Calling Secure Web Service From Anonymous Website?
Feb 1, 2011
I have a web service that is set as secure via the web config:
<authentication mode="Windows" />
<authorization>
<allow roles="METWeb-Admin"/>
<deny users="*"/>
<allow users="METJoeUser;METJoeSmith"/>
</authorization>
And also in IIS 7 (Windows Server 2008) it has the following set for Authentication:
Anonymous Authentication:Disabled
ASP.NET Impersonation: Disabled
Basic Authentication Disabled
Forms Authentication: Disabled
Windows Authentication: Enabled
The anonymous site I am calling it from in IIS7 is:
Anonymous Authentication:Enabled
ASP.NET Impersonation: Disabled
Basic Authentication Disabled
Forms Authentication: Enabled
Windows Authentication: Disabled
In the Anonymous web site, I call the secure web service via:
moms.momService myMom = new moms.momService();
NetworkCredential netCred = new NetworkCredential(@"username", "password");
strStatus = myMom.createBackupDirectoryAndPrivs(sData);
Everytime I run this, it returns as Unauthorized. I have made sure this user is in the Web-Admin AD Group. I also tried adding the user as an Allow User but still unauthorized. I am pretty sure the problem lies somewhere in IIS but not sure what else to check.
BTW: For what it's worth, if I run the Anonymous site via VS2010 development on my dev box, and call the secure site using above code, it works fine. This is why I am thinking IIS on the PROD server.
View 1 Replies
Similar Messages:
May 19, 2010
I have ASMX services for my web application that I would only like available to the same application.Is there a way for the web service to only be accessible by the same application, such as relative/absolute path restrictions?
View 3 Replies
Jan 28, 2011
I currently have a asp test site setup which when the user clicks on the login link it opens the standard asp.net login page (login.aspx) within a modal telerik RadWindow. I am calling this page using javascript and this works fine.
The challenge I have now is when a user clicks on a link within the page if that link points to a secure section the login screen loads in the main frame of the site vs. a pop-up. I realize why (aka my js funciton is not being called) my question is to work around this would the correct/acceptible approach be to call a method from each link/button that tests for user authenticaiton? If the user is authenticated then redirect to the page otherwise call the javascript funciton to open the window?
[code]....
View 1 Replies
Mar 31, 2011
I have a website(X) hosted on a Windows server .
This Website is running under a AppPool= "CustomAppPool" ( Im using a specific AD Username and Password as the credentials for the apppool)
Website Is running under Credentials "DomainNameUsrName"
This Website should access a WCF service which is running under "MAchineNameASPNET" process
When i try to get the details of the calling method (UsrName) from the client calling the WCF ..... Im unable to to do so
I am always gettting the MachineNameASPNET as the credentials
How can i get the "DomainNameUsrName" from the callign website
View 1 Replies
Aug 30, 2010
I am maintaining a web site project in VS2005 and have to call a new web service on a remote server. I've done add web reference, and created the .wsdl and .discomap files in the app_webReference folder. When I try to create a object representing the web service in the code ( wsnamespace.serviceName ws = new wsnamespce.serviceName(); ) the code wouldn't compile.
The web site project is already calling other web services. When I right click on the type representing the web service and "go to definition" it takes me to a proxy class (derived from of course SoapHttpClientProtocol) in the metadata. I think this is what's missing for the new web service i'm trying to call. Have I missed any steps?
View 1 Replies
Jul 14, 2010
I need to get the calling page url referrer and host name. I works for me if the calling pages are within the same network. When a page is called from an internal site that are outside of my network, I got the following error:
Object reference not set to an instance of an object.
It failed on this line:
string userURL = Request.UrlReferrer.ToString();
View 1 Replies
Mar 16, 2011
I have the following code for consuming a service that is not working for me. what I can do to narrow down whats going wrong?
The address is: http://localhost:57667/ExampleService.svc/
When visiting directly I get the 'You have created a service... message'
The code that goes wrong is here. It causes the following error:
_url = "http://localhost:57667/ExampleService.svc";
TextReader textReader = new StringReader(HttpPostClient.Post(new Uri(_url), bodyData.ToString(), _exampleServiceRequestEncoding, Properties.Settings.Default.HttpPostClientExampleAvailabilityTimeout));
ERROR MESSAGE:When visiting this URL directly: http://localhost:57667/ExampleService.svc/ProcessRequest
The exception message is 'No component for key example.ExternalWebServiceStubs.Example.ExampleService was found'.
Castle.MicroKernel.DefaultKernel.get_Item(String key) at Castle.Facilities.WcfIntegration.WindsorInstanceProvider.GetInstance
View 2 Replies
Jul 20, 2010
I am developing web service for my windows mobile application..! But the new requirement is the web service must be an secure..! for example : My web service name is [URL] Instead of that , client wants to [URL] How I create https web service..! I am using visual studio 2008. windows 7
View 1 Replies
Sep 23, 2010
When a web service is consumed from server side, the web service may be implemented in a way to check credentials of the caller. In the case of calling the web service from javascript, how to secure the service since no credentials can be passed into a javascript function becuase of the visibility in source view?
View 7 Replies
Jul 2, 2010
I have a webservice that's behind form's authentication. The site that hosts the service also serves as a site that requires a user to log in via the login page.I have a second site that needs to be able to access the service that the first site hosts. However, when attempting to access the service, it fails because the service requires that the user is logged in.
View 1 Replies
Jan 18, 2011
In my web site i'm using Asp.net web service (using javascript) to update certain values to DB. I'm concered about the security threats. How can i secure ASP.net Ajax web service using javascript
View 6 Replies
Oct 16, 2010
I need advice on how to secure my WCF web service hosted in IIS. I am new to WCF and would appreciate any sample code, articles to help me restrict access to my WCF service.
I am in the process of testing and deploying a WCF service that will be available on the internet. I need to secure the web service so that only authorized clients can use the service. I need to be able to detect who the client is making the call to the service. The group I am building this service for wants to use Certificate authentication or IP address to Identify the themselves to call my web service. They do not want to use user name and password.
I have found several articles and code snippets for getting the IP address of the client and Certificate authentication. The problem I found using trying to get the IP address of the client is that since my web service his hosted behind a F5 or some type of reverse proxy I cannot get the true IP of the client. The IP that the web services get is the IP of the F5 or the reverse proxy.
For Certificate Authentication I followed the directions from the 9 simple steps to enable X.509 certificates on WCF located here
http://www.codeproject.com/KB/WCF/9StepsWCF.aspx?msg=3181718. I had a few problems using this setup for my web service. 1) To me it seemed like as long as the user presented a valid Certificate they would be able to call my web service.
2) Does Certificate Authentication work when the security mode is set to Transport? In my production environment only HTTPS traffic is allowed through. I setup a Certificate authention on my service following the steps outlined in the article. I used the SSL certificate assigned to my server for the web services. For the client outside the network the service is hosted on, I used one of the certificates I generated when i tested the code locally. I changed the authentication mode of the certificate to chain trust for both the client and the server. I was able to call the service and recieve a message. I thought that since my certificate was self generated using the makecert command that the web services would not authenticate the client for the service.
how I can secure my services to only allow a few approved clients to call call the service.
View 17 Replies
Jan 18, 2010
I am currently implementing a client-side paging solution using ASP.NET, jQuery and JSON.
I have been following the excellent article from encosia: http://encosia.com/2008/08/20/easily-build-powerful-client-side-ajax-paging-using-jquery/
In my Web Method I retrieve my data from the database as a DataTable:
DataTable categoryProducts = ProductViewerAccess.GetCategoryProducts
("AA", 4, 0, Page.ToString(), out howManyPages, "FALSE", 0, "CostPrice", "asc", destinationList);
I then retrieve the data from the DataTable into an anonymous type:
var feeds =
from feed in categoryProducts.AsEnumerable()[code]....
This all works great.
However, I would like to extend the code to perform some evaluation checks (e.g., check that various columns in the DataTable are not NULL) and other pre-processing (e.g., call various functions to build the image URL based on the image ID - which is another column in the DataTable not shown in the code fragment) before I return the resulting rows of the DataTable as an anonymous type to the client-side.Basically, I want to iterate through the DataTable, perform the evaluation checks and pre-processing, while building my anonymous type manually as I go. Or maybe there is a better way to achieve this?
View 2 Replies
Mar 2, 2011
I have a E-Shop Site and I need some customization for my users like following :
Store favorite products in their own basket.Customize products list in order to what are their favorite. It must remember their basket next time they want to visit our site.
my question is how I can store information for my customers who are new to my web site also most of customers don't like to have username and password then login first they like to buy during a week and at the end of week pay for them then we can send some products to their locations.
I have already written my application using asp.net with framework 4.0.
View 3 Replies
Aug 2, 2010
How do you secure a WCF web service when you are using the traditional "connection string in the web.config"?
I have added a WCF service to an application which uses a JQuery post and returns JSON. The request happens on the client side. The purpose of this service is to return search information while the person is typing text into a textbox.
It works well, but there is a problem because the application will be used by a number of people and I am maintaining a role based security within the applications MS SQL database. The connection string to the database is in the web.config file.
In order to run the JQuery call to the web service the user must have at least read access directly to the database. I want to allow the application to control the access, but removing all security to the WCF service opens the application up for external access by unauthorized users.
View 3 Replies
Feb 24, 2011
i want to put secure payment gateway for website.
View 3 Replies
Jun 7, 2010
I want to secure my certain web page of site, Displaying lock icon at status bar of browser. How do I achieve this in 2.0 using any default certificate?
View 6 Replies
Dec 3, 2010
I've to download files from our 38 clients secure websites. They are our data resources. Currently data collection process is manual. Logon to the site, login with username and password, then download files, save to local folder, close window once download is completed. We are trying to automate download process. Plan is to handle login part with code and directly show list of filename to User with check box , so User can select files and click to save.
Rest all will be handled programtically. Once download is complete the status for that file will change to "Saved" or "Download Complete. I'm working on Window 7, VS2008(C# asp.net). Trying to make it work with WebClient class. It'll be great if you can post some source code or guide me to link or post for solution.
View 2 Replies
Jun 10, 2010
I have a secure admin section in my website, only logged in users can gain access to this section, its controlled from the web.config file like this
[Code]....
This has all works perfectly well until now. Ive created a page that has an accordian control on it from the ajax control toolkit, as soon as I place this control on a page and run the web page, I get this error
View 1 Replies
Jan 7, 2010
I am working on an application to read some data from a website that requires a login.
I am using the WebClient class to read the page.
For example if I have a page http://www.something.com it can read the page fine.
However If I have a page https://www.something.com/secure/ than it requires authentication.
I have the username/password required I just need to know how to pass it in using C# .net.
View 4 Replies
Jan 7, 2010
I am new to Silverlight. In Silverlight, we can get data from server using ASP.Net (using WebClient and HTTPWebRequest classes in Silverlight) and using WCF Service.
Assuming that I do not need the cross domain capability, what is a good option in terms of Security and ease of development?
View 1 Replies
Mar 11, 2011
I am in the process of implementing jQuery calling WCF service which is hosted in the same domain. My application uses Win Auth that works fine with ASP.NET app. I would like to know from the team if the user calls the WCF service from the ASP.NET what is the security context in which the service runs? Or it uses the web.config security which is specified? Are there any links related to this where i can get some information.
ASP.NET 4.0, jQuery and WCF 4.0 in same web application
View 1 Replies
Feb 7, 2011
I have a simple wcf service developed in vs2010
[ServiceContract]
public interface IService1
{
[OperationContract]
string GetData(int value);
// TODO: Add your service operations here
}
public class Service1 : IService1
{
public string GetData(int value)
{
return string.Format("You entered: {0}", value);
}
}
the following call is working
protected void Button1_Click(object sender, EventArgs e)
{
ServiceReference1.Service1Client p = new ServiceReference1.Service1Client();
Label1.Text= p.GetData(5);
}
but when I am trying to call it from jquery its not working
$(".test").live("click", function () {
$.ajax({
type: "post",
url: "[URL]",
data: {value:'1'},
contentType: "application/json; charset=utf-8",
timeout: 10000,
processData: true,
dataType: "json",
success: function(d) {
alert(d);
},
error:function (xhr, ajaxOptions, thrownError){
alert(xhr.status);
alert(thrownError.toString());
}
});
View 1 Replies
Jun 24, 2010
I am developing application for PDA. The Sql Server compact edition is installed on PDA. The data is stored on PDA's DB as well as the Server Database through wifi.
If the server is available,the data will be stored through web service, If not available ,the data should be inserted when the server is connected to the data.
which is better to transfer data whether the web service or windows service?
If web service means, how could i transfer the data to server database?
View 3 Replies
Oct 27, 2010
I have almost the same problem as you have described in [URL] service. I have a asp.net webservice that calls a WCF service. On my development machine this is working fine. But if i deploy my ASP.net Webservice it is not working. Both the ASP Webservice en WCF service needs my cridentials. How did you solved your problem. In the logging of the WCF service I see that my credentials is not passing to WCF.
View 1 Replies