This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of ".NET Web Service Validation"

From OWASP
Jump to: navigation, search
 
(.NET Web Service Validation)
Line 1: Line 1:
 
== .NET Web Service Validation ==
 
 
 
There was a great article on MSDN a while back (years at this point) that showed the creation of a SOAP extension that would verify incoming requests against a schema, something .NET does not support out of the box (even in 2.0).  Additionally there was quasi support for [http://www.schematron.com/ schematron] via Assert attributes.  This allows for a very powerful input validation of web services.
 
There was a great article on MSDN a while back (years at this point) that showed the creation of a SOAP extension that would verify incoming requests against a schema, something .NET does not support out of the box (even in 2.0).  Additionally there was quasi support for [http://www.schematron.com/ schematron] via Assert attributes.  This allows for a very powerful input validation of web services.
  
Line 8: Line 5:
 
The original article is available [http://msdn.microsoft.com/msdnmag/issues/03/07/XMLSchemaValidation/ here].
 
The original article is available [http://msdn.microsoft.com/msdnmag/issues/03/07/XMLSchemaValidation/ here].
  
'''Performance Penalties'''
+
== Performance Penalties ==
  
 
To add in XML schema validation we must parse the soap packet ourselves.  This of course will incur an additional performance hit outside of simply turning on validation.  Unfortunately there is no method (that I'm aware of) to enable schema validation in .NET currently.
 
To add in XML schema validation we must parse the soap packet ourselves.  This of course will incur an additional performance hit outside of simply turning on validation.  Unfortunately there is no method (that I'm aware of) to enable schema validation in .NET currently.
  
'''Downloading'''
+
== Downloading ==
  
 
[http://phed.org/files/SoapValidation-0.5.msi SoapValidation-0.5.msi] - Assembly, documentation, samples
 
[http://phed.org/files/SoapValidation-0.5.msi SoapValidation-0.5.msi] - Assembly, documentation, samples
 +
 
[http://phed.org/files/SoapValidation-0.5-src.zip SoapValidation-0.5-src.zip] - Source, documentation, samples
 
[http://phed.org/files/SoapValidation-0.5-src.zip SoapValidation-0.5-src.zip] - Source, documentation, samples
  
'''Installation'''
+
== Installation ==
  
 
Download the installer and run.  Easy :)
 
Download the installer and run.  Easy :)
  
'''Methods of Use'''
+
== Methods of Use ==
  
 
There are two methods for using the validator.  First you can force all web methods to be validated using the web.config file.  Second you can mark methods using [Validation] attribute.
 
There are two methods for using the validator.  First you can force all web methods to be validated using the web.config file.  Second you can mark methods using [Validation] attribute.
  
'''Use'''
+
== Use ==
  
 
Add a reference to SoapValidator.dll from your web service project.  Modify your web.config to include the required settings and add attributes to classes and/or methods.  See examples later.
 
Add a reference to SoapValidator.dll from your web service project.  Modify your web.config to include the required settings and add attributes to classes and/or methods.  See examples later.
  
'''Reporting Bugs'''
+
== Reporting Bugs ==
  
 
Report bugs to Michael Eddington @ [email protected].
 
Report bugs to Michael Eddington @ [email protected].

Revision as of 03:15, 20 November 2006

There was a great article on MSDN a while back (years at this point) that showed the creation of a SOAP extension that would verify incoming requests against a schema, something .NET does not support out of the box (even in 2.0). Additionally there was quasi support for schematron via Assert attributes. This allows for a very powerful input validation of web services.

This is a project to provide continued support for this extension. There have been some updates to the original code, including moving to the .NET Framework v2.0.

The original article is available here.

Performance Penalties

To add in XML schema validation we must parse the soap packet ourselves. This of course will incur an additional performance hit outside of simply turning on validation. Unfortunately there is no method (that I'm aware of) to enable schema validation in .NET currently.

Downloading

SoapValidation-0.5.msi - Assembly, documentation, samples

SoapValidation-0.5-src.zip - Source, documentation, samples

Installation

Download the installer and run. Easy :)

Methods of Use

There are two methods for using the validator. First you can force all web methods to be validated using the web.config file. Second you can mark methods using [Validation] attribute.

Use

Add a reference to SoapValidator.dll from your web service project. Modify your web.config to include the required settings and add attributes to classes and/or methods. See examples later.

Reporting Bugs

Report bugs to Michael Eddington @ [email protected].