none
Reject WCF service call, if its request's httpverb = “xxx” RRS feed

  • Question

  • Hi,

    I am using Method ="*" in the WebInvoke in a method, to accept all kind of Http Verbs in the request.

    I am planning to write a WCF interceptor method which will accept only if request contains one of the Http Verbs like (get,post,delete,put).

    If any other calls comes outside of this Http verbs, should throw some exception.

    Which kind of interceptor will be best suited for this purpose?

    I thought like, I can get the incoming request's httpverb by Weboperationcontext.Current.Incomingrequest.Method and planned to use IparameterInspector to do this requirement but I suspect that I am doing it wrong and better way will exist.

    Could someone shed some light on this one.

    Thanks in advance.


    NANDAKUMAR.T

    Monday, June 19, 2017 2:01 PM

Answers

  • Hi NANDAKUMAR,

    Sorry for misunderstanding your requirement.

    For single operation, I think your plan is OK.

    For another thought, why do you not validate “Weboperationcontext.Current.Incomingrequest.Method” in the method?

    A simple code like.

    [OperationContract]
    [WebInvoke(Method="*")]
    public string DoWork()
    {
         var method = WebOperationContext.Current.IncomingRequest.Method;
         if (method == "POST"||method == "PUT")
         {
    	 return "Method is supported";
         }     
         throw new ArgumentException("Method is not supported.");
    }

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by NANDAKUMAR T Wednesday, June 21, 2017 7:08 AM
    Wednesday, June 21, 2017 2:36 AM

All replies

  • Hi NANDKUMAR,

    Did you host WCF Service in IIS or Self-host? If you host in IIS, I think you could try CORS feature to achieve your requirement.

    You could right click your project->Add Global Application class->check the “HttpContext.Current.Request.HttpMethod” in Application_BeginRequest.

    Here is a demo code.

    protected void Application_BeginRequest(object sender, EventArgs e)
            {
                if (HttpContext.Current.Request.HttpMethod == "xx")
                {
    	        //do what you want here
                    HttpContext.Current.Response.End();
    
                }
            }

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, June 20, 2017 2:25 AM
  • Hi Edward,

    Thanks for the reply.

    But all incoming requests will flow though this method right? May be will it cause any little overhead?

    I thought something like annotation for that method alone, so only that method gets affected. 

    May I know any thought on this one.

    Thx.


    NANDAKUMAR.T

    Tuesday, June 20, 2017 7:19 AM
  • Hi NANDAKUMAR,

    Sorry for misunderstanding your requirement.

    For single operation, I think your plan is OK.

    For another thought, why do you not validate “Weboperationcontext.Current.Incomingrequest.Method” in the method?

    A simple code like.

    [OperationContract]
    [WebInvoke(Method="*")]
    public string DoWork()
    {
         var method = WebOperationContext.Current.IncomingRequest.Method;
         if (method == "POST"||method == "PUT")
         {
    	 return "Method is supported";
         }     
         throw new ArgumentException("Method is not supported.");
    }

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by NANDAKUMAR T Wednesday, June 21, 2017 7:08 AM
    Wednesday, June 21, 2017 2:36 AM
  • Ah yes.

    First I did like that only. But later, if I want to reuse the same code set in the another method then I have to do the same thing in another too. So thought of reusing it.

    In mean time, using the "IparameterInspector" and throw the exception inside the "BeforeSendRequest" method is a right approach?

    Thx.



    NANDAKUMAR.T

    Wednesday, June 21, 2017 7:12 AM
  • Hi NANDAKUMAR,

    What do you mean by BeforeSendRequest? As my understanding, there is only AfterCall and BeforeCall for IParameterInspector.

    In addition, per to the discussion between CarlosFigueira and nayan.gowda@gmail.com in above link, we could not control the response message on IParameterInspector.BeforeCall. You can throw an exception there, and hook up an IErrorHandler in your service; in your handler you'd then convert that exception to a Message adding an HttpResponseMessageProperty with StatusCode.Unauthorized, so that it would be sent back to the client.

    For this specific issue, I would suggest you post a new thread and share us more information.

    Best Regards,

    Edward


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.


    Thursday, June 22, 2017 1:48 AM
  • Hi,

    Thx for the reply.

    Got it...


    NANDAKUMAR.T

    Thursday, June 22, 2017 8:23 AM