« Google Scholar Grows - An Update
Scratching Under the Surface of a “New” Health Search Engine »

The server committed a protocol violation

One of the issues involving XML-RPC.NET that turns up fairly frequently is when the library throws an instance of System.Net.WebException with the message “”The server committed a protocol violation”. This usually occurs because from .NET 1.1 SP1 onwards the parsing of HTTP responses became much more strict, as a security measure to prevent attacks which exploit malformed HTTP status lines and headers. The strict behaviour can be switched off via the application config file:

<?xml version ="1.0"?><configuration>  <system.net>    <settings>      <httpWebRequest useUnsafeHeaderParsing="true" />    </settings>  </system.net></configuration>

From .NET 2.0 this behaviour can be configured programmatically using the HttpWebRequestElement useUnsafeHeaderParsing property. At first when I read about this I assumed it was a property that can be set dynamically at runtime, for example in the same way as the HttpWebRequest KeepAlive property. But in fact its used in the new 2.0 configuration infrastructure to set the value in the config file (although once you do this the new value applies to the current running application as well as any apps launched afterwards. The new configuration infrastructure is pretty complex but this code seems to work ok:

Configuration config = ConfigurationManager.OpenExeConfiguration(  ConfigurationUserLevel.None);SettingsSection section = (SettingsSection)config.GetSection(  "system.net/settings");section.HttpWebRequest.UseUnsafeHeaderParsing = false;config.Save();

ConfigurationUserLevel.None specifies that the configuration file in the same directory as the executable should be modified so this file has to be writable. The other options PerUserRoaming and PerUserRoamingAndLocal can be used in different scenarios.

Finally, I found the code below in a post on the .NET Framework Networking and Communication forum. This uses reflection to set the private field useUnsafeHeaderParsing to true and as a result may not be suitable in all scenarios where the relevant code access security permission is not available. (Note: add System.Configuration.dll as a reference to your project.)

public static bool SetAllowUnsafeHeaderParsing(){  //Get the assembly that contains the internal class  Assembly aNetAssembly = Assembly.GetAssembly(    typeof(System.Net.Configuration.SettingsSection));  if (aNetAssembly != null)  {    //Use the assembly in order to get the internal type for     // the internal class    Type aSettingsType = aNetAssembly.GetType(      "System.Net.Configuration.SettingsSectionInternal");    if (aSettingsType != null)    {      //Use the internal static property to get an instance       // of the internal settings class. If the static instance       // isn't created allready the property will create it for us.      object anInstance = aSettingsType.InvokeMember("Section",        BindingFlags.Static | BindingFlags.GetProperty         | BindingFlags.NonPublic, null, null, new object[] { });      if (anInstance != null)      {        //Locate the private bool field that tells the         // framework is unsafe header parsing should be         // allowed or not        FieldInfo aUseUnsafeHeaderParsing = aSettingsType.GetField(          "useUnsafeHeaderParsing",           BindingFlags.NonPublic | BindingFlags.Instance);        if (aUseUnsafeHeaderParsing != null)        {          aUseUnsafeHeaderParsing.SetValue(anInstance, true);          return true;        }      }    }  }  return false;}

More: continued here
Powered by SmartRSS

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Netvouz
  • DZone
  • ThisNext
  • MisterWong
  • Wists
  • Technorati

This entry was posted on Friday, August 29th, 2008 at 12:08 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.


Related News


  • RSAT - Remote Server Administration Tool


    • Microsoft gives Windows Vista administrators a tool to administer Vista PCs remotely. This tool is called Microsoft Remote Server Administration Tool (KB941314).It is described as follows:<blockquote>Microsoft Remote Server Administration Tools (RSAT) enables IT administrators to remotely manage roles and features in Windows Server 2008 from a computer running Windows Vista with SP1. It includes support [...]


  • Server-Side JavaScript - All the Cool Kids Are Doing It!


    • In this session that no developer who uses JavaScript or ActionScript will want to miss, delegates will learn how to: Overcome common hurdles and pitfalls of client-side only JavaScript development, Speed up development time by cutting out extra server-side code and processing scripts that are no longer necessary, and Clean up your code base by reducing (or even eliminating) the number of languages needed to leverage to accomplish common tasks (i.e. Why bother with server-side PHP scripts to fetch database results when you can do it all in JavaScript on the server? Why mess with Curl to fetch content that your JavaScript code can grab in one line?)read more


  • YouTube Cheers Dismissal of Veoh Copyright Suit


    • In a ruling that could have implications for Viacom's $1.65 billion lawsuit against YouTube, a California federal court on Wednesday dismissed a copyright-infringement lawsuit against online video-sharing site Veoh Networks.IO Group, an adult entertainment company, had sued Veoh, alleging the site was displaying its content in violation of copyright laws. Veoh had uploaded IO Group's content without permission. However, Judge Howard Lloyd of the U.S. District Court in San Jose disagreed with IO Group's argument. The judge ruled that Veoh is protected by the safe-harbor provision in the Digital Millennium Copyright Act. That provision protects against copyright infringement if action is taken after notification of a copyright violation."Veoh has a strong DMCA policy, takes active steps to limit incidents of infringement on its Web site and works diligently to keep unauthorized works off its site," Judge Lloyd wrote in his decision.Google Applauds RulingGoogle-owned YouTube was quick to praise the decision. YouTube Chief Counsel Zahavah Levine applauded the court for confirming that the DMCA protects services like YouTube that follow the law and respect copyrights. Zahavah then reiterated Google's oft-repeated statement:"YouTube has gone above and beyond the law to protect content owners while empowering people to communicate and share their experiences online."We work every day to give content owners choices about whether to take down, leave up, or even earn revenue from their videos, and we are developing state-of-the-art tools to let them do that even better."What About Viacom's Suit?Viacom could not immediately be reached for comment.Viacom filed a suit against Google in 2006 in the U.S. District Court for the Southern District of New York. Viacom called YouTube a "significant, for-profit organization that has built a lucrative business out of exploiting the devotion of fans to others' creative works in order to enrich itself and its corporate parent, Google."Google might...


  • Testers get invites to SP2 betas for Vista, Windows Server 2008


    • Selected testers are reporting that they've received invitations for the Service Pack (SP) 2 betas for Vista and Windows Server 2008. Neowin was first to acknowledge the delivery of the SP2 invitations. Other testers are now confirming that report. The broader-scale SP2 betas are exptected to begin within the next four weeks for the new service packs, Neowin says. Some testers -- a very select few -- already have a test build of SP2 for Vista (not sure if also for Windows Server 2008) in hand, as I noted recently. I'm hearing Microsoft's goal is to deliver the final version of both SP2s before the company releases Windows 7, which is expected to be released to manufacturing in the latter half of 2009. ...


  • Web Services Manifesto - RESTful Architecture and the Programmable Web


    • I don't need to go into too much detail here about what exactly REST is - I know that most of the readers of this blog are well versed in Web Services technologies and architectural patterns. The thing that I want to cover is that REST is an architectural decision, it is not a protocol or a wire format or even an industry standard. It is a set of recommendations for how you organize the information exposed by your Web Services. Before I go into detail here, I personally think that REST is the way to go. Unless you have a particular need to be strapped into the SOAP/WS-* roller coaster, your Web Service should be exposing resources via RESTful URLs. I can't imagine why people would chose not to do so.read more


    Leave a Reply

    You must be logged in to post a comment.