Ignoring supplied namespaces when validating XML with XSD

Trying to solve the same problem. I came up with what I think is a fairly clean solution. For clarity, I have ommited some validation on the input parameters.

First, the scenario: There is a webservice that recieves a file, that is supposed to be "well-formed" xml and valid against a XSD. Of course, we don't trust the "well fomrmness" nor that it is valid against the XSD that "we know" is the correct.

The code for such webservice method is presented below, I think it's self-explanatory.

The main point of interest is the order in wich the validations are happening, you don't check for the namespace before loading, you check after, but cleanly.

I decided I could live with some exception handling, as it's expected that most files will be "good" and because that's the framework way of dealing (so I won't fight it).

private DataTable xmlErrors;[WebMethod]public string Upload(byte[] f, string fileName) {    string ret = "This will have the response";    // this is the namespace that we want to use    string xmlNs = "http://mydomain.com/ns/upload.xsd";    // you could put a public url of xsd instead of a local file    string xsdFileName = Server.MapPath("~") + "//" +"shiporder.xsd";     // a simple table to store the eventual errors     // (more advanced ways possibly exist)    xmlErrors = new DataTable("XmlErrors");    xmlErrors.Columns.Add("Type");    xmlErrors.Columns.Add("Message");    try {        XmlDocument doc = new XmlDocument(); // create a document        // bind the document, namespace and xsd        doc.Schemas.Add(xmlNs, xsdFileName);         // if we wanted to validate if the XSD has itself XML errors        // doc.Schemas.ValidationEventHandler +=         // new ValidationEventHandler(Schemas_ValidationEventHandler);        // Declare the handler that will run on each error found        ValidationEventHandler xmlValidator =             new ValidationEventHandler(Xml_ValidationEventHandler);        // load the document         // will trhow XML.Exception if document is not "well formed"        doc.Load(new MemoryStream(f));        // Check if the required namespace is present        if (doc.DocumentElement.NamespaceURI == xmlNs) {            // Validate against xsd             // will call Xml_ValidationEventHandler on each error found            doc.Validate(xmlValidator);            if (xmlErrors.Rows.Count == 0) {                ret = "OK";            } else {                // return the complete error list, this is just to proove it works                ret = "File has " + xmlErrors.Rows.Count + " xml errors ";                ret += "when validated against our XSD.";            }        } else {            ret = "The xml document has incorrect or no namespace.";                        }    } catch (XmlException ex) {        ret = "XML Exception: probably xml not well formed... ";        ret += "Message = " + ex.Message.ToString();    } catch (Exception ex) {        ret = "Exception: probably not XML related... "        ret += "Message = " + ex.Message.ToString();    }    return ret;}private void Xml_ValidationEventHandler(object sender, ValidationEventArgs e) {    xmlErrors.Rows.Add(new object[] { e.Severity, e.Message });}

Now, the xsd would have somthing like:

<?xml version="1.0" encoding="utf-8"?><xs:schema id="shiporder"    targetNamespace="http://mydomain.com/ns/upload.xsd"    elementFormDefault="qualified"    xmlns="http://mydomain.com/ns/upload.xsd"    xmlns:mstns="http://mydomain.com/ns/upload.xsd"    xmlns:xs="http://www.w3.org/2001/XMLSchema">    <xs:simpleType name="stringtype">      <xs:restriction base="xs:string"/>    </xs:simpleType>    ...    </xs:schema>

And the "good" XML would be something like:

<?xml version="1.0" encoding="utf-8" ?><shiporder orderid="889923"  xmlns="http://mydomain.com/ns/upload.xsd">  <orderperson>John Smith</orderperson>  <shipto>    <names>Ola Nordmann</names>    <address>Langgt 23</address>

I tested, "bad format XML", "invalid input according to XSD", "incorrect namespace".

references:

Read from memorystream

Trying avoid exception handling checking for wellformness

Validating against XSD, catch the errors

Interesting post about inline schema validation

Hi Martin, the comment sction is too short for my answer, so I'll give it here, it may or not be be a complete answer, let's improve it together :)

I made the following tests:

• Test: xmlns="blaa"
• Result: the file gets rejected, because of wrong namespace.
• Test: xmlns="http://mydomain.com/ns/upload.xsd" and xmlns:a="blaa" and the elements had "a:someElement"
• Result: The file retunrs error saying it's not expecting "a:someElement"
• Test: xmlns="http://mydomain.com/ns/upload.xsd" and xmlns:a="blaa" and the elements had "someElement" with some required attribute missing
• Result: The file returns error saying that the attribute is missing

The strategy followed (wich I prefer) was, if the document doesn't comply, then don't accept, but give some information on the reason (eg. "wrong namespace").

This strategy seems contrary to what you previously said:

however, if a customer misses out the namespace declaration in their submitted XML then I would like to say that we can still validate it. I don't want to just say "You messed up, now fix it!"

In this case, it seems you can just ignore the defined namespace in the XML. To do that you would skip the validation of correct namespace:

    ...    // Don't Check if the required namespace is present    //if (doc.DocumentElement.NamespaceURI == xmlNs) {        // Validate against xsd         // will call Xml_ValidationEventHandler on each error found        doc.Validate(xmlValidator);        if (xmlErrors.Rows.Count == 0) {            ret = "OK - is valid against our XSD";        } else {            // return the complete error list, this is just to proove it works            ret = "File has " + xmlErrors.Rows.Count + " xml errors ";            ret += "when validated against our XSD.";        }    //} else {    //    ret = "The xml document has incorrect or no namespace.";                    //}    ...

Other ideas...

In a parallel line of thought, to replace the supplied namespace by your own, maybe you could set doc.DocumentElement.NamespaceURI = "mySpecialNamespace" thus replacing the namepsace of the root element.

Reference:

add-multiple-namespaces-to-the-root-element

The whole point behind a XSD schema is that it makes untyped XML into strongly typed XML.

An XML type can be defined as the combination of node-name and namespace.

If someone sends you XML with no namespace then despite intentions the XML does not refer to the types as defined by the XSD schema.

From a XML validation perspective the XML is valid as long as

1. It is well formed
2. It confirms to any typed XML definition, as specified by the xmlns attribute

I use XmlSchemaValidationFlags.ReportValidationWarnings flag. Otherwise xml with unknown namespace (or without namespace) will silently pass validation.

public static void Validate(string xml, string schemaPath){    //oops: no ValidationFlag property, cant use linq    //var d = XDocument.Parse(xml);    //var sc = new XmlSchemaSet();    //sc.Add(null, schemaPath);    //sc.CompilationSettings.EnableUpaCheck = false;    //d.Validate(sc, null);    XmlReaderSettings Xsettings = new XmlReaderSettings();    Xsettings.Schemas.Add(null, schemaPath);    Xsettings.ValidationType = ValidationType.Schema;    Xsettings.ValidationFlags |= XmlSchemaValidationFlags.ReportValidationWarnings;    Xsettings.Schemas.CompilationSettings.EnableUpaCheck = false;    Xsettings.ValidationEventHandler += new ValidationEventHandler(ValidationCallBack);    XmlReader reader = XmlReader.Create(new StringReader(xml), Xsettings);    while (reader.Read())    {    }}private static void ValidationCallBack(object sender, ValidationEventArgs e){    if (e.Severity == XmlSeverityType.Warning)        throw new Exception(string.Format("No validation occurred. {0}", e.Message));    else        throw new Exception(string.Format("Validation error: {0}", e.Message));}