Simple Example in using The Exception Handling Application Block in WCF Webservice

Question

So i'm trying to use The Exception Handling Application Block from the Enterprise Library, but i just can't figure out how to do this.

This is my code from my WCF project:

namespace TextWebService
{
    [ServiceContract]
    public interface ITextWebService
    {
        [OperationContract]
        string ToLower(string inputString);

        [OperationContract]
        string ToUpper(string inputString);
    }
}

...

using Microsoft.Practices.EnterpriseLibrary.ExceptionHandling;

namespace TextWebService
{
    public class TextWebService : ITextWebService
    {
        public string ToLower(string inputString)
        {
            return inputString.ToLower();
        }

        public string ToUpper(string inputString)
        {
            return inputString.ToUpper();
        }
    }
}

The ASP.NEt that uses this service has a textbox and "Invoke Service Methods" button which transforms the input string like so:

Everytime when I input large text, I get this error:

I just want a simple example how can I prevent that error from showing, or modify it and use the exception handling application bloc . I tried a lot of examples, but just can't seem to get it. PS it must be done from WCF

Answer 1

If you are certain that the content that comes trough your project is always valid. You can try to add the following to your web.config:

<system.web>
    <httpRuntime requestValidationMode="2.0" />
    <pages validateRequest="false" />
</system.web>

---

Here's a litle bit of back info about why you are getting this error (from this post):

..Note that a "<" could also come from other outside sources, like a database field, a configuration, a file, a feed and so on.

Furthermore, "<" is not inherently dangerous, its only dangerous in a specific context: when writing unencoded strings to HTML output (because of XSS). In other contexts different substrings are dangerous, eg if you write an user-provided URL into a link, the substring "javascript:" may be dangerous. The single quote character on the other hand is dangerous when interpolating strings in SQL queries, but perfectly safe if it is a part of a name submitted from a form or read from a database field...