tags:

views:

12

answers:

0
Q: 

How to validate the Content-MD5 header (from the actual content) in a RequestInterceptor (WCF REST Starter Kit) - REST web service

Hello,

I'm implementing REST web services by means of the WCF REST Starter Kit.

I get the request in a System.ServiceModel.Channels.RequestContext.

Specifically: the interceptor starts this way: Public Overrides Sub ProcessRequest(ByRef requestContext As RequestContext)

If the request includes the Content-MD5 header, I must validate the provided hash against the actual content body, right? Because this does not happen 'automatically'. Nobody (IIS, or whoever) is verifying this for me, as I first thought it would happen.

I thought doing this content verification would be easy. I just have to get the request body as a string and compare the result of my GenerateChecksumForContent() with the hash included in the header.

How to compute the MD5 from the content:

Public Shared Function GenerateChecksumForContent(ByVal content As String) As String
    ' Convert the input string to a byte array and compute the hash.
    Dim hashed As Byte() = MD5.Create().ComputeHash(Encoding.UTF8.GetBytes(content))
    ' Convert the hash to a Base64 Encoded string and return it
    Return Convert.ToBase64String(hashed)
End Function

How to get the Content-MD5 request Header value:

Dim message As Message = requestContext.RequestMessage
Dim reqProp As HttpRequestMessageProperty = DirectCast(message.Properties(HttpRequestMessageProperty.Name), HttpRequestMessageProperty)
Dim contentMD5HeaderValue As String = reqProp.Headers("Content-MD5")

My problem is that I don't know how to do something so apparently simple as compute the Content-MD5 of the request's body.

I could not find any built-in property telling me this information (the content's MD5 current hash value).

I've tried this, but it does not work:

Dim content As String = requestContext.RequestMessage.GetBody(Of String)()
Dim computedMD5 As String = GenerateChecksumForContent(content)

In addition, what would happen after the RequestInterceptor run and the 'real' method process the content? The content would be lost because it was already read?

Should I in addition do something like ".CreateBufferedCopy()" to keep the request body available for the post-RequestInterceptor processing?

I cannot understand why this is so complicated! It should be something trivial, but as you can see, I'm completely lost.

Please someone, help me...

Many thanks,

Horacio.-

related questions

Mocking WebResponse's from a WebRequest
What's the best way to learn server RESTful code?
JAX-RS Frameworks
SOAP or REST
Are REST request headers encrypted by SSL?
REST in Java
REST type API for non web based applications, Is It a good idea?
Getting started with REST
Plain text passwords in Ruby on Rails using Restful_Authentication
Where WCF and ADO.Net Data services stand?
REST how to handle query parameters when put to resource?
Any way to handle Put and Delete verbs in ASP.Net MVC?
How do you implement resource "edit" forms in a RESTful way?
Friendly URLs for ASP.NET
Possible to create REST web service with ASP.NET 2.0
Strange Rails Authentication Issue
How to respond to an alternate URI in a RESTful web service
Guide to choosing between REST vs SOAP services?
guid REST URL for ado.net dataservice call?
RESTful web services and HTTP verbs
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Best Practices for securing a REST API / web service
Document or RPC based web services
Modify Address Bar URL in AJAX App to Match Current State