How do you add a username/password to a Soap header via a Windows Mobile 6.5 application for an outbound web service call?
I have successfully achieved this in the full .Net framework by specifying the SoapExtension in the App.Config/Web.Config file but this does not exist in the compact framework.
edit:
a bit more info.
i have a web service which was supplied by a third party so i dont have the code to it and i couldnt tell you what happens within it. However, when i add a service reference to the URL and use it in my compact framework application i get an "unauthorised" error.
i can create a winforms/webforms app and reference a library to set the username/password for the outgoing message and it works fine (library supplied by third party so i also cannot view the code).
the library is not compatible with the compact framework and it also requires the SoapExtension be specified in the app.config/web.config file which is also not present in the compact framework.
Related
I have an ASP.NET Core application hosted on a server which doesn't access the internet directly for security reasons. So if I used any SDK (ex: FCM SDK) it can't initialize a connection from the application.
The SDK is internally calling an API like fcm.googleapis.com; I need to create something which intercept the SDK request and forwards the request to this route (ex: 192.168.1.45:51514) and I configure the proxy to navigate to the desired URL.
I'm thinking for multiple solutions as follows:
Create a middleware that intercept the SDK requests and changes its base URL to the desired URL (I don't know if it'll work or not).
Create an intermediator project which I can call and just call it then the SDK integration inside the intermediator project (it works but searching for a better solution).
Get the SDK source code as it's an open source and change the URL to be configurable not hardcoded as it is.
Please advise for what is the best practice solution for this issue.
As a quick run-through, i've got the following scenario
Website which hosts c# web api services
each webapi takes a 'request' message type and returns a 'response' message type
Also a winforms client app which has its own repository that consumes the webapi services for its own use.
Is it good practice to put the request/response messages in a shared library which will be used by both the website, and by the client app bearing in mind if i update the webapi on the website, it could get out of sync with the distributed client apps, and may break functionality for them until they upgrade to the latest version.
thanks for any suggestions.
If you cannot force your clients to update to the latest version, I would create a new endpoint with a corresponding shared library for each breaking change.
http://yourservice/api/v1/GetXY
http://yourservice/api/v2/GetXY
http://yourservice/api/v3/GetXY
....
And you could set up monitoring to see which old/obsolete endpoint is not in use anymore and turn it off if you want.
I would like to connect to a SOAP webservice (HP Operations Manager Incident Web Service) using a .NET client based on code generated by adding a service reference. The generated proxy creates a client that implements the DuplexClientBase class. The service is IIS hosted with a self-signed certificate and I need to sign in using basic authentication.
I ran into two problems trying to connect to this service:
I have not yet been able to find the right binding configuration. Either the binding does not support duplex or https traffic with basic authentication.
When adding a .NET 2.0 web service reference (the binding issue is not there) I am able to connect to the service but the “Action” header element which is required by the service and should look like <a:Action s:mustUnderstand="1"> http://schemas.xmlsoap.org/ws/2004/09/enumeration/Enumerate</a:Action> is not included in the header. When I create a SoapExtensions and inspect the contents of the Action property of the SoapMessage object in the ProcessMessage(SoapMessage message) method it contains the right value but the property is not serialized in the message header.
I would like to know if any of you could suggest what to do:
Proceed with a 2.0 legacy reference and find a way to add the Action element in the SOAP header. (eg adding a SoapExtension)
Fix the binding a find a way to connect to the https site with faulty certificate (wsDualHttpBindingdoes not support HTTPS, BasicHttpBinding does not support duplex, PollingDuplexHttpBinding does not seem to work in a console application)
Try to generate the code in a way that no duplex communication is required. Is this possible?
It is possible to make a .NET 2.0 client support WS Addressing. You can accomplish this by downloading and installing Webservice Enhancements 3.0 (WSE). http://www.microsoft.com/en-us/download/details.aspx?id=14089
When you add a reference to the Microsoft.Web.Services3 assembly and change the code generated by adding the web service reference. Change System.Web.Services.Protocols.SoapHttpClientProtocol into Microsoft.Web.Services3.WebServicesClientProtocol and the code will support WS Adressing. The action element will now be added to the SOAP header.
Although this workaround does the job I still would prefer a WCF service reference connection.
I am developing an android application to accommodate some desktop software that I created. I would like for the user of the mobile app to have to verify their identity through authentication. Basically the web service will have to act as a central hub to both authenticate and hold information that the android app will need. The way I think it should work is to
-Set up a central web service
-Allow user to create account from desktop client using email/password
-The desktop client will send the information to the webservice that the android app will need.
-when android app is authenticated it will then retrieve the data it needs that was posted from the client.
So basically the service will need to be able to send and receive data.
I will only be using .net (either C# or vb.net ) for the service, so this leads me to a couple of questions:
Should I be using WCF for this? If so should I create a WCF Service library or WCF Service application?
Should I be using the Sign Sign on service approach?
The web service doesn't need to be fancy it just needs to get the job done. Is their any boilerplate project templates or projects out their I could use to help build a foundation?
I recently discovered SudzC.com which generates classes and methods for Objective-C from the wsdl data of a .net web service, and I'm fairly sure it also does Android.
I have a huge catalog of fairly 'old' web services which pre-date WCF and they are currently working perfectly.
I should point out though that the SudzC service only shows you what it can do for you for free - to get the code you have to pay ~£20 for a one year pass.
We had something similar where I worked. We had to put together an Android app for the company. If you are on .net 4.0 or newer, you can take advantage of theWebApi. It can return json or xml. So, that means any platform can utilize it (desktiop, android, etc...). I found it extremely easy to use, with very little overhead.
I am developping a web application project in Visual Studio 2005 on .NET 2.0 the web application project has obviously secured web pages and web services. I want to secure the web services as well. Currently the authentication mode in the web.config is set to forms and I have created my own membership provider for this purpose.
The target application server is IIS 5.0 which is configured to work over https with a valid certificate so technically speaking all I want is the web services to validate some hard coded string to ensure that the system that call them are known since they manipulate sensitive data. Since its over a secured channel I do not expect to use any fancy encryption for this web service authentication. As a side note, the expected system to use the web services are in Java and not in .NET
What I am really looking for is the best way for me to achieve this within the same solution in visual studio. I do not want the web services to be a separated project. (requirement)
Is the only solution to use flow credentials in the SOAP header ?
Thanks,
Carl T.
You can add a location element to your web.config with an authorization element that allows anonymous users to access the web service, effectively bypassing the forms security for the service. Then you can make your hardcoded string be accepted as just another argument to your methods. See location Element (ASP.NET Settings Schema) for more information.
You mentioned hard-coded strings, so I assumed you were looking to pass it to methods and run sessionless. Give this article a look .NET Web Services Security. The part you'll be most interested in is on page 3.
Ideally, you should look to update to .NET 3.5 or higher with WCF, but barring that these are your best bets.