I'd like my WCF service to return an xml file that has been signed.
I found documentation that shows how to sign an XmlDocument on msdn, but since a WCF function can't return an XmlDocument I'm not sure if the following would work (similar to thisquestion)
public XmlElement GetXml() {
var doc = new XmlDocument();
// add data to doc
// sign doc
return doc.DocumentElement;
}
Would it still be possible to verify the signature of doc.DocumentElement if I added it to another XmlDocument after a client requested it? Is there a better way to do this?
Thanks!
XmlDocument is not decorated with DataContractAttribute and I cannot see why the object needs to be sent over the wire while the serialized form (text form) is all that is required.
I would design it as:
[OperationContract]
string GetFooXml();
And send the string. That is what WCF/XML is for, sending data as text whenever possible so that more kinds of clients can consume it.
Related
Cheers,
I have a soap webservice written in c#, that takes in an XMLDocument as parameter...
[WebMethod]
[SoapDocumentMethod(ResponseNamespace = "http://ns.ctb.nl/flex/2012-1")]
public string stuurReflexBericht(XmlDocument m) //XElement m
{
//do something
}
and Im using Boomerang, an extension for Google Chrome to test the service.
Boomerang creates this Request Body:
<x:Envelope xmlns:x="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://ctb.nl/webservices">
<x:Header/>
<x:Body>
<web:stuurReflexBericht>
<web:m>
My XML Body
</web:m>
</web:stuurReflexBericht>
</x:Body>
</x:Envelope>
and this works, the service receives the xml message. However, the consumer of the service wants to send the message as:
<x:Envelope xmlns:x="http://schemas.xmlsoap.org/soap/envelope/" xmlns:web="http://ctb.nl/webservices">
<x:Header/>
<x:Body>
My XML Body
</x:Body>
</x:Envelope>
and when they do that, the XMLDocument is null.
The consumer does not want to change their code, so its up to me to make the adjustments.
I tried changing the parameter datatype from XMLDocument to string in the hopes that it would work, but it does not.
Any ideas on how to solve this?
TIA
I have an application that will be posting an XML object to me.
Is it possible to create a Restful service (I'm assuming using Win API) to post the data to, or should I be using WCF services?
You can do this with WebAPI by just reading the content stream from the request:
public XmlDocument ReadRawXml(HttpRequestMessage request)
{
var xmlDoc = new XmlDocument();
xmlDoc.Load(request.Content.ReadAsStreamAsync().Result);
return xmlDoc;
}
You can call that in your WebAPI code.
The question is can I validate c# object against xsd without serializing this object to the xml? If yes, please give me some quick sample.
Just to give You some introduction. I got reference to the external WCF service and I got some xsd file. I got some proxy objects requests/response for this service. In the service consumer side (just class library) I would like to validate response (c# object) against provided xsd. Can I do that without serializing response to the xml?
public Response Consume(Request message)
{
try
{
ServiceClient serviceClient = new ServiceClient();
var response = serviceClient.Execute(message);
// Here I would like to validate response without serializing against xsd
return response;
}
catch (FaultException<ValidationFault> validationException)
{
throw validationException;
}
}
I want to get an XML response from Client by using Web service.For this i am going to create a web service that can take XML , so that they can use the web service to send the XML to me.
Remember in this i have to create both ends.
Somebody please advise on this...
public XmlDocument GetXmlDocument(string pXML)
{
// Create an XmlDocument object.
XmlDocument xmlDocumentObject = new XmlDocument();
xmlDocumentObject.LoadXml(pXML);
// Return the created XmlDocument object.
return (xmlDocumentObject);
}
The above code will take take any XML as string . How could my client will use this method on there end and send the response to me.
Preface: I've been trying to do XML signature verification on an HTTP response, and I need help! All code is .NET 4.0 using C#.
So here's what I'm trying to accomplish:
Create a signed XML document on the server
Send the signed XML as body of an HTTP response
Client receives the response and verifies that the signature is valid.
Server-side, I create the XML and load it into an XmlDocument. I then sign this XmlDocument object (using this example code from MSDN) and build a string from this signed XML. This string is what I send as the HTTP response body.
When my client application receives the response, it pulls the body of the response out and passes it to my signature verification function. This function builds an XmlDocument from the string, creates a SignedXml object from the XmlDocument, and retrieves the Signature to verify. Almost all this code is taken from MSDN as well (here).
Seems straightforward, right? Well my verification fails every time. I know that it's not a problem with the signing/verifying code. I've tested it in a separate app where the XML it loads is from a file, and it works perfectly. I'm even using the exact same XML to test my client/server code.
Thus, I believe the problem lies in the step where XmlDocument is converted to a string or the string is converted back to XmlDocument.
XmlDocument -> string -> XmlDocument
I've done the following things to try to make it easier to the signature to verify:
Remove all tabs, newlines, carriage returns from the XML before I create the XmlDocument.
Ensured that the encoding of the document is explicitly set at UTF-8 (i know from previous threads that this can cause an issue if not set).
Tried generating the strings in two different ways (from OuterXML of the XmlDocument & also by using XmlWriter and StringWriter).
Visually verified that the XML sent from the server is the exact same as that loaded by the client.
If you have any idea on how to remedy this problem, please help! I can post code if desired, but the only code that might be worth seeing is how I generate the string from the XmlDocument.
An old question but I figured I would would answer it for anyone else who might have encountered a similar issue. The problem was in the encoding of the string as it was sent back via the HTTP response. However, I remedied this by writing the XmlDocument directly to the response stream instead of converting it to a string first. Like such:
public void ProcessRequest(HttpContext context)
{
// a bunch of request handling logic
//...
HttpResponse response = context.Response;
XmlDocument signedXML = getTheSignedXMLData(); //the XML
signedXML.PreserveWhitespace = true;
signedXML.Save(response.Output);
}
This solved by encoding issues and the signature verifies correctly.