions
Suppose you have a contact form where PhoneNumber is only required if the preferred contact method is “Phone”.
Model:
public class ContactRequest
{
public string ContactMethod { get; set; }
public string? PhoneNumber { get; set; }
public string? Email { get; set; }
}Validator:
public class ContactRequestValidator : AbstractValidator<ContactRequest>
{
public ContactRequestValidator()
{
RuleFor(x => x.PhoneNumber)
.NotEmpty()
.When(x => x.ContactMethod == "Phone")
.WithMessage("Phone number is required when contact method is phone.");
RuleFor(x => x.Email)
.NotEmpty()
.EmailAddress()
.When(x => x.ContactMethod == "Email");
}
}This ensures validation rules fire only under the right context. Compare that to hardcoding if checks inside controllers, which quickly becomes unmanageable.
3.2.2 Async Conditions with WhenAsync()
Sometimes conditions depend on external data. Imagine a subscription-based system where only premium users must provide a company name during registration.
Model:
public class Registration
{
public string Username { get; set; }
public string? CompanyName { get; set; }
}Validator with Async Condition:
public class RegistrationValidator : AbstractValidator<Registration>
{
public RegistrationValidator(ISubscriptionService subscriptionService)
{
RuleFor(x => x.CompanyName)
.NotEmpty().WithMessage("Company name is required for premium users.")
.WhenAsync(async (model, cancellation) =>
{
var tier = await subscriptionService.GetUserTierAsync(model.Username, cancellation);
return tier == "Premium";
});
}
}Here, WhenAsync() integrates seamlessly with dependency-injected services. The rule only executes if the subscription tier is premium.
3.3 Asynchronous Validation for External Dependencies
Cross-property and conditional checks are powerful, but sooner or later you’ll need to validate against external systems—databases, APIs, caches, or microservices.
3.3.1 The Need for Async
Validation that involves I/O must be asynchronous. Blocking calls (.Result or .Wait()) consume valuable threads, harming scalability under load. In ASP.NET Core, where every request maps to a limited thread pool, blocking validators can bring down throughput dramatically.
3.3.2 Implementing with MustAsync()
MustAsync() works like Must(), but supports Task-returning predicates.
Example: Unique Username Check
public class UserRegistration
{
public string Username { get; set; }
}public class UserRegistrationValidator : AbstractValidator<UserRegistration>
{
public UserRegistrationValidator(IUserRepository repository)
{
RuleFor(x => x.Username)
.NotEmpty()
.MustAsync(async (username, cancellation) =>
{
return !await repository.ExistsAsync(username, cancellation);
})
.WithMessage("Username is already taken.");
}
}Now validation is both correct and efficient in high-concurrency environments.
3.3.3 A Note on Cancellation Tokens
Every async validator receives a CancellationToken. Propagating it ensures your validation respects request cancellations—critical for responsive APIs and graceful shutdowns.
Correct Usage:
public Task<bool> ExistsAsync(string username, CancellationToken cancellationToken);Inside the Validator:
.MustAsync((username, cancellation) => repository.ExistsAsync(username, cancellation));Failing to propagate the token can result in wasted work after a client has already abandoned the request.
4 Building a Maintainable and Reusable Validation Framework
As systems grow, so does the complexity of validation. Scattered, ad-hoc rules become hard to reason about. For solution architects and tech leads, the goal is not just correctness, but maintainability, reuse, and clear patterns the whole team can follow.
4.1 Creating Reusable Property Validators
Reusable validators let you encapsulate complex checks that don’t belong inline with every RuleFor.
4.1.1 Writing a Custom PropertyValidator
Suppose you need a strong password policy: minimum length, uppercase, lowercase, digit, and symbol. Instead of repeating regex patterns across validators, build a custom validator.
Custom Validator:
public class StrongPasswordValidator<T> : PropertyValidator<T, string>
{
public override string Name => "StrongPasswordValidator";
public override bool IsValid(ValidationContext<T> context, string value)
{
if (string.IsNullOrWhiteSpace(value)) return false;
if (value.Length < 8) return false;
if (!Regex.IsMatch(value, "[A-Z]")) return false;
if (!Regex.IsMatch(value, "[a-z]")) return false;
if (!Regex.IsMatch(value, "[0-9]")) return false;
if (!Regex.IsMatch(value, "[^a-zA-Z0-9]")) return false;
return true;
}
protected override string GetDefaultMessageTemplate(string errorCode) =>
"'{PropertyName}' must be at least 8 characters long and include uppercase, lowercase, number, and symbol.";
}4.1.2 Fluent Extension Methods for Readability
Expose your validator through an extension method to keep the API natural.
public static class PasswordRuleBuilderExtensions
{
public static IRuleBuilderOptions<T, string> StrongPassword<T>(
this IRuleBuilder<T, string> ruleBuilder)
{
return ruleBuilder.SetValidator(new StrongPasswordValidator<T>());
}
}Usage:
RuleFor(x => x.Password).StrongPassword();Now, any developer on the team can apply this rule without worrying about regex details.
4.2 Validating Complex Object Graphs
Enterprise models often contain nested objects or collections. FluentValidation handles these scenarios cleanly.
4.2.1 Child Property Validation with SetValidator()
Imagine a Customer with an embedded Address:
public class Customer
{
public string Name { get; set; }
public Address Address { get; set; }
}
public class Address
{
public string Line1 { get; set; }
public string City { get; set; }
public string PostalCode { get; set; }
}Validators:
public class AddressValidator : AbstractValidator<Address>
{
public AddressValidator()
{
RuleFor(x => x.Line1).NotEmpty();
RuleFor(x => x.City).NotEmpty();
RuleFor(x => x.PostalCode).NotEmpty();
}
}
public class CustomerValidator : AbstractValidator<Customer>
{
public CustomerValidator()
{
RuleFor(x => x.Name).NotEmpty();
RuleFor(x => x.Address).SetValidator(new AddressValidator());
}
}This ensures the Customer is only valid if both its own properties and its nested Address are valid.
4.2.2 Validating Collections with RuleForEach()
Collections introduce another dimension: validating each element.
public class Order
{
public List<OrderItem> Items { get; set; }
}
public class OrderItem
{
public string Sku { get; set; }
public int Quantity { get; set; }
}
public class OrderItemValidator : AbstractValidator<OrderItem>
{
public OrderItemValidator()
{
RuleFor(x => x.Sku).NotEmpty();
RuleFor(x => x.Quantity).GreaterThan(0);
}
}
public class OrderValidator : AbstractValidator<Order>
{
public OrderValidator()
{
RuleForEach(x => x.Items).SetValidator(new OrderItemValidator());
}
}This pattern scales naturally when working with arrays of addresses, contacts, or line items.
4.3 Validator Composition with Include()
Duplication is one of the biggest threats to maintainability. FluentValidation supports composition through Include(), letting you embed validators inside others.
4.3.1 The DRY Principle in Validation
If multiple models share common validation logic—say, name fields—extract those into a reusable validator and include them where needed.
Base Validator:
public class PersonNameValidator : AbstractValidator<IPersonName>
{
public PersonNameValidator()
{
RuleFor(x => x.FirstName).NotEmpty().Length(2, 50);
RuleFor(x => x.LastName).NotEmpty().Length(2, 50);
}
}
public interface IPersonName
{
string FirstName { get; }
string LastName { get; }
}4.3.2 Practical Example
Now apply it to both customers and employees.
public class Customer : IPersonName
{
public string FirstName { get; set; }
public string LastName { get; set; }
}
public class Employee : IPersonName
{
public string FirstName { get; set; }
public string LastName { get; set; }
}Validators:
public class CustomerValidator : AbstractValidator<Customer>
{
public CustomerValidator()
{
Include(new PersonNameValidator());
// Add customer-specific rules
}
}
public class EmployeeValidator : AbstractValidator<Employee>
{
public EmployeeValidator()
{
Include(new PersonNameValidator());
// Add employee-specific rules
}
}This eliminates duplication, centralizes shared rules, and makes updates painless. If name rules change tomorrow, you modify only one place.
5 Contextual Validation with Rule Sets
Most enterprise systems do not have a single “truth” for validation. A Customer object might need strict validation when being created, but only partial validation when updated. A Product might require SKU uniqueness on insertion but not during edits. These differences lead to conditional or contextual validation, and FluentValidation addresses this elegantly with rule sets.
5.1 Defining Rule Sets
A rule set groups rules together under a named context. Think of them as validation profiles. You can define multiple sets for the same validator, each reflecting a different use case. This avoids scattering conditions across rules and makes intent explicit.
Example: User Creation vs. Update
public class User
{
public int Id { get; set; } // Only relevant on update
public string Username { get; set; }
public string? Email { get; set; }
public string? PhoneNumber { get; set; }
}Validator with Rule Sets
public class UserValidator : AbstractValidator<User>
{
public UserValidator()
{
RuleSet("Create", () =>
{
RuleFor(x => x.Username)
.NotEmpty()
.Length(3, 50);
RuleFor(x => x.Email)
.NotEmpty()
.EmailAddress();
});
RuleSet("Update", () =>
{
RuleFor(x => x.Id)
.GreaterThan(0);
RuleFor(x => x.Email)
.EmailAddress()
.When(x => !string.IsNullOrEmpty(x.Email));
});
}
}Here, two distinct rule sets—Create and Update—exist side by side. Depending on context, you run one or the other. This avoids overly conditional code and makes the validator self-documenting.
5.2 Invoking Rule Sets in ASP.NET Core
By default, ASP.NET Core runs all rules when validating an object. To use rule sets, you must tell FluentValidation which set to execute. You can do this declaratively or programmatically.
5.2.1 The CustomizeValidatorAttribute
ASP.NET Core offers the CustomizeValidator attribute to specify rule sets directly on controller actions. This is declarative, straightforward, and works well when your rule set choice is tied directly to an endpoint.
Controller Example
[ApiController]
[Route("api/[controller]")]
public class UsersController : ControllerBase
{
[HttpPost]
public IActionResult Create([FromBody, CustomizeValidator(RuleSet = "Create")] User user)
{
// If invalid, ASP.NET Core returns 400 automatically.
return Ok();
}
[HttpPut("{id}")]
public IActionResult Update(int id, [FromBody, CustomizeValidator(RuleSet = "Update")] User user)
{
user.Id = id;
return Ok();
}
}The attribute ensures only the relevant rules run for each action. This keeps controller logic clean and pushes validation complexity into the validator layer.
5.2.2 Manual Validation for Maximum Control
Sometimes rule set choice is dynamic. For example, a single endpoint may accept different request types or modes. In such cases, manual invocation gives maximum control.
Injecting IValidator<T>
public class UsersController : ControllerBase
{
private readonly IValidator<User> _validator;
public UsersController(IValidator<User> validator)
{
_validator = validator;
}
[HttpPost("validate")]
public async Task<IActionResult> ValidateUser([FromBody] User user, string mode)
{
var context = new ValidationContext<User>(user)
.Clone(selector: s => s.IncludeRuleSets(mode));
var result = await _validator.ValidateAsync(context);
if (!result.IsValid)
return BadRequest(result.ToDictionary());
return Ok("Validation passed");
}
}Here, the mode query parameter dynamically selects the rule set (Create or Update). This approach is flexible, especially for APIs where rules depend on user roles, workflow states, or feature flags.
6 Advanced ASP.NET Core Integration & API Responses
At this stage, you have validators running and responding correctly. But for large teams, validation is not just about correctness—it’s about how errors are communicated. Front-end developers want consistent, structured responses. Ops teams need observability into why requests fail. Architects care about performance in the validation pipeline. Let’s explore these deeper integrations.
6.1 Deep Dive into the Validation Pipeline
When you use AddFluentValidationAutoValidation(), FluentValidation hooks into ASP.NET Core’s model validation stage. Here’s what happens under the hood:
- Model Binding: ASP.NET Core binds incoming JSON, form data, or query params into a model object.
- Validator Resolution: FluentValidation locates the registered
IValidator<T>for the model type. - Execution: The validator runs, producing a
ValidationResult. - ModelState Population: Errors are added to
ModelState, ASP.NET Core’s central repository for validation issues. - Response Generation: If
ModelStateis invalid, the request short-circuits, returning a400 Bad Requestwith details.
This integration is seamless, but it also means you can extend or override at multiple points—before validation, during error translation, or while shaping responses.
6.2 Customizing API Error Responses
The default response for validation errors is a ValidationProblemDetails object, which is fine but not always ideal. Many front-end teams prefer a consistent schema, perhaps with error codes or localized messages. FluentValidation gives you the hooks to achieve this.
6.2.1 Configuring ApiBehaviorOptions
ASP.NET Core exposes ApiBehaviorOptions.InvalidModelStateResponseFactory, a delegate that lets you control the shape of validation responses. This is where you can build custom JSON tailored for your clients.
Startup Configuration
builder.Services.Configure<ApiBehaviorOptions>(options =>
{
options.InvalidModelStateResponseFactory = context =>
{
var errors = context.ModelState
.Where(ms => ms.Value?.Errors.Count > 0)
.Select(ms => new
{
Field = ms.Key,
Messages = ms.Value.Errors.Select(e => e.ErrorMessage).ToArray()
});
var response = new
{
ErrorType = "ValidationError",
Errors = errors
};
return new BadRequestObjectResult(response);
};
});Sample Response
{
"ErrorType": "ValidationError",
"Errors": [
{ "Field": "Email", "Messages": [ "Email is required.", "Email is not valid." ] },
{ "Field": "Username", "Messages": [ "Username must be between 3 and 50 characters." ] }
]
}This schema is front-end friendly and easily parsed into UI error components.
6.2.2 Adding Custom Error Codes
While error messages are great for humans, machines prefer structured codes. FluentValidation lets you tag rules with .WithErrorCode(). This is invaluable when front-ends need to handle errors programmatically.
Example:
RuleFor(x => x.Email)
.NotEmpty().WithMessage("Email is required.").WithErrorCode("EMAIL_REQUIRED")
.EmailAddress().WithMessage("Email format is invalid.").WithErrorCode("EMAIL_INVALID");Custom Response Factory Including Codes
options.InvalidModelStateResponseFactory = context =>
{
var errors = context.ModelState
.Where(ms => ms.Value?.Errors.Count > 0)
.Select(ms => new
{
Field = ms.Key,
Messages = ms.Value.Errors.Select(e => e.ErrorMessage).ToArray(),
Codes = ms.Value.Errors.Select(e => e.ErrorMessage).ToArray()
});
return new BadRequestObjectResult(new { Errors = errors });
};Response Example
{
"Errors": [
{
"Field": "Email",
"Messages": [ "Email is required." ],
"Codes": [ "EMAIL_REQUIRED" ]
}
]
}Now the client can show a friendly message and branch logic based on the code.
6.3 Integrating with Minimal APIs
Minimal APIs are becoming the preferred style for lightweight services and microservices in .NET 8/9. FluentValidation integrates just as cleanly here, but you wire it differently.
Endpoint Example with Validation Filter
app.MapPost("/users", async (User user, IValidator<User> validator) =>
{
var result = await validator.ValidateAsync(user);
if (!result.IsValid)
{
return Results.BadRequest(new
{
ErrorType = "ValidationError",
Errors = result.Errors.Select(e => new
{
Field = e.PropertyName,
Message = e.ErrorMessage,
Code = e.ErrorCode
})
});
}
return Results.Ok("User created successfully");
});For larger systems, you can encapsulate this into a reusable endpoint filter, ensuring validation logic doesn’t repeat across every endpoint.
Reusable Validation Filter
public class ValidationFilter<T> : IEndpointFilter where T : class
{
private readonly IValidator<T> _validator;
public ValidationFilter(IValidator<T> validator)
{
_validator = validator;
}
public async ValueTask<object?> InvokeAsync(
EndpointFilterInvocationContext context,
EndpointFilterDelegate next)
{
var model = context.Arguments.OfType<T>().FirstOrDefault();
if (model is null) return Results.BadRequest("Invalid request");
var result = await _validator.ValidateAsync(model);
if (!result.IsValid)
{
return Results.BadRequest(new
{
Errors = result.Errors.Select(e => new
{
Field = e.PropertyName,
Message = e.ErrorMessage,
Code = e.ErrorCode
})
});
}
return await next(context);
}
}Applying Filter
app.MapPost("/users", (User user) =>
{
return Results.Ok("Created");
})
.AddEndpointFilter<ValidationFilter<User>>();This pattern centralizes validation, produces consistent responses, and aligns Minimal APIs with the same practices you’d use in MVC controllers.
7 Localization: Speaking Your User’s Language
Validation rules are rarely just about technical correctness—they are part of the user experience. A perfectly validated form with poorly phrased or untranslated error messages frustrates users, increases support tickets, and erodes trust. For global systems, the need to deliver localized, context-aware error messages is non-negotiable. FluentValidation works hand in hand with .NET’s localization infrastructure to achieve this.
7.1 The Problem with Hardcoded Messages
In many introductory examples, validation rules use hardcoded English strings. While this may be fine in a prototype or small app, it does not scale to enterprise systems with global audiences.
Problems with Hardcoded Strings:
- Language Exclusivity: Non-English speakers are left out, harming adoption in international markets.
- Duplication: The same phrase may be repeated across validators, making updates error-prone.
- Lack of Context: Hardcoded strings cannot adjust to cultural formatting differences (e.g., date formats, numeric separators).
Example of Hardcoding
RuleFor(x => x.Email)
.NotEmpty().WithMessage("Email is required.")
.EmailAddress().WithMessage("Email is not valid.");If tomorrow you need to support French or Spanish, you’re forced to rewrite validators or hack in conditional message selection. Clearly, this doesn’t scale.
7.2 Leveraging .NET’s Localization Framework
ASP.NET Core already provides a powerful localization framework. At its core are resource files (.resx) and the IStringLocalizer<T> service.
Resource File Structure
Resources/Validators/UserValidator.en.resxResources/Validators/UserValidator.fr.resx
Each .resx contains key-value pairs:
<data name="EmailRequired" xml:space="preserve">
<value>Email is required.</value>
</data>
<data name="EmailInvalid" xml:space="preserve">
<value>Email is not valid.</value>
</data>French equivalent:
<data name="EmailRequired" xml:space="preserve">
<value>L'adresse e-mail est obligatoire.</value>
</data>
<data name="EmailInvalid" xml:space="preserve">
<value>L'adresse e-mail n'est pas valide.</value>
</data>Validator Example Using IStringLocalizer
public class UserValidator : AbstractValidator<User>
{
public UserValidator(IStringLocalizer<UserValidator> localizer)
{
RuleFor(x => x.Email)
.NotEmpty().WithMessage(localizer["EmailRequired"])
.EmailAddress().WithMessage(localizer["EmailInvalid"]);
}
}Now, error messages adapt based on the active UI culture.
Startup Configuration
builder.Services.AddLocalization(options => options.ResourcesPath = "Resources");
builder.Services.AddControllers()
.AddDataAnnotationsLocalization()
.AddFluentValidationAutoValidation();
app.UseRequestLocalization(options =>
{
var supportedCultures = new[] { "en", "fr", "es" };
options.SetDefaultCulture("en")
.AddSupportedCultures(supportedCultures)
.AddSupportedUICultures(supportedCultures);
});With this setup, passing Accept-Language: fr in headers automatically returns French messages.
7.3 Configuring FluentValidation for Localization
FluentValidation ships with its own LanguageManager, providing default messages in multiple languages. You can replace or extend this with .NET’s localization services.
Setting Global Language Manager
ValidatorOptions.Global.LanguageManager.Culture = new CultureInfo("fr");This changes the language for all default messages (like those for NotEmpty, GreaterThan). However, for custom messages, you should rely on IStringLocalizer.
Combining Both Approaches You might use FluentValidation’s built-in translations for generic messages and resource files for domain-specific messages. This hybrid strategy reduces duplication while keeping your business rules context-aware.
7.4 Practical Implementation
Let’s combine everything in a complete localized validator.
Model
public class Registration
{
public string Username { get; set; }
public string Password { get; set; }
}Resource File (RegistrationValidator.fr.resx)
<data name="UsernameRequired"><value>Le nom d'utilisateur est obligatoire.</value></data>
<data name="PasswordWeak"><value>Le mot de passe est trop faible.</value></data>Validator
public class RegistrationValidator : AbstractValidator<Registration>
{
public RegistrationValidator(IStringLocalizer<RegistrationValidator> localizer)
{
RuleFor(x => x.Username)
.NotEmpty().WithMessage(localizer["UsernameRequired"]);
RuleFor(x => x.Password)
.MinimumLength(8)
.Matches("[A-Z]").WithMessage(localizer["PasswordWeak"]);
}
}Request with French Locale
POST /api/register
Accept-Language: fr
{
"Username": "",
"Password": "weakpass"
}Response
{
"errors": {
"Username": ["Le nom d'utilisateur est obligatoire."],
"Password": ["Le mot de passe est trop faible."]
}
}This workflow ensures a global-ready application without forcing developers to rewrite rules.
8 Architectural Patterns, Performance, and Testing
So far, we’ve mastered rules, conditions, and localization. But how do these validators fit into large architectures? How do we ensure they don’t become performance bottlenecks? And how do we guarantee they stay correct over time? This section answers those questions.
8.1 Validation in a CQRS Architecture
CQRS (Command Query Responsibility Segregation) is increasingly common in enterprise apps. Every command or query represents an intent, and validation ensures only correct requests proceed. FluentValidation integrates naturally with CQRS when paired with MediatR.
8.1.1 Integrating with MediatR
MediatR pipeline behaviors allow you to run logic before or after handlers. A validation behavior ensures every command/query passes through its validator automatically.
Validation Behavior
public class ValidationBehavior<TRequest, TResponse> : IPipelineBehavior<TRequest, TResponse>
where TRequest : notnull
{
private readonly IEnumerable<IValidator<TRequest>> _validators;
public ValidationBehavior(IEnumerable<IValidator<TRequest>> validators)
{
_validators = validators;
}
public async Task<TResponse> Handle(
TRequest request,
RequestHandlerDelegate<TResponse> next,
CancellationToken cancellationToken)
{
if (_validators.Any())
{
var context = new ValidationContext<TRequest>(request);
var results = await Task.WhenAll(
_validators.Select(v => v.ValidateAsync(context, cancellationToken)));
var failures = results.SelectMany(r => r.Errors).Where(f => f != null).ToList();
if (failures.Count != 0)
throw new ValidationException(failures);
}
return await next();
}
}Registration
builder.Services.AddMediatR(cfg => cfg.RegisterServicesFromAssemblyContaining<Program>());
builder.Services.AddTransient(typeof(IPipelineBehavior<,>), typeof(ValidationBehavior<,>));Now every request with a corresponding validator is automatically validated before execution.
8.1.2 Suggested Library
While rolling your own works, the community provides MediatR.Extensions.FluentValidation.AspNetCore, a library that wires FluentValidation into MediatR with minimal ceremony. It handles discovery, registration, and exception handling.
dotnet add package MediatR.Extensions.FluentValidation.AspNetCoreThis library lets you focus on validators themselves instead of pipeline plumbing.
8.2 Performance Best Practices
Validators run on every request. Poorly designed rules can become silent performance killers. Here’s how to avoid them.
8.2.1 Validator Lifetimes
Validators should be registered as Singletons in DI. They are stateless, thread-safe, and expensive to resolve repeatedly.
Correct Registration
builder.Services.AddValidatorsFromAssemblyContaining<Program>(ServiceLifetime.Singleton);Pitfall: Injecting scoped services like DbContext directly into validators breaks this pattern. Instead, inject repositories or services that handle scoped lifetimes internally. Alternatively, pass dependencies into validators at runtime (e.g., through MustAsync() delegates).
8.2.2 Avoiding Performance Bottlenecks
Two common traps:
-
Database Queries Inside
RuleForEachValidating every item in a large collection with an individual DB query will crush performance. Instead, pre-fetch necessary data once and validate in-memory.Incorrect
RuleForEach(x => x.Items) .MustAsync(async (item, ct) => await repository.ExistsAsync(item.Sku, ct));Correct
RuleFor(x => x.Items) .MustAsync(async (items, ct) => { var validSkus = await repository.GetValidSkusAsync(ct); return items.All(i => validSkus.Contains(i.Sku)); });This approach reduces N queries to 1.
-
Expensive Regex in Hot Paths Complex regex patterns can slow down validation under load. Consider pre-compiling regex or using simpler checks where possible.
8.3 Unit Testing Your Validators
Validation logic expresses critical business rules. Bugs here cause downstream issues in workflows, data quality, and compliance. Fortunately, FluentValidation provides a test helper package that makes unit tests expressive and lightweight.
8.3.1 The FluentValidation.TestHelper Package
Install via NuGet:
dotnet add package FluentValidation.TestHelperThis package provides extension methods for asserting validation results.
8.3.2 Writing Tests
Consider our earlier UserValidator. Here’s how to test it.
Validator
public class UserValidator : AbstractValidator<User>
{
public UserValidator()
{
RuleFor(x => x.Username).NotEmpty().Length(3, 50);
RuleFor(x => x.Email).NotEmpty().EmailAddress();
}
}Unit Tests
public class UserValidatorTests
{
private readonly UserValidator _validator = new UserValidator();
[Fact]
public void Should_Have_Error_When_Username_Is_Empty()
{
var model = new User { Username = "" };
var result = _validator.TestValidate(model);
result.ShouldHaveValidationErrorFor(x => x.Username);
}
[Fact]
public void Should_Not_Have_Error_When_Email_Is_Valid()
{
var model = new User { Email = "test@example.com" };
var result = _validator.TestValidate(model);
result.ShouldNotHaveValidationErrorFor(x => x.Email);
}
}The DSL-style assertions make intent crystal clear. These tests run quickly, require no external setup, and protect your rules from regressions.
9 Conclusion: The Hallmarks of a Robust Validation Strategy
Validation is more than input sanitization. It is the codification of business rules, the first line of defense against bad data, and a bridge between backend logic and user experience. FluentValidation provides the tools to do this cleanly, testably, and at scale.
9.1 Key Takeaways
- Separation of Concerns: Validators keep rules out of models and controllers.
- Expressiveness: Fluent syntax handles everything from simple checks to async conditions.
- Reusability: Custom validators, extensions, and composition promote DRY principles.
- Context Awareness: Rule sets adapt validation to scenarios like create vs. update.
- Localization: Error messages can speak any user’s language without duplication.
- Enterprise Readiness: CQRS integration, singleton lifetimes, and testability ensure maintainability and performance.
9.2 Final Thoughts
As projects scale, validation becomes more than just catching typos in forms. It becomes a critical part of the architecture. FluentValidation allows developers to express these rules declaratively, test them thoroughly, and integrate them seamlessly into pipelines. Whether you’re building a microservice with Minimal APIs or orchestrating a global enterprise platform, FluentValidation equips you with patterns that scale.
9.3 Further Resources
- Official FluentValidation Documentation
- FluentValidation GitHub Repository
- ASP.NET Core Localization Docs
- MediatR GitHub
These resources extend the journey we’ve taken here and provide ongoing updates from the FluentValidation community. With these tools, you’re well-prepared to design validation strategies that are not only correct but also resilient, maintainable, and enterprise-ready.
