Validation, Part 1

  • Article

Applies to: Windows Communication Foundation

Published: June 2011

Author: Alex Culp

Referenced Image

This topic contains the following sections.

  • Enforcing Validation Rules Through Code
  • Schema Enforcement

While validation is not strictly considered to be exception management, validating the data that your service will use, before you execute any code, greatly reduces serious errors. Consider a fictitious operation named SaveUser that contains someone's first and last names. Also assume that your database does not allow NULLs for those values. If a consumer of your service passed in a NULL for the first name, you would get a SQL error when you tried to insert the record into the database. Similarly, a hacker could flood your service with bad requests, and easily bring down your servers. In other words, proper data validation is critical. To perform validation, you can use either a schema (contract-first) approach or a validation framework.

Enforcing Validation Rules Through Code

It is certainly possible to use code to enforce validation rules. You could, of course, create a whole series of if statements to validate each and every field that is passed into the service operation. The result, of course, would be complicated and impossible to maintain. The following code gives a small example of what this sort of validation logic would look like.

Visual C# Example of Hand-Coded Validation Logic

public virtual void MyOperation(MyRequest request)
{
    //bunch of if statements
    var failedBodyElements = new List<FailedBodyElement>();
    if (string.IsNullOrEmpty(request.FirstName))
    {
        failedBodyElements.Add(new FailedBodyElement("FirstName", "First name cannot be null or empty."));
    }
    else if (request.FirstName.Length > 50)
    {
        failedBodyElements.Add(new FailedBodyElement("FirstName", "First name cannot be longer than 50 characters."));
    }
    if (string.IsNullOrEmpty(request.LastName))
    {
        failedBodyElements.Add(new FailedBodyElement("LastName", "Last name cannot be null or empty."));
    }
    else if (request.LastName.Length > 50)
    {
        failedBodyElements.Add(new FailedBodyElement("LastName", "Last name cannot be longer than 50 characters."));
    }
    if (request.Age < 18 || request.Age > 112)
    {
        failedBodyElements.Add(new FailedBodyElement("Age", "Age must be at least 18 and less than 112"));
    }
    if (failedBodyElements.Count > 0)
    {
        throw new FaultException<SenderFaultDetail>(new SenderFaultDetail(failedBodyElements, Guid.NewGuid()));
    }
 
    //do some work
}

Visual Basic Example of Hand-Coded Validation Logic

Public Overridable Sub MyOperation(request As MyRequest)
     'bunch of if statements
     Dim failedBodyElements = New List(Of FailedBodyElement)()
     If String.IsNullOrEmpty(request.FirstName) Then
          failedBodyElements.Add(New FailedBodyElement("FirstName", "First name cannot be null or empty."))
     ElseIf request.FirstName.Length > 50 Then
          failedBodyElements.Add(New FailedBodyElement("FirstName", "First name cannot be longer than 50 characters."))
     End If
     If String.IsNullOrEmpty(request.LastName) Then
          failedBodyElements.Add(New FailedBodyElement("LastName", "Last name cannot be null or empty."))
     ElseIf request.LastName.Length > 50 Then
          failedBodyElements.Add(New FailedBodyElement("LastName", "Last name cannot be longer than 50 characters."))
     End If
     If request.Age < 18 OrElse request.Age > 112 Then
          failedBodyElements.Add(New FailedBodyElement("Age", "Age must be at least 18 and less than 112"))
     End If
     If failedBodyElements.Count > 0 Then
          Throw New FaultException(Of SenderFaultDetail)(New SenderFaultDetail(failedBodyElements, Guid.NewGuid()))
     End If

     'do some work
End Sub

Schema Enforcement

To enforce validation at the schema level, requires contract-first development. To make this easier, consider using the WSCF.blue toolset, at http://wscfblue.codeplex.com/. By first defining the schemas that your service will require, you can take advantage of some of the features offered by the schema definition language (XSD). If you applied XSD to the previous example, you could enforce that the first and last names have a minimum length of 1. Contract-first development is somewhat more challenging than using data contracts and service contracts to develop services. It is also harder to apply it to existing services.

Previous article: Handling Database Errors

Continue on to the next article: Validation, Part 2