I have a windows application which shows web page hosted in a website. Because of confidentiality, I don't want to show URL to the user. As this website is hosted on IIS and so user can access website directly through browser if he/she knows URL.
How can I block access of website via browser but not through windows application?
P.S. this website is third pary product hosted on my machine and I cannot do any code change into it.
If you can't make any code changes to the website, it will not be possible to block access based on which system is calling the URL using IIS alone.
One approach would be to put the webserver behind a firewall and implement an authentication / authorization mechanism between your application and the firewall.
I am stuck in a situation where i have a bunch of urls and i have to distinguish them based on whether they belongs to website or webapp.
I tried to look at Response Header from the request and discovered that i can use server field & powered By field to check it.
But for most of the requests they are disabled so is there any other way to distinguish webapps from websites.
There is no way to identify that website id webapp or website on basis of user agent or some other property. its just term, here other question which might suite you - What's the difference between a web site and a web application?
I'm currently attempting to use the OAuth 2.0 User-Agent Flow with a clientside C# application, and I'm running into some confusion relating to the redirect URI.
Because I'm working with a clientside application, I cannot supply a standard redirect URL to a web server. However, according to the people I'm trying to authenticate with (Salesforce, in this instance), the User-Agent Flow is the correct one to use for a clientside application.
My question is, what can I do to catch the access token in this situation? Apparently I can create a "local resource accessible to the client," but I'm unfamiliar with the mechanics behind this, and I can't find any resources on the topic (partly because I don't know what to look for).
Any pointers as to where I should start looking would be greatly appreciated.
Edit: Some more digging has revealed the following stackoverflow question:
How do I develop against OAuth locally?
I'm doing some more investigating with what they suggested, but any other suggestions would be great as well.
Edit: Some more searching revealed this article:
http://sarangasl.blogspot.com/2010/09/create-simple-web-service-in-visual.html
Still feels like I'm poking around in the dark without an understanding of the larger picture, but I believe I need to set up a local web service using localhost and point my redirect URI there. I'll then use my web service to unwrap the response from the OAuth server and have my application respond appropriately. More updates to come.
Ooookay. So from what I've been able to gather, I need to set up a local web service to supply as the callback for OAuth. I need to listen on said web service myself and catch the callback to pass it to my app. However, the default ASP.NET web service provided by VS2010 does not support URL parameters, just API calls, so I apparently need to use the WCF Rest starter kit instead.
I am completely foreign to all of this, so any tips would be a godsend at this point. In general, I'm thinking I set up a local WCF Rest service, supply that local URI to OAuth as the callback, and then catch the callback URL using the Rest service. Then I parse the URL and extract the access token. At this point, does my app request the access token, or can my web service "give" the token to my app? I.e., where should the locus of control be?
Figured out a clever way to work around this. Instead of setting up a service to listen for OAuth's redirect URL, I embedded a WebBrowser control inside my Windows form.
I pointed this embedded WebBrowser to the authentication URL and let the user log in and authenticate with Salesforce and grant permissions to my app. Then, I let Salesforce redirect my embedded browser to a dummy redirect URL that I supply. This redirect never actually goes anywhere, it just shows up as a 404.
However, by monitoring WebBrowser.Url, I can pick up the entire URL that my embedded WebBrowser control is directed to, including the access token that is appended by Salesforce. Basically, after the user authenticates and grants permissions, the embedded browser is redirected to "http://www.dummyurl.com." Salesforce appends the access token, so WebBrowser.Url ends up looking something like this:
http://www.dummyurl.com#access_token=ABCDEF&instance_url=ABCDEF
From here, I can just parse the URL and go on my way. No third-party web server or local web service required. :)
The call the Authorization type you need Authonomous Client http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com#Obtaining_a_Token_in_an_Autonomous_Client_.28Username-Password_Flow.29. Read about the URL you have to send there.
grant_type=password&client_id=<your_client_id>&client_secret=<your_client_secret>&username=<your_username>&password=<your_password>
You can use DotNetOpenAuth library. There's an example using WPF, where it uses a winforms control called ClientAuthorizationView provided by DotNetOpenAuth library.
It is a control that hosts a browser allowing the user to authorize the client without leaving the application.
Hope this help.
Regards
how can we use fiddler to check traffic of a web service(xml) between two web sites?
http://www.fiddler2.com/fiddler2/
i have created two subdomains for my web site.
for example my web site is like this :
www.site.com
and those subdomains are like below :
www.sub1.site.com
www.sub2.site.com
these sites are on a web server (vps) and i am waching them with my local system(fiddler has been installed on my local system).
www.sub1.site.com is calling the www.sub2.site.com web service.
is it possible to capture this web service data with breakpoint like http and other stuff?
i checked fiddler many many times, but could n't find how?
if not what is the XML tab in Fiddler?
really appreciate for answer and help
You can't use Fiddler2 for this. Fiddler2 is a web proxy that routes your browser requests through a proxy running on your own machine. So it only works if the "client" that is making the HTTP request is local. Your browser may, for example, initiate an HTTP request to www.sub1.site.com, but the call from www.sub1.site.com to www.sub2.site.com isn't one that will route through Fiddler2. Think of Fiddler2 as sitting between your browser and whatever site the browser is trying to reach.
If you have access to install Fiddler2 on the server (sub1), you might consider http://www.fiddler2.com/fiddler/help/reverseproxy.asp for some more complex scenarios. But then, if you have access to the server, there are other ways to monitor that may be better options (log files, as an example).
I have two sites - old and new one.
The newest is Sharepoint 2010 portal. Several part of it are under construction and when user requests site which is under construction I need to return page from old portal.
I've found an article which describes how to implement Sharepoint 2010 reverse proxy using URL Revrite and Application Request Routing.
But URL to old site should contain a dinamically generated parameter.
Is this possible to interfere in Sharepoint or IIS working process to generate this parameter and change dynamically this URL address before it will be processed?
HttpModule will allow you to run some codez inside HttpRequest processor, but I'm not really sure you wanna go that route...