If You Need To Validate Parameters, Use Parameter Inspectors

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

If you need to validate parameters passed to operations, use parameter inspectors. Parameter inspectors are extensibility points that are plugged to the WCF behaviors that allow inspecting parameter values during message exchange. Parameter validation can happen on client and service.

You should validate all parameters exposed in WCF service operations to protect the service from attack by a malicious client. Conversely, you should also validate all return values received by the client to protect the client from attack by a malicious service.

You can use parameter inspector to inspect simple types or types with fewer fields, passed to operations that will not result in complex validation logic. If you need to validate complex types, or data / message contracts with several fields to be validated, use schema validation with message inspectors.

Additional Resources

Last edited Jun 12, 2008 at 10:15 PM by prashantbansode, version 1

Comments

No comments yet.