Receive (and send) XML via POST with ASP.NET

Question

I have to set up an XML \"web service\" that receives a POST where the \'Content-type header will specify “text/xml”.\'

What is the simplest way to get the XML into

Answer 1

I want to apologize in advance for not answering your question here, but I want to give a little warning. Perhaps it is already something you're taking into account, but if you don't take the appropriate counter measures, your system can be easily shut down using a denial of service attack, when processing XML from an unknown source (both over HTTP and HTTPS).

There is a technique called XML Entity Expansion attacks. Look for instance at this innocent looking peace of XML that will bring your server to its knees when it tries to process it:

 
 
 
 
 
 
 
 
 
 
 
 
]> 
&m;

This little XML document of less than 500 bytes will make your server try to allocate at least 160 GB of memory.

You can protect yourself against this by validating the incoming XML (with an DTD) before processing it.

You can read more information about this attack, here.

Good luck.