Validation, Part 1
Applies to: Windows Communication Foundation
Published: June 2011
Author: Alex Culp
This topic contains the following sections.
- Enforcing Validation Rules Through Code
- Schema Enforcement
While validation is not strictly considered to be exception management, validating the data that your service will use, before you execute any code, greatly reduces serious errors. Consider a fictitious operation named SaveUser that contains someone's first and last names. Also assume that your database does not allow NULLs for those values. If a consumer of your service passed in a NULL for the first name, you would get a SQL error when you tried to insert the record into the database. Similarly, a hacker could flood your service with bad requests, and easily bring down your servers. In other words, proper data validation is critical. To perform validation, you can use either a schema (contract-first) approach or a validation framework.
Enforcing Validation Rules Through Code
It is certainly possible to use code to enforce validation rules. You could, of course, create a whole series of if statements to validate each and every field that is passed into the service operation. The result, of course, would be complicated and impossible to maintain. The following code gives a small example of what this sort of validation logic would look like.
Visual C# Example of Hand-Coded Validation Logic
public virtual void MyOperation(MyRequest request)
{
//bunch of if statements
var failedBodyElements = new List<FailedBodyElement>();
if (string.IsNullOrEmpty(request.FirstName))
{
failedBodyElements.Add(new FailedBodyElement("FirstName", "First name cannot be null or empty."));
}
else if (request.FirstName.Length > 50)
{
failedBodyElements.Add(new FailedBodyElement("FirstName", "First name cannot be longer than 50 characters."));
}
if (string.IsNullOrEmpty(request.LastName))
{
failedBodyElements.Add(new FailedBodyElement("LastName", "Last name cannot be null or empty."));
}
else if (request.LastName.Length > 50)
{
failedBodyElements.Add(new FailedBodyElement("LastName", "Last name cannot be longer than 50 characters."));
}
if (request.Age < 18 || request.Age > 112)
{
failedBodyElements.Add(new FailedBodyElement("Age", "Age must be at least 18 and less than 112"));
}
if (failedBodyElements.Count > 0)
{
throw new FaultException<SenderFaultDetail>(new SenderFaultDetail(failedBodyElements, Guid.NewGuid()));
}
//do some work
}
Visual Basic Example of Hand-Coded Validation Logic
Public Overridable Sub MyOperation(request As MyRequest)
'bunch of if statements
Dim failedBodyElements = New List(Of FailedBodyElement)()
If String.IsNullOrEmpty(request.FirstName) Then
failedBodyElements.Add(New FailedBodyElement("FirstName", "First name cannot be null or empty."))
ElseIf request.FirstName.Length > 50 Then
failedBodyElements.Add(New FailedBodyElement("FirstName", "First name cannot be longer than 50 characters."))
End If
If String.IsNullOrEmpty(request.LastName) Then
failedBodyElements.Add(New FailedBodyElement("LastName", "Last name cannot be null or empty."))
ElseIf request.LastName.Length > 50 Then
failedBodyElements.Add(New FailedBodyElement("LastName", "Last name cannot be longer than 50 characters."))
End If
If request.Age < 18 OrElse request.Age > 112 Then
failedBodyElements.Add(New FailedBodyElement("Age", "Age must be at least 18 and less than 112"))
End If
If failedBodyElements.Count > 0 Then
Throw New FaultException(Of SenderFaultDetail)(New SenderFaultDetail(failedBodyElements, Guid.NewGuid()))
End If
'do some work
End Sub
Schema Enforcement
To enforce validation at the schema level, requires contract-first development. To make this easier, consider using the WSCF.blue toolset, at http://wscfblue.codeplex.com/. By first defining the schemas that your service will require, you can take advantage of some of the features offered by the schema definition language (XSD). If you applied XSD to the previous example, you could enforce that the first and last names have a minimum length of 1. Contract-first development is somewhat more challenging than using data contracts and service contracts to develop services. It is also harder to apply it to existing services.
Previous article: Handling Database Errors
Continue on to the next article: Validation, Part 2