Difference between revisions of ".NET Web Service Validation"

From OWASP
Jump to: navigation, search
Line 19: Line 19:
 
Download the installer and run.  Easy :)
 
Download the installer and run.  Easy :)
  
== Methods of Use ==
+
== Reporting Bugs ==
  
There are two methods for using the validator.  First you can force all web methods to be validated using the web.config file. Second you can mark methods using [Validation] attribute.
+
Report bugs to Michael Eddington @ meddington@phed.org.
  
 
== Use ==
 
== Use ==
Line 27: Line 27:
 
Add a reference to SoapValidator.dll from your web service project.  Modify your web.config to include the required settings and add attributes to classes and/or methods.  See examples later.
 
Add a reference to SoapValidator.dll from your web service project.  Modify your web.config to include the required settings and add attributes to classes and/or methods.  See examples later.
  
== Reporting Bugs ==
+
=== Methods of Use ===
 +
 
 +
There are two methods for using the validator.  First you can force all web methods to be validated using the web.config file.  Second you can mark methods using [Validation] attribute.
 +
 
  
Report bugs to Michael Eddington @ meddington@phed.org.
 
  
 
[[Category:OWASP .NET Project]]
 
[[Category:OWASP .NET Project]]

Revision as of 22:57, 19 November 2006

There was a great article on MSDN a while back (years at this point) that showed the creation of a SOAP extension that would verify incoming requests against a schema, something .NET does not support out of the box (even in 2.0). Additionally there was quasi support for schematron via Assert attributes. This allows for a very powerful input validation of web services.

This is a project to provide continued support for this extension. There have been some updates to the original code, including moving to the .NET Framework v2.0.

The original article is available here.

Contents

Performance Penalties

To add in XML schema validation we must parse the soap packet ourselves. This of course will incur an additional performance hit outside of simply turning on validation. Unfortunately there is no method (that I'm aware of) to enable schema validation in .NET currently.

Downloading

SoapValidation-0.5.msi - Assembly, documentation, samples

SoapValidation-0.5-src.zip - Source, documentation, samples

Installation

Download the installer and run. Easy :)

Reporting Bugs

Report bugs to Michael Eddington @ meddington@phed.org.

Use

Add a reference to SoapValidator.dll from your web service project. Modify your web.config to include the required settings and add attributes to classes and/or methods. See examples later.

Methods of Use

There are two methods for using the validator. First you can force all web methods to be validated using the web.config file. Second you can mark methods using [Validation] attribute.