漏洞? -WCF不会在HTTP"400错误的请求"中读取SOAP错误.讯息 [英] Bug? - WCF does not read SOAP faults in HTTP "400 Bad request" messages
问题描述
大家好,
我正在对Apache Axis 2进行一些互操作性测试,并注意到每当Axis返回http响应"400 Bad request"时,就会出现一个错误.包括SOAP错误.Net根本无法处理此SOAP错误.抛出的异常是
"远程服务器返回了意外的响应:(400)错误的请求."
虽然我实际上只对实际的SOAP错误感兴趣.如果我打开跟踪,则会记录相同的内容.
http响应示例(包括SOAP错误)可能是
HTTP/1.1 400错误请求
服务器:Apache-Coyote/1.1
内容类型:application/soap + xml; charset = utf-8
传输编码:分块
>日期:2007年3月21日,星期三,格林尼治标准时间
连接:关闭
224
<?xml version ='1.0'encoding ='utf-8'?>< soapenv:Envelope xmlns:wsa ="
http://www.w3.org/2005/08/addressing http: //www.w3.org/2003/05/soap-envelope >< soapenv:Header>< wsa:Action> </wsa:Action>/soapenv:Header< soapenv:Body> soapenv:Fault> soapenv:Code< soapenv:Value> soapenv:Sender</soapenv:Value></s ;< soapenv:Reason>< soapenv:Text xml:lang ="en-US">缺少时间戳</soapenv:Text></soapenv:Reason>< soapenv:Detail></soapenv:Detail></soapenv :Fault></soapenv:Body></soapenv:Envelope> SOAP 1.2 规范指出,代码"Sender"出错.实际上应该具有http状态400(http://www.w3.org/TR/2003/REC-soap12-part2-20030624/#tabresstatereccode ).
最好的问候,
Pat
假设您有将此异常捕获为"e",那么我认为下面的代码提出了一种变通方法,使您可以获取所需的信息.
如果WCF传输尝试将实体正文读取为Message或MessageFault并将其打包给您,这似乎很好,但显然不是.
WebException we = e.InnerException as WebException;
if(我们!= null)
{
Stream s = we.Response.GetResponseStream();
StringBuilder sb = new StringBuilder(" ;,65536);try
<;>(;;)的
{{br> byte [] readBuffer = new byte [1000];
int count = 0;
{
count = s.Read(readBuffer,0,readBuffer.Length);如果(count == 0)
{{br>sb.Append(System.Text.Encoding.UTF8.GetString(readBuffer,0,count));
}}
最后
{
s.Close();
}
Console.WriteLine(sb.ToString());
}
Hi everyone,
I'm doing a little interop testing with Apache Axis 2, and noticed that whenever Axis returns a http response "400 Bad request" including a SOAP fault .Net does not handle this SOAP fault at all. All I get in the exception thrown is
"The remote server returned an unexpected response: (400) Bad Request."
while I'm in fact only interested in the actual SOAP fault. The same gets logged if I turn on tracing.
An example http response, including a SOAP fault, could be
HTTP/1.1 400 Bad Request
Server: Apache-Coyote/1.1
Content-Type: application/soap+xml;charset=utf-8
Transfer-Encoding: chunked
Date: Wed, 21 Mar 2007 08:27:35 GMT
Connection: close
224
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:wsa="
http://www.w3.org/2005/08/addressing" xmlnsoapenv="http://www.w3.org/2003/05/soap-envelope"><soapenv:Header><wsa:Action>http://www.w3.org/2005/08/addressing/soap/fault</wsa:Action></soapenv:Header><soapenv:Body><soapenv:Fault><soapenv:Code><soapenv:Value>soapenv:Sender</soapenv:Value></soapenv:Code><soapenv:Reason><soapenv:Text xml:lang="en-US">Missing Timestamp</soapenv:Text></soapenv:Reason><soapenv:Detail></soapenv:Detail></soapenv:Fault></soapenv:Body></soapenv:Envelope>The SOAP 1.2 spec says that faults with code "Sender" should in fact have http status 400 (http://www.w3.org/TR/2003/REC-soap12-part2-20030624/#tabresstatereccode).
Best regards,
Pat
Assuming you have caught this exception as 'e', then I think the code below suggests a workaround that makes it possible to get at the info you seek.
It seems like it would be nice if the WCF transport would try to read the entity body as a Message or MessageFault and package that for you in the exception, but apparently it does not.
WebException we = e.InnerException as WebException;
if (we != null)
{
Stream s = we.Response.GetResponseStream();
StringBuilder sb = new StringBuilder("", 65536);try
{
byte[] readBuffer = new byte[1000];
int count = 0;for (; ; )
{
count = s.Read(readBuffer, 0, readBuffer.Length);if (count == 0)
{
// EOF
break;
}sb.Append(System.Text.Encoding.UTF8.GetString(readBuffer, 0, count));
}}
finally
{
s.Close();
}
Console.WriteLine(sb.ToString());
}
这篇关于漏洞? -WCF不会在HTTP"400错误的请求"中读取SOAP错误.讯息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
