By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
443,784 Members | 3,274 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 443,784 IT Pros & Developers. It's quick & easy.

string "changing" length

P: n/a
I've a webservice with a string parameter.

I call this webservice passing a string that is 1129 chars length. On the
webservice, the received string is 1146 length (I tested sizes with
string.length property). String's contents seem be teh same, so I think
there is some encoding difference (is this possibile?). The problem is that
I sign this string, so signature validation fails :(

What can be the problem?

thanks

Aug 13 '06 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Hello Trapulo,

Glad to see you again. BTW,I've posted my reply in your previous thread
"secure a WS called by GPRS".

As for the string length changing issue you mentioned here, would you
provide some further information about the client and server-side code
logic on how you pass the string into webservice message and where did you
check the string length?

Also, as you mentioned that you're added signing on the string, would you
also provide the code about how to sign the string? You can also test the
behavior by passing the string without performing any signing or encyption
against the SOAP message to see what happens.

Based on my experience, if the value remains the same on both side, it is
likely that the xml encoding make the string lengh different. For example,
for string that passed through SOAP message(xml document), those particular
chars like (<, , / .... ) maybe html encoded to their escaped format
(like &lt;, &rt; ....). So is there any paricular strings in the one
which raise the problem? You can test the behavior through different string
contents.

Please let me know if you have any other finding.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
Aug 14 '06 #2

P: n/a
Hi Trapulo,

Have you got any progress or resolved this issue? Please feel free to let
me know if there is anything else we can help.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
Aug 16 '06 #3

P: n/a
>Steven Cheng[MSFT]" <st*****@online.microsoft.comwrote in message
>news:eC**************@TK2MSFTNGXA01.phx.gbl...

Hello again, Steven
As for the string length changing issue you mentioned here, would you
provide some further information about the client and server-side code
logic on how you pass the string into webservice message and where did you
check the string length?
So, I read an xml file from disk with this code:
Dim file As IO.TextReader = IO.File.OpenText(f)

Dim command As New LoadLogCommand

command.Content = file.ReadToEnd()

command.ContentOffset = 0

command.OriginalName = IO.Path.GetFileName(f)

command.TotalSize = command.Content.Length
The problem is with "Content". My LoadLogCommand inserts the code in an xml
document, with this internal sub:
Public Overrides Sub WriteXml(ByVal writer As System.Xml.XmlTextWriter)

writer.WriteStartElement("LoadLog")

writer.WriteElementString("OriginalName", Me.OriginalName)

writer.WriteElementString("ContentOffset", Me.ContentOffset.ToString)

writer.WriteElementString("Content", Me.Content)

writer.WriteElementString("TotalSize", Me.TotalSize.ToString)

writer.WriteEndElement() ' ActivityLog

End Sub

Then, the xml code is loaded to a webservice as a string parameter. The
signature is calculated on the string that contains the xml, with this code:
Dim rsa As New System.Security.Cryptography.RSACryptoServiceProvi der

rsa.FromXmlString(xmlKey)

Return rsa.SignData(Text.Encoding.UTF8.GetBytes(_xmlCache ), New
Security.Cryptography.SHA1CryptoServiceProvider)

The signature is passed to the webservice as an other byte() parameter.

The webservice gets the xml and the signature, and checks the signature with
this code:

Dim rsa As New System.Security.Cryptography.RSACryptoServiceProvi der

rsa.FromXmlString(xmlKey)

Dim hashAlg As New Security.Cryptography.SHA1CryptoServiceProvider

Return rsa.VerifyData(Text.Encoding.UTF8.GetBytes(xmlPack et), hashAlg,
signature)
This test fails because the xml I signed, and the xml I received, have
different length.

I noticed this, if can help you: I upload xml files created from .NET with
xml namespace's objects. These file work. Now I've opened a file with MS
Word, changed a value, saved it. This doesn't work, because the signature is
not validated.
Also, as you mentioned that you're added signing on the string, would you
also provide the code about how to sign the string? You can also test the
behavior by passing the string without performing any signing or encyption
against the SOAP message to see what happens.
It is the same. SOAP message is not encrypted, and the xml string and the
signature are passed as two distinct parameters.
Based on my experience, if the value remains the same on both side, it is
likely that the xml encoding make the string lengh different. For example,
for string that passed through SOAP message(xml document), those
particular
chars like (<, , / .... ) maybe html encoded to their escaped format
(like &lt;, &rt; ....). So is there any paricular strings in the one
which raise the problem? You can test the behavior through different
string
contents.
Yes, the are xml documents so I think it's something related to this. But I
can't understant what is the problem, and why some xml files work, and some
others doesn't. The problem howevere is sure with the xml loaded from disk,
because if I remove it and I upload only the general xml (that is the xml I
create at runtime, where the xml loaded from disk is only the
\LoadLog\Content node ), upload works always.
thank you
Aug 28 '06 #4

P: n/a
Hi Trapulo,

Thanks for the followup.

Yes, if you directly write xml document or fragment into webservice SOAP
message as string, the runtime will peform html encoding on the string so
as to escape those particular chars (like < , ....).

I think you can consider manually use HttpUtility.HtmlEncode method to
encode the string before add it into your object which will be transfered
by the SOAP message. thus, the runtime will not do the additional
converting.

#HttpUtility.HtmlEncode Method (String, TextWriter)
http://msdn2.microsoft.com/en-us/library/1ew0dw8s.aspx

Please feel free to let me know if you get any new finding.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead
This posting is provided "AS IS" with no warranties, and confers no rights.
Aug 31 '06 #5

This discussion thread is closed

Replies have been disabled for this discussion.