This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of ".NET Web Service Validation"
Meddington (talk | contribs) |
Meddington (talk | contribs) (→.NET Web Service Validation) |
||
Line 1: | Line 1: | ||
− | |||
− | |||
− | |||
There was a great article on MSDN a while back (years at this point) that showed the creation of a SOAP extension that would verify incoming requests against a schema, something .NET does not support out of the box (even in 2.0). Additionally there was quasi support for [http://www.schematron.com/ schematron] via Assert attributes. This allows for a very powerful input validation of web services. | There was a great article on MSDN a while back (years at this point) that showed the creation of a SOAP extension that would verify incoming requests against a schema, something .NET does not support out of the box (even in 2.0). Additionally there was quasi support for [http://www.schematron.com/ schematron] via Assert attributes. This allows for a very powerful input validation of web services. | ||
Line 8: | Line 5: | ||
The original article is available [http://msdn.microsoft.com/msdnmag/issues/03/07/XMLSchemaValidation/ here]. | The original article is available [http://msdn.microsoft.com/msdnmag/issues/03/07/XMLSchemaValidation/ here]. | ||
− | + | == Performance Penalties == | |
To add in XML schema validation we must parse the soap packet ourselves. This of course will incur an additional performance hit outside of simply turning on validation. Unfortunately there is no method (that I'm aware of) to enable schema validation in .NET currently. | To add in XML schema validation we must parse the soap packet ourselves. This of course will incur an additional performance hit outside of simply turning on validation. Unfortunately there is no method (that I'm aware of) to enable schema validation in .NET currently. | ||
− | + | == Downloading == | |
[http://phed.org/files/SoapValidation-0.5.msi SoapValidation-0.5.msi] - Assembly, documentation, samples | [http://phed.org/files/SoapValidation-0.5.msi SoapValidation-0.5.msi] - Assembly, documentation, samples | ||
+ | |||
[http://phed.org/files/SoapValidation-0.5-src.zip SoapValidation-0.5-src.zip] - Source, documentation, samples | [http://phed.org/files/SoapValidation-0.5-src.zip SoapValidation-0.5-src.zip] - Source, documentation, samples | ||
− | + | == Installation == | |
Download the installer and run. Easy :) | Download the installer and run. Easy :) | ||
− | + | == Methods of Use == | |
There are two methods for using the validator. First you can force all web methods to be validated using the web.config file. Second you can mark methods using [Validation] attribute. | There are two methods for using the validator. First you can force all web methods to be validated using the web.config file. Second you can mark methods using [Validation] attribute. | ||
− | + | == Use == | |
Add a reference to SoapValidator.dll from your web service project. Modify your web.config to include the required settings and add attributes to classes and/or methods. See examples later. | Add a reference to SoapValidator.dll from your web service project. Modify your web.config to include the required settings and add attributes to classes and/or methods. See examples later. | ||
− | + | == Reporting Bugs == | |
Report bugs to Michael Eddington @ [email protected]. | Report bugs to Michael Eddington @ [email protected]. |
Revision as of 03:15, 20 November 2006
There was a great article on MSDN a while back (years at this point) that showed the creation of a SOAP extension that would verify incoming requests against a schema, something .NET does not support out of the box (even in 2.0). Additionally there was quasi support for schematron via Assert attributes. This allows for a very powerful input validation of web services.
This is a project to provide continued support for this extension. There have been some updates to the original code, including moving to the .NET Framework v2.0.
The original article is available here.
Performance Penalties
To add in XML schema validation we must parse the soap packet ourselves. This of course will incur an additional performance hit outside of simply turning on validation. Unfortunately there is no method (that I'm aware of) to enable schema validation in .NET currently.
Downloading
SoapValidation-0.5.msi - Assembly, documentation, samples
SoapValidation-0.5-src.zip - Source, documentation, samples
Installation
Download the installer and run. Easy :)
Methods of Use
There are two methods for using the validator. First you can force all web methods to be validated using the web.config file. Second you can mark methods using [Validation] attribute.
Use
Add a reference to SoapValidator.dll from your web service project. Modify your web.config to include the required settings and add attributes to classes and/or methods. See examples later.
Reporting Bugs
Report bugs to Michael Eddington @ [email protected].