When using WCF Data Services, more specifically in DevExtreme's WCF Odata service in c#, is there any way of encrypting the URL queries? I do not want the client to be able to see/modify the URL in order to get access to the data. I want to know if this level of obscurity is available, even if have authentication for the client and that the client only has rights to one ID.
For example:
/AcountsByIntroducerID?entityID=1234
This URL exposes the ID and also allows a client to change the ID number. Would there be any way in WCF that would allow use to turn the above URL into a encrypted string?
Such as: /JDudfj8ddJFDJSLAFDLJuaeouru0
So this can be decrypted on the server side. Thanks!
I had a similar problem to solve. For solve it i used the following pattern
I have encoded url parameters in one base 64 string.
Declare your WCF with one parameter
[ServiceContract]
public interface VCIWCFService
{
[OperationContract]
[WebGet(UriTemplate = "/{encodedParameters}")]
string GetSomething();
}
In backend code you can decode encodedParameters with the following code
string Url = HttpUtility.UrlDecode(encodedParameters);
Url = Convert.FromBase64String(Url );
and you can get a particular parameter with HttpUtility class :
Uri myUri = new Uri(string.format("http://www.nothing.com?{0}",Url));
string param1 = HttpUtility.ParseQueryString(myUri.Query).Get("param1");
I work with Objective-C Ipad app, and i encode the parameters with the inverse system
Related
I'm trying to execute a function using a Soap Port Client object (from an external WebService), and I need to set a proxy (address and credentials) for it. Because when I test the app (not on localhost), the WS functionality doesn't work.
Namespace.WebService.SoapPortClient foo = new Namespace.WebService.SoapPortClient();
short cod_error;
string des_error;
string url = "";
int fooNumber = 10;
url = foo.Execute(fooNumber, out cod_error, out des_error);
...code continues
In the above example, I need to set a proxy for 'foo'. I've tried with foo.Proxy but this property doesn't exists in the SoapPortClient.
Thank you all!
After reading your comments and problem I realized that you are talking about WCF.
Regards to your latest problem:
Now I'm getting the following error: The content type text/HTML of the response message does not match the content type of the binding (text/XML; charset=utf-8)
My first suggestion would be to check that the user you're running the WCF client under has access to the resource.
Can't say much since it's very hard to say something without seeing the config file or code in general.
Let's say we have a controller like this:
public class HomeController : Controller
{
[HttpGet]
public IActionResult Foo(string token)
{
return RedirectToAction(nameof(Index));
}
}
When I type the following URL address in the webbrowser:
https://localhost:44348/home/foo#dsfdsf
I would like to be able to read the dsfdsf after the hash symbol and bind it to the token variable.
Now I'm receiving null value. I'm getting such URL from the 3rd party app and I need to consume the response somehow and read the data from the query string.
I played with [FromQuery] attribute but I haven't managed it to work so far.
Any ideas?
Cheers
I have a work around for you, but first of all lets get more into the problem.
The strings after the hash symbol which are called Fragment values are not query parameters but they are strings to be read by the client-side (living in the browser) and the server cannot read them because they are not sent to the server by the browser.
Some authentication providers like Google and Azure send the access token as Fragment value for security reasons so that they are not transferred over the internet after they get sent as direct response from the authentication provider.
The only way you can come around that is to use javascript to convert the fragment values to query parameters by replacing the '#' with '?' and redirecting to the endpoint in your server controller.
I suppose the easiest way is to handle all that from server, meaning you get get the request in server, send a javascript code to the browser on the fly, that replaces the '#' into '?' and redirects to your second endpoint which reads the token as strong parameter.
Here how you can do it in ASP.NET Core 3.1:
[AllowAnonymous]
[HttpGet("authredirect")]
[Produces("text/html")]
public virtual ContentResult ConvertUrlFragmentToQueryParamThenRedirect()
{
return Content("<html><script>window.location.href=window.location.href.replace('#', '?').replace('authredirect', 'authparams')</script></html>", "text/html");
}
[AllowAnonymous]
[HttpGet("authparams")]
public virtual void GetAccessToken([FromQuery] string access_token)
{
// now you have your access token server side here
}
Please remember to set your redirectUrl to the correct one, in this case 'YOUR REDIRECT URL/authredirect'.
I've been searching for this problem but non was identical to my case.
I have the following controller:
public HttpResponseMessage GetMyService(int aType, [FromUri] string streamURL)
streamURL is a parameter that gets a full URL sent by the client.
The client calls the service like that:
http://www.myservice.com/.../GetMyService/?aType=1&streamURL=http://www.client.com/?p1=100&p2=200
The problem is that at then end, I get the [FromUri] string streamURL parameter as http://www.client.com/?p1=100 without the &p2=200
This is known and reasonable, but I cannot place any encoding/decoding functionality as the URL is cut at the very beginning.
Any help would be appreciated..
THX
The client should properly URL encode the value of the streamURL query string parameter when making the request in order to conform to the HTTP protocol specification:
http://www.myservice.com/.../GetMyService/?aType=1&streamURL=http%3A%2F%2Fwww.client.com%2F%3Fp1%3D100%26p2%3D200
So basically there's nothing you could do on the server side, you should fix the client.
In my application i've to send request to a remote asmx web service which is asking for a number of parameters. There is a parameter which is asking for json array. But i can't figure it out that how can i input my json string in the asmx url.(There is no issues with other string values for other parameters).
Thanks in advance.
It's my understanding that unless the webservice has been heavily customised, you are going to need to pass that parameter in the request body rather than as a GET parameter. For example (with jQuery):
var data = {
paramName: ['this', 'is', 'the', 'array']
};
$.post('service.asmx/Method?getParam1=herp&getParam2=derp', data)
.done(function(d)
{
console.log('Response: ' + JSON.stringify(d));
});
It's been a while since I used an ASMX service, and I'm not 100% positive that you can mix parameters like that. I have a feeling that if you put anything in the body, you have to put everything in it.
I am wanting to pass a decimal number (1.23) to my WCF-REST web service.
I keep getting a 'resource cannot be found' error. I expect that I'm encountering some security feature of IIS where urls that contain a dot are a resource. Does anyone have a suggestion on how to pass a decimal number to my webservice?
Sample url... http://localhost/restdataservice.svc/echo/2.2
Operation Contract
[OperationContract]
[WebGet(UriTemplate = "echo/{number}")]
string Echo(string number);
And implementation
public string Foo(string number)
{
return number;
}
You should look at IIS log to see the problem. One thing that can cause such problem is UrlScan. It has UrlScan.ini config file, where you can find AllowDotInPath parameter. If it is set to 0, requests such as above would be rejected. Just change it to 1 (but don't forget to ensure, that you don't allow directory traversals by rejecting urls with ..).
You may want to consider sending that number to your resource in a request representation using a POST request.
This should work fine out of the box, I cannot reproduce this problem with a similar basic setup - are you sure the default route for your echo method is set correctly?
I had a similar problem calling a method on a WCF OData Server.
The problem was that a decimal parameter requires an 'm' at the end.
http://localhost/restdataservice.svc/echo/2.2m