开发者

Where do you sanitize JSON input in your ASP.net application?

开发者 https://www.devze.com 2023-01-08 19:01 出处:网络
I have an ASP.net application with a WCF service like this: [OperationContract] [WebGet] public string DoDeleteRow(GridParameter request)

I have an ASP.net application with a WCF service like this:

[OperationContract]
[WebGet]
public string DoDeleteRow(GridParameter request)
{ ... do stuff.. }

How would you validate the variable "request"? Do you simply rely on the Microsoft JSON parser and let that reconstruct the object for you, or do you just accept a string input and perform validation prior to processing? something similar to below

[OperationContract]
[WebGet]
public string DoDeleteRow(string request)
{
   if (CurrentUserIsValid)
   {
     //ASP.net membership
   } 
   if (CanParseObject(request))
   {
      //conv开发者_高级运维ert to .NET type
    }
}

Where do you place the rest of your input sanitization logic?


Just let the built-in parser do it. I can't imagine what CanParseObject would do that didn't simply involve parsing the object and checking for errors...

On the other hand, WCF has a very extensive customization facility, which you can use to validate, parse, inspect, or whatever you like, messages before they're translated into the method calls. So you could build something with that if you wanted.

0

精彩评论

暂无评论...
验证码 换一张
取 消