I have a Web API deployed in Azure and expose via API management. I have another API that calls that API. The problem now is that, when we try to post a data with special character. API management is blocking the request.
I understand that there are firewall rules implemented in Azure API that causes API management to blocked the request. I also don't want to disable those rules but my API should know that those strings are valid. I am planning to encode those especial character but is there a best way to do this other than encoding special characters?
Related
I have an azure function app (v1, with no possibility for upgrading, unfortunately) with an endpoint receiving JSON via POST requests, doing some computation and returning JSON in the response. This endpoint needs to be made SOAP-compatible, meaning that it should receive SOAP requests and return SOAP responses and also be able to provide a WSDL file.
Using the SOAP mapper in API Management is not an option, due to its limitations.
The methods I have tried are:
Create a WCF service and try to delegate the HTTP request to it from the Azure function endpoint. This didn't seem to work because the corresponding handler in WCF can only receive a request via its own HTTP endpoint (which does not seem to be exposable via the azure function endpoint), but cannot be called from within the code.
Use an ASP.net web application with SoapCore as a starting point and try to migrate it to an azure function. This doesn't seem possible because of a completely different structure. SoapCore is attached to the ASP.net app instance as a middleware, whereas azure function does not provide the means to use middleware.
Parse the SOAP request manually, convert it to JSON, do the computation, convert the result back to a SOAP message and return it. The seems very hacky and also the WSDL must be created and served manually. Despite these drawbacks, I'm leaning towards this solution because of the unfeasibility of the first two.
Is there any other possible solution that I have might missed?
If you are using Azure API Management , then below option works;
You can write transformation policies at the service or endpoint level - JSON to SOAP refer: https://learn.microsoft.com/en-us/azure/api-management/api-management-transformation-policies#convert-json-to-soap-using-a-liquid-template
Also refer this link Expose REST API as SOAP via Azure API Management would help.
My Google-foo is failing me here... most likely a terminology thing.
Basically, I'm making a desktop (and likely mobile) application that connects to a REST API that returns JSON. I've created a C# class library that handles the the data querying in my local project however this would expose my API key if I were to publish it.
I would like to know what are the appropriate options for simply running a small service in Azure that takes a web request, queries the API and passes the JSON response back. Something lightweight, decently scalable.
Is this something a web role or worker role is good for? Is this something I really should learn Node.js for?
I asked a similar question a few years back: Keeping a secret key secret with Amazon Web Services
One reasonable solution is to build a simple service that returns the headers and url to use when communicating with the authenticated service. Your API key remains secret because it only lives in your service, but the clients can leverage the API key by getting the encrypted request from your service and then making the request for the actual work.
I haven't personally looked into the Azure API App Service, but a brief browse of the main website suggests that it, too, may be relevant to your interests. :)
Check out Azure Mobile Apps. Azure Mobile Apps is a "backend as a service" platform. With Mobile Apps you can easily store information into a SQL Database and expose custom API methods. It is a great place to start and has SDKs for connecting iOS, Andriod, Xamarin, and HTML apps.
As for security, the Mobile service has options to protect the data from allow anonymous access to requiring each user to authenticate.
I have been working on a RESTful webservice for an android native application to consume. I choose ASP .NET WEB API. WEB API makes it very easy to create those HTTP methods in controllers, and converting our response objects into json/xml... Its simply awesome!
Now comes user authentication and those session handling parts. First I thought it will be easier to implement sessions in my RESTful service. But really frustrated with the configurations for enabling sessions in WEB API, and making the android native to handle those session ids.
First, Android sends login request to WEB API
WEB API checks authentications, and responses with a sessionid in response header
Now Android native reads the response header->fetches ASPNET_sessionId ->keeps in its memory
Further requests from android will have to set this ASPNET_sessionId in request header
Do you think this is a proper way?
And now I have another client. A hybrid app in Mobile jquery. Now facing following problems:
Access-origin policy: So I set Access-Control-Allow-Origin to * in response header. And it solved.
Now I need to set session id in jquery ajax post request. And found its not possible to set headers for jquery ajax when calling a cross domain service.
How can I manage session for my hybrid app?
Also What are the things taken care of while creating a web service that has to be consumed from different client applications?
After a lot of research I have come with following points:
REST is stateless. So why do we need to play with session? there by giving it a stateful life?
No need for enabling session state. When a user logins into
application we creates a unique id for user in database. Further
requests from the user will send this unique id as a part of message
body. Server checks this unique id every time for identifying user.
Cross-domain issue in Hybrid app
When converting app to hybrid with cordova we found that cross domain
issue is not occuring. It is believed that cordova converts jquery
ajax requests to native requests calls from android. jsonp also found to be a good solution.
After searching the entire day about what I should use, I'm not sure what option would be best for my needs so I hope someone with more experience could help me out.
I have a winforms application (c#) and a ASP.NET MVC 4 web application (c#).
I wish to connect these, the goal is to send and receive data from the database which I use in the MVC 4 project, but from within the windows forms application. The data I send from the windows forms application to the database, is then used by the MVC 4 web application.
I am entirely new to web services / Web Api's so I can't really decide what option would be best. Any help would be much appreciated..
If you already created MVC4 project then you can add actions to any controller
and return JSON data like below :
public JsonResult GetCategoryList()
{
var list = //return list
return Json(list, JsonRequestBehavior.AllowGet);
}
or you can create new project of MVC4 and select WEBAPI template . It will create webapi project for you .It will create with example .so it will easy for to create webapi.In webapi it return data automatically convert to xml and json as per request
The WCF Web API abstractions map to ASP.NET Web API roughly as follows
WCF Web AP -> ASP.NET Web API
Service -> Web API controller
Operation -> Action
Service contract -> Not applicable
Endpoint -> Not applicable
URI templates -> ASP.NET Routing
Message handlers -> Same
Formatters -> Same
Operation handlers -> Filters, model binders
Other Links
If you have an MVC 4 App already, it would be better to use Web API (RESTful service)
I assume you have some knowledge in building REST API (understanding of POST, PUT, UPDATE stuff)
It is simple in configuration and usage. All what you need actually is to create a new controller like:
class MyApiController: ApiController {
public Post(SomeClass item) {
....connect to db and do whatever you need with the data
}
}
You'll also should configure routing for Api.
And then in your winForms app you can simply use HttpClient class to perform api call.
HttpClient aClient = new HttpClient();
// Uri is where we are posting to:
Uri theUri = new Uri("https://mysite.com/api/MyApi");
// use the Http client to POST some content ( ‘theContent’ not yet defined).
aClient.PostAsync(theUri, new SomeClass());
Take a look at some implementation details right here:
Web Api Getting Started
Get started with WCF is not so easy as with Web API.
Given the tags you've used, my guess is that you're deciding between SOAP Web Services and WCF. Given these two, I say to go WCF. SOAP web services (as implemented in Visual Studio) are the older technology; still serviceable, but WCF can do everything an older SOAP service can do (including look exactly like a SOAP service) and more.
If you have a web service that connects your web server to your database server (these two things should be on different machines; your web server is exposed to the world by necessity, while your DB server should be locked down like Fort Knox), I see no reason why you shouldn't use that same service as-is for an internal WinForms application (using a LAN/VPN to access the service layer on the DB server). For a WinForms application that must access the data over the Internet, I would recommend reimplementing the service as a WCF service supporting secure encrypted data transfer. You can also set up the service endpoint to only accept HTTPS connections, and thus simply run your existing service through SSL/TLS.
What you choose will primarily depend on how much time-resources you can commit to resolving the problem; moving to HTTPS is a fast fix requiring little if any code changes, while reimplementing in WCF will take more time but will allow additional security measures beyond a simple secure tunnel.
Or something lightweight like Nancy: http://nancyfx.org/
We had some issues with MVC4 WebApi stuff and ended up using ServiceStack on the server side JavaScript/AJAX for web clients and RestSharp for thick clients.
One of our specific issues was the inability to auto generate documentation, significant performance differences, and better support for unit/integration testing.
Rather than advocate specifically WCF, I'd recommend WCF Data Services or OData, with the stipulation that you'll need to secure it. If you go for pure WCF, you'll see that you'll end up creating a lot of code to handle retrieving the info from a database, and then sending that information right back out to your clients. It doesn't sound that bad, at first, but after about 30 entities in a database, you'll quickly grow tired of a pure WCF solution.
OData is great, it uses Entity Framework, and it quickly opens data manipulation for an existing database or one you are going to make. It will save you a ton of development time, if you can make your service secure. The format of the data response is flexible. There are plenty of client libraries ported for other programming languages as well.
The steps for securing a service are pretty simple. Always deploy to https. Any login or registration methods , need to be post methods, that return a token (Encrypted value), or a unique secret that can be encrypted and sent back for any subsequent requests. It's better to use the token, and have an expiration on the token.. because otherwise both your service and your app whether mobile or desktop, need to have a shared encryption / decryption method.
I am new to web services so I created a web service to replace my current in-app DB transactions. I wanted things to be safer so that is why I went this way.
When using a free packet sniffer, it instantly grabs my web service ASMX call. The problem with this is that using a program such as fiddler they can easily see the data going back and forth and even worse set up a auto responder.
Is there a way to hide the calls being sent to the web service to hide from packet sniffers? Or at least make it more difficult to see the calls?
Expose it over a secured channel (such as SSL) only for transport level security.
Alternatively, you may choose to implement WS-Security to validate the identity of the callers, sign the payload or encrypt the payload (partially or fully); or any combination of the above.
Here is an article that talks about this in the context of ASP.NET: http://msdn.microsoft.com/en-us/magazine/cc188947.aspx