EDMX validation fails over DTD

[zehavibarak]

OData fails to parse EDM xml from remote endpoint due to DTD namespace.

Assemblies affected

Microsoft.OData.Client

Reproduce steps

Add xmlns:sap="http://www.sap.com/Protocols/SAPData" to a working EDM.

Expected result

HTTP OK 200.

Actual result

Exception:

"For security reasons DTD is prohibited in this XML document. To enable DTD processing set the ProhibitDtd property on XmlReaderSettings to false and pass the settings into XmlReader.Create method."

Additional detail

Possible resolution is for DataServiceContext to accept options and pass ProhibitDtd or DtdProcessing to XML parser.

[zehavibarak]

See CsdlReader.

   // We do not allow DTDs - this is the default
    settings.DtdProcessing = DtdProcessing.Prohibit;

[gathogojr]

Thank you @zehavibarak for reporting this issue. We will investigate and decide the way forward.

In the meantime, a workaround you use to unblock yourself is to edit the auto-generated file and pass XmlReaderSettings parameter to the XmlReader.Create method. There are two methods you may need to modify:

[global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.OData.Client.Design.T4", "#VersionNumber#")]
private static global::System.Xml.XmlReader CreateXmlReader(string edmxToParse)
{
    var xmlReaderSettings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit /* Or whichever DtdProcessing option works for your scenario */ };
    return global::System.Xml.XmlReader.Create(new global::System.IO.StringReader(edmxToParse), xmlReaderSettings);
}

[global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.OData.Client.Design.T4", "#VersionNumber#")]
private static global::System.Xml.XmlReader CreateXmlReader()
{
    try
    {
        var assembly = global::System.Reflection.Assembly.GetExecutingAssembly();
        var resourcePath = global::System.Linq.Enumerable.Single(assembly.GetManifestResourceNames(), str => str.EndsWith(filePath));
        global::System.IO.Stream stream = assembly.GetManifestResourceStream(resourcePath);
        var xmlReaderSettings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit /* Or whichever DtdProcessing option works for your scenario */ };
        return global::System.Xml.XmlReader.Create(new global::System.IO.StreamReader(stream), xmlReaderSettings);
    }
    catch(global::System.Xml.XmlException e)
    {
        throw new global::System.Xml.XmlException("Failed to create an XmlReader from the stream. Check if the resource exists.", e);
    }
}

[gathogojr]

@zehavibarak OData Connected Service does help greatly in generating the proxy classes. However, if generating your own POCOs, you could opt to subclass the DataServiceContext by yourself and implement logic for fetching the service metadata and initializing the Edm model as follows:

internal class ExtendedDataServiceContext : DataServiceContext
{
	public ExtendedDataServiceContext(Uri serviceUri) : base(serviceUri)
	{
		Format.LoadServiceModel = LoadServiceModel;
		Format.UseJson();
	}

	private IEdmModel LoadServiceModel()
	{
		IEdmModel serviceModel;

                var xmlReaderSettings = new XmlReaderSettings { DtdProcessing = DtdProcessing.Prohibit /* Or whichever DtdProcessing option works for your scenario */ };
		using (var reader = XmlReader.Create(
                    /* TextReader for reading service metadata from file or network location */,
                    xmlReaderSettings))
		{
			if (!CsdlReader.TryParse(reader, out serviceModel, out IEnumerable<EdmError> errors))
			{
				throw new Exception(errors.Select(d => d.ErrorMessage).Aggregate((d, e) => string.Concat(d, "\r\n", e)));
			}
		}

		return serviceModel;
	}
}

[marabooy]

@zehavibarak were you using the OData Connected service when you got this error?