I am about to develop a windows applikation which need to communicate with an Axis2 webservice using Web Service Security - all the documentation says is, that the SOAP security communication is configured to TIMESTAMP, SIGNATURE, ENCRYPT and the the certificate of my company must be installed in my keystore and the SOAP client I am about to develop must trust the webservice-provider certificate. But from here I am lost.
I know how to use a regular webservice - but with the above informations nothing I know of or do will succeed, all I have figured out so far is installing Web Service Enhancement 3.0. Im using VS2008/C#.
Does anyone knows a good guide or provide a code-sample?
Here's a link to the WSE 3.0 Quick Start Examples:
WSE QuickStarts
If you're using VS2008 though, you should considering building your client using WCF. You won't need to install WSE 3.0 as the security standards are built-in. Here's a WCF reference that should get you started on the security aspect:
Common Security Scenarios (WCF)
Related
We have self-hosted C# WCF service providing rest API over HTTPS.
Problem:Configuring the certificates for SSL requires admin rights. I assume it is to do with WCF depends on http.sys for http/https handling. The service is meant to be deployed on customer environments. So it would be nice if it can run without requiring admin rights.
Looks like WCF depends on http.sys,
Can I self-host an HTTPS service in WCF without the certificate store and without using netsh http add sslcert?
Like to know if any other embedded web server solution exist that support SSL and not requiring admin rights on the machine?
Checked so far,
http://nancyfx.org/
https://github.com/pvginkel/NHttp
Both doesn't seem to support SSL.
Most windows hosted web stacks rely on the HTTP Server API which is the API around the kernel HTTP stack (a.k.a HTTP.sys). The .Net HttpListener class does so as well (same as WCF, the OWIN self hosted asp.Net and so on which rely on it).
Just making sure, you do know you can authorize the identity you application runs under to bind to an HTTPS URL even if it's not running as an admin account, right? If you could gain admin right just for the installation phase that could solve you problem? (assuming you checked that already)
You can read more on a blog post i wrote about that here
To go into the effort of building an http stack on top of raw sockets would be a great effort and with little gain and so around .Net i doublt you would find anything like that.
Unless, it wished to be cross platform.
Any java based web server would probably do just that, using the JVM's http stack and relying on a java keystore to provide the required certificates for the SSL. (To keep it portable across different OS's)
If you wanna go java i am sure you can find many such web servers.
If you care to try and bind to a web server using CGI have a look at mongoose (Never used it to be honest).
Another option which comes to mind is to use an ssl proxy like Stunnel to stand in front of the web server. It would do the SSL part using non-windows certificate store.
I am looking to write an auth service using Web Api, and SQL Server for authenticating and authorizing users on my .net site, but ios and Android apps as well. I'm speculating that basic authentication over SSL is the easiest way to go, but I'm pretty new to this whole section of .net. I'm having trouble finding some clear tutorials that explain how to write such a service. Can anyone point me to some resources on how to do this? I'd appreciate it.
I think you need to look OAuth implementation in .NET.
Here is a video to give you some background on Web API security.
I also suggest getting a trial subscription to Pluralsight training and check out the courses on Web API security.
You may want to target the latest release of Web API 2.0 from Microsoft, it has the most features you'll need.
I think this might be useful for you:
http://www.asp.net/web-api/overview/security/authentication-and-authorization-in-aspnet-web-api
First time poster so please take it a bit easy on me if I break any posting rules - I have read them and I think I'm right.
I've been searching for a while before posting and can't seem to find a guide on what I am trying to do so I thought I would post here.
I need to write a C# .NET 3.5 program to consume a web service developed in Java. I have practice consuming ASMX web services in .NET using Web References from my experience writing Dynamics CRM plugins and software but this has me stumped.
My first attempt was to use a Web Reference (yes, I know - not WCF) however the web service requires a PasswordDigest (SHA-1 with nonce and created), a username token and timestamp token in the SOAP header and I couldn't find a way to add these to the SOAP header using the Web Reference.
My second attempt was to use a Service Reference (I believe, but I am probably wrong haha, that this is WCF) however I don't have much practice with this and any tutorials I found online were not much help.
Each time when I try to use the WS, I get a rejection from the server for being unable to authenticate.
My question is how do I consume a Web Service with these requirements in C# .NET 3.5?
Thanks.
IIRC, Microsoft WSE (either 2.0 or 3.0) had something called UsernameToken, which you need to stuff somewhere in the outgoing SOAP message and you're all set. Granted, this answer leaves a lot to be desired, so I'll throw a couple links at you and hope you'll wade through:
http://www.codeproject.com/KB/webservices/WS-Security.aspx
http://www.reliablesoftware.com/articles/WSESecurity.html
http://www.devx.com/security/Article/15634
(And this all shows yet again how flawed SOAP and WSDL actually are).
Our organization uses IBM FileNet as document management system. FileNet P8 comes with a web services API which can be used in .net
Has anyone of you guys tried this? If yes could you please direct me to any resources to kick start?
Thanks a ton in advance.
http://publib.boulder.ibm.com/infocenter/p8docs/v4r5m1/index.jsp?topic=/com.ibm.p8.doc/developer_help/content_engine_api/guide/gs_procedures.htm
The FileNet API comes in 5 flavors:
Java - jar reference, configure to use either http or iiop transport
.NET - .NET dll reference, configure for http transport
CEWS - Content Engine Web Services. Use only if you can't use the Java or .NET API
CMIS - web service conforming to the CMIS spec
COM - semi-legacy, not discussed in the docs, but it does exist
Although the .NET API uses web services in the background, your .NET project reference is to FileNet.Api.dll, rather than directly to the WSDL. So if you're a .NET shop, you want the .NET API, not the "Web Services API" (2012-02-03 edit: unless you opt for CMIS)
The best place to get started is the "Bulk Loader Sample Code" here: http://www-01.ibm.com/support/docview.wss?rs=3278&uid=swg27010422
You're in the right place for documentation related to the P8 .Net API. The only other "kick-start" link I can think of is http://www.ecmplace.com/.
I know how to create a session using the Java API for the CE, but I'm sorry to say that I haven't done it with the .Net API. However, I'm fairly certain that you'll find helpful examples on the ECM Place forum.
HTH!
Tom Purl
Can any body have idea how to consume php soap web service that have no support wsdl.
I want to add reference in .Net to generate client but failed.
When i saw in browser with ?wsdl it shows message wsdl is not supported.
Simply said: you can not. WDSL is there for development environments to know how to deal with a web service. Whoever wrote the web serivce made sure (or was ignorant enough to now know) that it is not usable from any tooling support.
You might want to consult the PHP: SOAP Manual and verify that you wrote the PHP webservice correctly.
And you can also look at this example: PHP Webservice and C# / .NET SOAP Clients
You need to configure the SOAP Service to support WSDL
(Web Services Description Language) An
XML-based language for describing Web
services and how to access them.
Otherwise .NET won't know what or how to use it.