Background:
We're building an application that allows our customers to supply data in a predefined (ie. we don't control) XML format. The XSD is supplied to us by a Third Party, and we are expecting to receive an XML file that passes schema validation prior to us processing it.
The Problem:
The XSD that we are supplied with includes a default and target namespace, which means that if a customer supplies an XML file that doesn't include the namespace, then the validation will pass. We obviously don't want them to be supplying things that say they pass but shouldn't, but the bigger concern is around the mass of additional checks that we will need to do on each element if I can't find a solution to doing the XML validation.
The Questions:
Is it possible to force .NET to perform validation and ignore the namespace on the supplied XML and XSD. i.e. in some way "assume" that the namespace was attached.
Solutions that I have so far:
Example Xml:
<?xml version="1.0"?>
<xsd:schema version='3.09' elementFormDefault='qualified' attributeFormDefault='unqualified' id='blah' targetNamespace='urn:schemas-blah.com:blahExample' xmlns='urn:blah:blahExample' xmlns:xsd='http://www.w3.org/2001/XMLSchema'>
...
</xsd:schema>
with namespace that is different
<?xml version="1.0" encoding="UTF-8" ?>
<root xmlns="urn:myCompany.com:blahExample1" attr1="2001-03-03" attr2="google" >
...
</root>
without namespace at all.
<?xml version="1.0" encoding="UTF-8" ?>
<root attr1="2001-03-03" attr2="google" >
...
</root>
Trying to solve the same problem. I came up with what I think is a fairly clean solution. For clarity, I have ommited some validation on the input parameters.
First, the scenario: There is a webservice that recieves a file, that is supposed to be "well-formed" xml and valid against a XSD. Of course, we don't trust the "well fomrmness" nor that it is valid against the XSD that "we know" is the correct.
The code for such webservice method is presented below, I think it's self-explanatory.
The main point of interest is the order in wich the validations are happening, you don't check for the namespace before loading, you check after, but cleanly.
I decided I could live with some exception handling, as it's expected that most files will be "good" and because that's the framework way of dealing (so I won't fight it).
private DataTable xmlErrors;
[WebMethod]
public string Upload(byte[] f, string fileName) {
string ret = "This will have the response";
// this is the namespace that we want to use
string xmlNs = "http://mydomain.com/ns/upload.xsd";
// you could put a public url of xsd instead of a local file
string xsdFileName = Server.MapPath("~") + "//" +"shiporder.xsd";
// a simple table to store the eventual errors
// (more advanced ways possibly exist)
xmlErrors = new DataTable("XmlErrors");
xmlErrors.Columns.Add("Type");
xmlErrors.Columns.Add("Message");
try {
XmlDocument doc = new XmlDocument(); // create a document
// bind the document, namespace and xsd
doc.Schemas.Add(xmlNs, xsdFileName);
// if we wanted to validate if the XSD has itself XML errors
// doc.Schemas.ValidationEventHandler +=
// new ValidationEventHandler(Schemas_ValidationEventHandler);
// Declare the handler that will run on each error found
ValidationEventHandler xmlValidator =
new ValidationEventHandler(Xml_ValidationEventHandler);
// load the document
// will trhow XML.Exception if document is not "well formed"
doc.Load(new MemoryStream(f));
// Check if the required namespace is present
if (doc.DocumentElement.NamespaceURI == xmlNs) {
// Validate against xsd
// will call Xml_ValidationEventHandler on each error found
doc.Validate(xmlValidator);
if (xmlErrors.Rows.Count == 0) {
ret = "OK";
} else {
// return the complete error list, this is just to proove it works
ret = "File has " + xmlErrors.Rows.Count + " xml errors ";
ret += "when validated against our XSD.";
}
} else {
ret = "The xml document has incorrect or no namespace.";
}
} catch (XmlException ex) {
ret = "XML Exception: probably xml not well formed... ";
ret += "Message = " + ex.Message.ToString();
} catch (Exception ex) {
ret = "Exception: probably not XML related... "
ret += "Message = " + ex.Message.ToString();
}
return ret;
}
private void Xml_ValidationEventHandler(object sender, ValidationEventArgs e) {
xmlErrors.Rows.Add(new object[] { e.Severity, e.Message });
}
Now, the xsd would have somthing like:
<?xml version="1.0" encoding="utf-8"?>
<xs:schema id="shiporder"
targetNamespace="http://mydomain.com/ns/upload.xsd"
elementFormDefault="qualified"
xmlns="http://mydomain.com/ns/upload.xsd"
xmlns:mstns="http://mydomain.com/ns/upload.xsd"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
>
<xs:simpleType name="stringtype">
<xs:restriction base="xs:string"/>
</xs:simpleType>
...
</xs:schema>
And the "good" XML would be something like:
<?xml version="1.0" encoding="utf-8" ?>
<shiporder orderid="889923" xmlns="http://mydomain.com/ns/upload.xsd">
<orderperson>John Smith</orderperson>
<shipto>
<names>Ola Nordmann</names>
<address>Langgt 23</address>
I tested, "bad format XML", "invalid input according to XSD", "incorrect namespace".
references:
Trying avoid exception handling checking for wellformness
Validating against XSD, catch the errors
Interesting post about inline schema validation
Hi Martin, the comment sction is too short for my answer, so I'll give it here, it may or not be be a complete answer, let's improve it together :)
I made the following tests:
The strategy followed (wich I prefer) was, if the document doesn't comply, then don't accept, but give some information on the reason (eg. "wrong namespace").
This strategy seems contrary to what you previously said:
however, if a customer misses out the namespace declaration in their submitted XML then I would like to say that we can still validate it. I don't want to just say "You messed up, now fix it!"
In this case, it seems you can just ignore the defined namespace in the XML. To do that you would skip the validation of correct namespace:
...
// Don't Check if the required namespace is present
//if (doc.DocumentElement.NamespaceURI == xmlNs) {
// Validate against xsd
// will call Xml_ValidationEventHandler on each error found
doc.Validate(xmlValidator);
if (xmlErrors.Rows.Count == 0) {
ret = "OK - is valid against our XSD";
} else {
// return the complete error list, this is just to proove it works
ret = "File has " + xmlErrors.Rows.Count + " xml errors ";
ret += "when validated against our XSD.";
}
//} else {
// ret = "The xml document has incorrect or no namespace.";
//}
...
Other ideas...
In a parallel line of thought, to replace the supplied namespace by your own, maybe you could set doc.DocumentElement.NamespaceURI = "mySpecialNamespace"
thus replacing the namepsace of the root element.
Reference: