Hi Bill,

From your description, you have an ASP.NET webservice (asmx endpoint) which
has a webmethod accepting a XML string parameter, and you'll get validation
error when you call the webservice, correct?

regarding on the webservice, I'd like to confirm the following things:

** The xml parameter of your webmethod is of "String" type, correct?

** How are you consuming the webservice, through the asmx page(via http
post) or through a generated client proxy class?

Generally, for XML webserivice, since its underlying message is encoded via
SOAP XML, therefore, we should not directly pass parameter or return value
of raw XML string content.  Here is a former blog article which has
mentioend this:

#Rant: Don't return XML in string variables
http://blogs.msdn.com/mpowell/archive/2004/05/12/130637.aspx

Also, if you do need to pass XML string content, you can consider the
following means:

** manually perform htmlencoding on it so that all the xml content are in
escaped format

** use a CDATA section to wrapper the xmlstring.

Here is a forum thread discussing on this problem too:

#Passing an XML string as part of an XML Web Service
http://forums.asp.net/p/1064300/1631786.aspx#1631786

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead



==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.



Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================
   

This posting is provided "AS IS" with no warranties, and confers no rights.

-------------------
From: =?Utf-8?B?QmlsbEF0V29yaw==?= <BillAtWork@nospam.nospam>
Subject: XML as a WebService parameter
Date: Thu, 8 Nov 2007 05:43:01 -0800

Hi,
We recently converted a 1.1 project to 2.0 and this included a webservice
which accepted XML for one of the parameters. Since converting to 2.0 I am
getting the following message:
---
A potentially dangerous Request.Form value was detected from the client
(myparam="<root><blah....").
---

The fix used for ASPX pages is to include the @Page directive with
validateRequest="false" however this does not work for ASMX pages ("The
directive 'Page' is unknown").

Does anyone know of a way to turn this off for webservices?

Thanks!