XSD validation on incoming SOAP messages

Question

I was hoping this would be simple, but apparently every solution on the web isn't what I want. By this I mean having a validation method that web services call, or having a function attribute that validates the incoming SOAP message (and through that validate through schema... but I might have to go this way).

We have a bunch of web services that are public facing. Each service accepts an XML element.

We also have a huge handful of XSD schemas that we want to use to validate the incoming XML message which are also part of published WSDL files that vendors use to build their systems against.

I'm looking to hopefully include XSD validation into the actual web service method itself versus the published WSDL file.

Are there any web method attributes, or anything I can do to tell the web service to use a specific XSD (or 10+ XSD's) for validation before any code gets executed?

If there's a better way to do this, I'll listen.

Thanks.

Answer 1

I have done this with ASMX web services, using a SoapExtension class.

I recommend that you start with the example, make it work, then slowly change it until it performs the validation. At each step, make sure it still works. I found it to be a very picky class.

Answer 2

I don't think there's anything as simple as an attribute. I would start with this link on MSDN, that shows how it could be done in the WCF world; it is hard to say from your question if this solution would fall in your "isn't what I want" set; I would assume though that being featured as such on MSDN, it must also be a good example for why use message inspectors.

As for a better way, it depends on your specific constraints. For medium/high volume scenarios, I would recommend going with a Datapower or Forum Sentry XML Gateway; these appliances would also perfectly fit your public facing scenario from a security perspective; SSL termination and validation is done in "hardware" at a fraction of the cost of a traditional software approach.