I have a quasi-RESTful ASP.NET web service that I wish to be able to post XML to. My method looks something like this:
[WebMethod(false, System.EnterpriseServices.TransactionOption.NotSupported)]
public void save(string saveXml)
{
XDocument saveXml = XDocument.Parse(saveXml);
....
When I try to post to that web service, I get the exception:
System.Web.HttpRequestValidationException: A potentially dangerous Request.Form
value was detected from the client...
Based on some searching, my understanding is that all requests to ASP.NET pages look for characters like "<" which are deemed dangerous (obviously this applies to my XML). This can be turned off easily for individual pages, but not web services. The only solution I have found involved changing the request validation mode in my web.config to "2.0". I don't want to change to an old version of something just because my one web service method doesn't work with the 4.0 version. Is there any way to disable this for my specific method? Thanks in advance.
The new 4.0 RequestValidation model is a bit pickier, but as long as your client sends the HTTP request Content-type header as text/xml instead of application/x-www-form-urlencoded it should pass (or bypass rather) ASP.NET RequestValidation.
Related
I need to enable my webAPI REST service to accept a request in the format of:
www.someURL.com/OldService.svc
I am working on an existing application that used to use WCF. These methods do not have to return anything but a 200 response. We need the REST service to handle this call so we can retire the old WCF service, but systems will fail if we don't support this WCF request.
Has anybody done this before?
edit:
Is it possible to do this with just adding a new route?
You can add a WCF service (.svc) to a Web API project by simply adding a New Item and selecting Web, it will then show up in the list as WCF Service.
Maybe you could use the Route attribute(using System.Web.Http) for the old service? I've used this for route names like [Route("SomeRoute")] but I'm not 100% sure if the .svc extension will interfere with anything.
[Route("OldService.svc")]
[HttpPost]
public HttpResponseMessage NewData(Data SomeData)
{}
I'm currently working on a C# WinForms application which makes calls to a couple of remote web services. In investigating a bug relating to strings containing ampersands, I came across the following method which 'encodes' POST bodies for the other web service (which doesn't have the ampersand issue, admittedly.)
object o = row.Values[i]; //some object
Type valueType = o.GetType();
if (valueType.Name.Equals("String", StringComparison.InvariantCultureIgnoreCase))
{
o = o.ToString().Replace("&", "%26");
}
I did a bit of WTF at this, but then thought, is there an actual reason for performing full URL encoding on POST bodies? Surely the only two risk points are ampersands and question-marks?
The question is a bit one-sided. There's only reason to encode POST data is if the other side is expecting it to be encoded. e.g. if the content type of the post data is "x-www-form-urlencoded" then, yes, you need to url encode the data. If the other side doesn't expect it to be urlencoded then don't...
Typically, you don't need to urlencode data going to a web service because you've got flexible end-points. If you've got a web service that is expecting to be called directly from a web page (e.g. through a form post) then urlencoding may be done by the browser directly--in which case the web service needs to accept url-encoded (and thus anything else that wants to communicate with it).
I've built a simple C# app (.Net 4.0 + WPF) which can send and receive JSON messages via TCP sockets.
As a next step, it should be possible that JavaScript apps on websites and PHP scripts can send and receive JSON messages to/from my app. Is that possible?
Since JS/PHP will use stateless HTTP connections, how should a request to my app work, for example, should the JS/PHP apps send a JSON message to my app and my app response (HTTP response) with a JSON message? Is that even possible? And should I use GET or POST method to send the JSON messages to/from my app?
Hope my questions do not cause too much confusion ;-) I but I appreciate every tip, clarification or feedback you can give me.
Mike
You can accomplish this via a .NET web service using special JSON directives on the web method, e.g.
[ScriptMethod(UseHttpGet = true, ResponseFormat=ResponseFormat.Json)]
public string DoSomething(string param1, int param2)
{
// Do Something
}
When the ResponseFormat.Json property is specified, the data returned will be serialized into the appropriate JSON format. Also note, in order to recieve a true JSON response, you'll need to set your content-type to "application/json" from the requesting application. Otherwise, the method will attempt to wrap the response in XML.
Also, I am enabling a HttpGet on this method so that you can post via a query string to the method, e.g.
http://www.example.com/service.asmx?param1='Hello'¶m2=1;
I have an .net 2.0 C# client app that has a web service reference to an Axis2 Java Webservice.
The idea is to send some xml data to the webservice, so it can be parsed and inserted into database.
The WS method accepts a single parameter of type 'xsd:anytype'.
Java web service:
public class JWS{
public Response AddData(Object inputXML) {
return Response;
}
}
C# Client:
JWS client = new JWS();
object inputXML = "<xml>some xml data</xml>";
response = client.AddData(inputXML);
There are 2 issues i am seeing when monitored using fiddler.
1) The request has an additional element '<inputXML>' added before the actual xml data.
<inputXML><xml>some xml data</xml></inputXML>
2) The xml is encoded, so '<' is appearing as "<"
I am not sure if this is how SOAP request's are generated but i would like to remove the <inputXML> tag and also, have the xml appear as is without having to replace the special characters.
Is this possible? Is it got something to do with 'Wrapping'/'UnWrapping' Types?
Also, i have used SoapUI to test the java web service and it works well. However, in the request tab, i had to manually remove the <inputXML> tag and submit for it to work correctly. Please help.
TIA
This is expected behaviour under SOAP and the inputXml variable will be decoded back to the original string when passed to your web service method.
However this may indicate a problem with your design, have you considered constructing an object to send to your web service rather than xml data? (As this object will transparently be converted to xml for the web service call anyway).
I found out that the issue is not with encoding but it was interpreted incorrectly on java side when the message was viewed in axis2. So, it is getting decoded properly. Also, the inputxml is now being handled correctly.
I am working in an environment with many teams who are responsible for specific content on pages. Each team is sharing specific information (common class libraries, and master pages) that each are going deliver different types of content.
Is it possible for an MVC application to do something similar to RenderPartial and pass a model to another MVC application Controller/Action to return content?
So the code for this might look like:
(http://www.mydomain.com/Home/Index)
<% Html.RenderAction("ads.mydomain.com", "Home", "Index", AdModel) %>
Maybe this is not a good idea as another thread has to spin up to server a partial view?
No, RenderPartial/RenerAction can only load views that it can access via reflection, not via HTTP requests to external resources.
If the MVC app for 'ads.mydomain.com' is available to you at compile them then you can utilise its resources via Areas, however it won't pickup the changes if they release a new version to the 'ads.mydomain.com' website without you getting their latest assembly and re-compiling and deploying your app as well.
You can do similar stuff with AJAX where you can load a fragment from another site, however it wouldn't be done server side, and would require the client to have javascript enabled. Also the model would need to be converted to JSON and posted to the request, so its a bit of a hacky solution.
You could write an extension method (lets call it Html.RenderRemote) which does all the work for you of creating an http connection to the target and requests the URL. You'd have to serialize the model and send it as part of the request.
public static string RenderRemote(this HtmlHelper, string url, object model)
{
// send request to 'url' with serialized model as data
// get response stream and convert to string
// return it
}
You could use it as :
<%= Html.RenderRemote('http://ads.mydomain.com', Model');
You wouldn't be able to take advantage of the routes on the remote domain, so you'd have to construct the literal URL yourself, which means if they change your routing rules your URL won't work anymore.
In principal yes, though your question is a little vague.
Have a look at "portable areas" within MvcContrib on codeplex. This technique allows separate teams to develop separate MVC apps that would then be orchestrated by a central application.