Context:
I’ve got a web service that deals with request / response objects. There are strict, externally-defined schemas constraining both the structure and the content of both requests and responses. I need to validate all requests as they are received and all responses before they are sent back (on the web service end of the wire).
I don’t want to replicate the validation rules in code, so I’ll be validating serialized request / response objects (XML), probably using XmlReader as a starting point (for speed). It’ll be 1-way object –> XML validation method that screams if validation fails, otherwise the original object will be used for the actual work.
I’m using WCF, but with XMLSerializer as the schemas are complex and I need the additional XSD support.
Question:
1) Is there a way to avoid re-serializing the objects as they hit my end of the wire? Ideally I’d like to get at the XML before it’s de-serialized on the way in, and after it’s serialized, just before it goes, on the way out.
I’m aware of [OnSerializing] and [OnSerialized] annotations, but they won’t work with XMLSerializer. I don’t think I should be writing ReadXml() and WriteXml() using IXmlSerializable either – the schemas are complex and subject to change.
2) Given the XML documents are quite small (122kb seems to be the top end in the sample data set I have) am I right in asserting that the performance hit of re-serializing will be negligible?
3) Any better ideas?
To answer my own question: yes re-serializing would have been redundant.
The answer I was looking for was to use Message Inspectors – job done.
1
Have you thought about using the XSD code-gen tools? They can deserialize/serialize and validate via schema orders of magnitude faster than other techniques in C#. You can use partial classes or wrapper classes to add additional fields or object hierarchy for your domain business logic.
xsd.exe schema.xsd /classes
Some code I lifted from here: http://snipplr.com/view/2660/serializing-and-deserializing-a-class-created-with-xsdexe-using-xml-strings/
public static string SerializeToXmlString(object targetInstance)
{
string retVal = string.Empty;
TextWriter writer = new StringWriter();
XmlSerializer serializer = new XmlSerializer(targetInstance.GetType());
serializer.Serialize(writer, targetInstance);
retVal = writer.ToString();
return retVal;
}
public static object DeserializeFromXmlString(string objectXml, Type targetType)
{
object retVal = null;
XmlSerializer serializer = new XmlSerializer(targetType);
StringReader stringReader = new StringReader(objectXml);
XmlTextReader xmlReader = new XmlTextReader(StringReader);
retVal = serializer.Deserialize(xmlReader);
return retVal;
}
If you can’t use XSD.exe (as you imply in your comments) then how about writing a few helper class functions that use XmlDocument.Validate right as you receive or send the messages? http://msdn.microsoft.com/en-us/library/ms162371.aspx You wouldn’t really be duplicating validation code if it’s a shared component.
From their nice example:
XmlReaderSettings settings = new XmlReaderSettings();
settings.Schemas.Add("http://www.contoso.com/books", "contosoBooks.xsd");
settings.ValidationType = ValidationType.Schema;
XmlReader reader = XmlReader.Create("contosoBooks.xml", settings);
XmlDocument document = new XmlDocument();
document.Load(reader);
ValidationEventHandler eventHandler = new ValidationEventHandler(ValidationEventHandler);
// the following call to Validate succeeds.
document.Validate(eventHandler);
3