3

I have a webservice with a XmlNode parameter (also I tried with XElement) and a XmlNode return type.

The problem is, I pass a parameter without a namespace like this:

<client>
    <name>Test</name>
</client>

and the server receive something like this:

<client xmlns="">
    <name>Test</name>
</client>

and the return object does the same.

Normally it wouldn't be a problem, but I use a custom checksum to validate the request. Something like pass the MD5 of the xml parameter to another parameter. And when the server declare the namespace, it breaks the MD5.

Now I'm removing the declaration with a replace to make the md5 works. Someone have a better idea? (without workarounds)

John Saunders
  • 160,644
  • 26
  • 247
  • 397
dcidral
  • 227
  • 3
  • 16
  • why don't you provide your own namespace? – Random Dev Sep 12 '11 at 21:07
  • @Carsten König: because in my application, the namespace is useless (for the parameter, the webservice have a namespace properly) and changing it now would make the clients (wich are not mine) "crash" – dcidral Sep 13 '11 at 19:08
  • You should use an encryption mechanism which understands XML. For instance, the [SignedXml class](http://msdn.microsoft.com/en-us/library/system.security.cryptography.xml.signedxml.aspx). – John Saunders Oct 12 '11 at 03:58
  • @JohnSaunders this could work, but I don't know if the clients (which are not in .net) can provide the same encryption. – dcidral Oct 24 '11 at 17:25
  • `SignedXml` implements standard digital signatures. – John Saunders Oct 24 '11 at 19:07

2 Answers2

1

I am not sure why you'd validate XML using MD5. A better idea would be to validate your XML using an XSD.

There are a number of existing questions about how to validate XML against an XSD in C#

Community
  • 1
  • 1
Kirk Broadhurst
  • 27,836
  • 16
  • 104
  • 169
  • I agree. If you are using WCf, then it does the validation for you. Why was MD5 selected for this type of valiation? – Omnia9 Oct 12 '11 at 11:42
  • I do not use the MD5 for validade the XML integrity or the parameters. What I do is to ensure the client knows the procedure to call the webserver. If the client don't know what key to use or how to aply the MD5 on the message, then the client is not autorized to use the webserver. This method is more to validate the client rather the message itself. – dcidral Oct 19 '11 at 16:01
0

Are you using WCF services? Or could you migrate to them?

Could you not apply this tag to your DataContracts? 

[DataContract(Namespace = "")]

That way the data will not have any namespaces at all.

Is something like this post possible?

Can I make XmlSerializer ignore the namespace on deserialization?

Community
  • 1
  • 1
Omnia9
  • 1,563
  • 4
  • 14
  • 39
  • Are you sure that won't generate the exact same XML? `xmlns=""` indicates that the default namespace is the empty namespace. – John Saunders Oct 12 '11 at 03:59
  • The DataContract option is only good for WCF services. I would take Kirk Broadhurst answer. I would validate your xml with an xsd. I know that in Xelement you can ignore any namespaces if you wish. that was it does not mater if it is xmls="". – Omnia9 Oct 12 '11 at 12:03