Implement AfterReceiveRequest Method to Validate Inbound Messages on the Service

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If you need to perform validation on service of inbound messages implement the AfterReceiveRequest of the interface IDispatchMessageInspector of the message inspector. This will validate the message after client request has arrived and before service operation invocation and deserialization.

Inbound message validation will be required if you want to validate the message, when it is received by the client and it is validated before invoking the operations in the service. Input data validation represents one line of defense in the protection of your WCF application. Validate all parameters exposed in WCF service operations to protect the service from attack by a malicious client

Following example shows how to implement the AfterReceiveRequest Method:
object IDispatchMessageInspector.AfterReceiveRequest(ref System.ServiceModel.Channels.Message request, System.ServiceModel.IClientChannel channel, System.ServiceModel.InstanceContext instanceContext)
{
    try
    {
        validateMessage(ref request);
    }      
    catch (FaultException e)
    {
        throw new FaultException<string>(e.Message);
    }
    return null;
   
}

Additional Resources

Last edited Jun 12, 2008 at 10:17 PM by prashantbansode, version 1

Comments

No comments yet.