Where do you sanitize JSON input in your ASP.net application?

Question

I have an ASP.net application with a WCF service like this:

[OperationContract]
[WebGet]
public string DoDeleteRow(GridParameter request)
{ ... do stuff.. }

How would you validate the variable "request"? Do you simply rely on the Microsoft JSON parser and let that reconstruct the object for you, or do you just accept a string input and perform validation prior to processing? something similar to below

[OperationContract]
[WebGet]
public string DoDeleteRow(string request)
{
   if (CurrentUserIsValid)
   {
     //ASP.net membership
   } 
   if (CanParseObject(request))
   {
      //convert to .NET type
    }
}

Where do you place the rest of your input sanitization logic?

Answer 1

Just let the built-in parser do it. I can't imagine what CanParseObject would do that didn't simply involve parsing the object and checking for errors...

On the other hand, WCF has a very extensive customization facility, which you can use to validate, parse, inspect, or whatever you like, messages before they're translated into the method calls. So you could build something with that if you wanted.