0

I have been trying to create a webservice that needs to allow the client to send thru 3 parameters being Username, Password and XML_In all 3 of type string. This then sends the variables to a Stored procedure which processes the data and returns an XML string which is then returned to the client.

The Stored procedure works 100% but I'm getting an error with the XML being sent thru as a string. From reading up most gave the suggestion of adding <httpRuntime requestValidationMode="2.0"/> and <pages validateRequest="false"> to my web.config which works but that would then apply to my entire site which I dont want at all.

The other suggestion was to place it in the @Page part but that does not apply to a web service as it has no user defined layout. Please see my code below and help. I'm still quite a newbie to .Net thus the reason I'm doing 90% of it in SQL.

The error That gets returned is :

System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (XML_In=&quot;&lt;senddata&gt;&lt;settings ...&quot;).
   at System.Web.HttpRequest.ValidateString(String value, String collectionKey, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.ValidateHttpValueCollection(HttpValueCollection collection, RequestValidationSource requestCollection)
   at System.Web.HttpRequest.get_Form()
   at System.Web.Services.Protocols.HtmlFormParameterReader.Read(HttpRequest request)
   at System.Web.Services.Protocols.HttpServerProtocol.ReadParameters()
   at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()

here's the code: 

Imports System.Web.Services
Imports System.Web.Services.Protocols
Imports System.ComponentModel
Imports System.Xml
Imports JumpStart.Framework.Database

' To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
' <System.Web.Script.Services.ScriptService()> _
<System.Web.Services.WebService(Namespace:="http://mydomainname.co.za/")> _
<System.Web.Services.WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
<ToolboxItem(False)> _
Public Class LeadProcessor
    Inherits System.Web.Services.WebService

    <WebMethod()> _
    Public Function Lead_Processing(ByVal UserName As String, ByVal PassWord As String, ByVal XML_In As String) As XmlDocument
        Dim poDSL As New DSL
        Dim Result As String
        Dim XML_Out = New XmlDocument()

        Result = poDSL.ExecuteProcedure_ExecuteScalar("DECLARE @Result XML " & _
                                             "EXEC [dbo].[APP_InsertLeadFromXML] " & _
                                            "@Username = N'" & UserName & "', " & _
                                            "@Password = N'" & PassWord & "', " & _
                                            "@ParmListXML = '" & XML_In.ToString & "', " & _
                                            "@XMLResult = @Result OUTPUT " & _
                                            "SELECT @Result")

        XML_Out.LoadXml(Result)

        Return XML_Out
    End Function
CodeCaster
  • 147,647
  • 23
  • 218
  • 272
SimonnD
  • 11
  • 2
  • Don't create new web services in ASMX. Use WCF or WebAPI. See also [A potentially dangerous Request.Form value was detected from the client](http://stackoverflow.com/questions/81991/a-potentially-dangerous-request-form-value-was-detected-from-the-client), [A potentially dangerous Request.Form value was detected from the client (textboxError=“ – CodeCaster Apr 09 '15 at 07:34

1 Answers1

0

I agree with CodeCaster comment (new projects - WCF or WebApi).

But if you can't change it now, consider use a XMLDocument as parameter, or an XElemento, or directly, do a Base64 transform of the text, in order to avoid that errors.

Code for your service' client:

your_proxy.Lead_Processing(sUserName, sPassWord, Convert.ToBase64String(Encoding.UTF8.GetBytes(sXML))

Then, in your service, do this

 <WebMethod()> _
    Public Function Lead_Processing(ByVal UserName As String, ByVal PassWord As String, ByVal XML_In As String) As XmlDocument

    Dim oData As Byte() = Convert.FromBase64String(XML_In)
    Dim sDecodedXML As String = System.Text.Encoding.UTF8.GetString(oData)

    Dim poDSL As New DSL
    Dim Result As String
    Dim XML_Out = New XmlDocument()

    Result = poDSL.ExecuteProcedure_ExecuteScalar("DECLARE @Result XML " & _
                                         "EXEC [dbo].[APP_InsertLeadFromXML] " & _
                                        "@Username = N'" & UserName & "', " & _
                                        "@Password = N'" & PassWord & "', " & _
                                        "@ParmListXML = '" & sDecodedXML  & "', " & _
                                        "@XMLResult = @Result OUTPUT " & _
                                        "SELECT @Result")

    XML_Out.LoadXml(Result)

    Return XML_Out
End Function

Hope it helps

Edit: Your service with base64. We're telling that Asmx it's almost a legacy tech. New projects may use WCF tech (I can't teach you WCF in a few lines). You can put that code into your asmx service. You can use that code in the way I edited my answer.

Morcilla de Arroz
  • 2,104
  • 22
  • 29
  • So I open a new WCF file and have no idea how this works. Is it also a type of webservice and how would I apply my code into it – SimonnD Apr 09 '15 at 08:53
  • Answered edited. You can use now your asmx with this code, and consider WCF for next tasks... – Morcilla de Arroz Apr 09 '15 at 09:13
  • Excellent thanks for the update but how would I test my webservice as normally I just run the debug and populate the text boxes it generates? – SimonnD Apr 09 '15 at 09:38
  • It's the same, but with base64 text. Use this web to prepare your test xml text: https://www.base64encode.org/ - https://www.base64decode.org/ – Morcilla de Arroz Apr 09 '15 at 09:44
  • I managed to get the web service working using the online tool for passing thru the xml string. Thank you so much. I also managed to get the code into WCF which seems to handle the code without any need for conversion but I'm just having a bit of trouble trying to display the XML Document on my windows Form. – SimonnD Apr 09 '15 at 13:04
  • private void BT_Process_Click(object sender, EventArgs e) { LeadProcessorClient LP = new LeadProcessorClient(); string UName = TB_UName.Text; string PWord = TB_Pass.Text; string XMLIn = TB_XMLin.Text; string result = LP.Lead_Processing(UName, PWord, XMLIn); WB_XMLOut.Url = new Uri(result); } – SimonnD Apr 09 '15 at 13:04
  • string result = LP.Lead_Processing(UName, PWord,Convert.ToBase64String(Encoding.UTF8.GetBytes(XMLIn)); – Morcilla de Arroz Apr 09 '15 at 14:04