Allow .NET WebApi to ignore DOCTYPE declaration
I am trying to deserialize XML for an object using the WebApi method.
I have the following class:
[XmlRoot(IsNullable = false)]
public class MyObject
{
[XmlElement("Name")]
public string Name {get;set;}
}
And the next method in the WebApi controller.
[HttpPost]
public HttpResponseMessage UpdateMyObject(MyObject model)
{
//do something with the model
}
I am using XmlSerializer
by setting the following when starting the web project:
config.Formatters.XmlFormatter.UseXmlSerializer = true;
When I post the following XML it model
deserializes correctly and I can read its properties.
<?xml version="1.0" encoding="UTF-8"?>
<MyObject>
<Name>HelloWorld</Name>
</MyObject>
However, when I submit an XML message with a DOCTYPE declaration, the value model
is null and does not appear to be deserialized when the method is entered. That is, this XML is not deserialized in the model:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MyObject SYSTEM "http://example.com/MyObject.dtd">
<MyObject>
<Name>HelloWorld</Name>
</MyObject>
Hope someone can help.
source to share
Even if this is an old post, I ended up in the same situation. I ended up writing a custom version of the XmlMediaTypeFormatter overriding the ReadFromStreamAsync method.
Here is my personal solution:
public class CustomXmlMediaTypeFormatter : XmlMediaTypeFormatter
{
/// <summary>
/// Initializes a new instance of the <see cref="CustomXmlMediaTypeFormatter"/> class.
/// This XmlMediaTypeFormatter will ignore the doctype while reading the provided stream.
/// </summary>
public CustomXmlMediaTypeFormatter()
{
UseXmlSerializer = true;
}
public override Task<object> ReadFromStreamAsync(Type type, Stream readStream, HttpContent content, IFormatterLogger formatterLogger)
{
if (type == null)
throw new ArgumentNullException("type");
if (readStream == null)
throw new ArgumentNullException("readStream");
try
{
return Task.FromResult(ReadFromStream(type, readStream, content, formatterLogger));
}
catch (Exception ex)
{
var completionSource = new TaskCompletionSource<object>();
completionSource.SetException(ex);
return completionSource.Task;
}
}
private object ReadFromStream(Type type, Stream readStream, HttpContent content, IFormatterLogger formatterLogger)
{
var httpContentHeaders = content == null ? (HttpContentHeaders)null : content.Headers;
if (httpContentHeaders != null)
{
var contentLength = httpContentHeaders.ContentLength;
if ((contentLength.GetValueOrDefault() != 0L ? 0 : (contentLength.HasValue ? 1 : 0)) != 0)
return GetDefaultValueForType(type);
}
var settings = new XmlReaderSettings
{
DtdProcessing = DtdProcessing.Ignore
};
var deserializer = GetDeserializer(type, content);
try
{
// The standard XmlMediaTypeFormatter will get the encoding from the HttpContent, instead
// here the XmlReader will decide by itself according to the content
using (var xmlReader = XmlReader.Create(readStream, settings))
{
var xmlSerializer = deserializer as XmlSerializer;
if (xmlSerializer != null)
return xmlSerializer.Deserialize(xmlReader);
var objectSerializer = deserializer as XmlObjectSerializer;
if (objectSerializer == null)
throw new InvalidOperationException("xml object deserializer not available");
return objectSerializer.ReadObject(xmlReader);
}
}
catch (Exception ex)
{
if (formatterLogger == null)
{
throw;
}
formatterLogger.LogError(string.Empty, ex);
return GetDefaultValueForType(type);
}
}
}
Then obviously I replaced the default XmlFormatter of my config:
config.Formatters.Remove(config.Formatters.XmlFormatter);
config.Formatters.Add(new CustomXmlMediaTypeFormatter());
source to share