0

So i'm trying to use The Exception Handling Application Block from the Enterprise Library, but i just can't figure out how to do this.

This is my code from my WCF project:

namespace TextWebService
{
    [ServiceContract]
    public interface ITextWebService
    {
        [OperationContract]
        string ToLower(string inputString);

        [OperationContract]
        string ToUpper(string inputString);
    }
}

...

using Microsoft.Practices.EnterpriseLibrary.ExceptionHandling;

namespace TextWebService
{
    public class TextWebService : ITextWebService
    {
        public string ToLower(string inputString)
        {
            return inputString.ToLower();
        }

        public string ToUpper(string inputString)
        {
            return inputString.ToUpper();
        }
    }
}

The ASP.NEt that uses this service has a textbox and "Invoke Service Methods" button which transforms the input string like so:

input string

Everytime when I input large text, I get this error:

enter image description here

I just want a simple example how can I prevent that error from showing, or modify it and use the exception handling application bloc. I tried a lot of examples, but just can't seem to get it. P.S. it must be done from WCF

Gerald Hughes
  • 5,771
  • 20
  • 73
  • 131
  • Issue is not on your webservice code. Its the asp.net code behind. See this: http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client – loopedcode Jan 15 '15 at 15:32
  • @loopedcode Yes I know, but this is what i get in the webservice alone : a:DeserializationFailed The formatter threw an exception while trying to deserialize the message: Error in deserializing body of request message for operation 'ToUpper'. End element 'inputString' from namespace 'http://tempuri.org/' expected. Found element 'whatever' from namespace ''. Line 6, position 38. – Gerald Hughes Jan 15 '15 at 15:50

1 Answers1

0

If you are certain that the content that comes trough your project is always valid. You can try to add the following to your web.config:

<system.web>
    <httpRuntime requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>

Here's a litle bit of back info about why you are getting this error (from this post):

..Note that a "<" could also come from other outside sources, like a database field, a configuration, a file, a feed and so on.

Furthermore, "<" is not inherently dangerous, its only dangerous in a specific context: when writing unencoded strings to HTML output (because of XSS). In other contexts different substrings are dangerous, e.g. if you write an user-provided URL into a link, the substring "javascript:" may be dangerous. The single quote character on the other hand is dangerous when interpolating strings in SQL queries, but perfectly safe if it is a part of a name submitted from a form or read from a database field...

Community
  • 1
  • 1
Robin Gordijn
  • 683
  • 1
  • 4
  • 16
  • Thanks, but this is what I get in the web service alone: a:DeserializationFailed The formatter threw an exception while trying to deserialize the message: Error in deserializing body of request message for operation 'ToUpper'. End element 'inputString' from namespace 'http://tempuri.org/' expected. Found element 'whatever' from namespace ''. Line 6, position 38. – Gerald Hughes Jan 15 '15 at 15:51
  • @Stefan Hmm.. well WCF converts your String to XML and the '<' + '>' are giving problems. From the top of my head you will need to create a escape method where you should replace < with < and > with >. – Robin Gordijn Jan 15 '15 at 16:05
  • Gordjin i've edited my error, the point was not to solve <> problem, but to work with the exception handling application block. Thanks! – Gerald Hughes Jan 15 '15 at 16:11
  • Sorry, I was mis led by the image and I misinterpreted your problem – Robin Gordijn Jan 15 '15 at 16:20