Membership / Authorization Over A REST Service?
Mar 23, 2011
I'm investigating creating a WCF REST service for an existing asp.net application to be consumed by various clients including Windows Phone 7, Android, iPhone apps etc.Creating a simple WCF REST service and consuming it from the above platforms is not a problem and works really well. What I am struggling to get my head around is authorization.The asp.net application uses the Membership provider to provide authentication and authorization and I'm comfortable in using that API from the REST service.
How do I secure my REST service so that the first call has to be to authenticate (passing the username and password) and following calls know who is 'logged in'. I'm guessing the authenticate method will have to pass back some sort of token to be used in subsequent calls identifying the caller. Is this secure enough as the whole site / service is over SSL?
View 2 Replies
Similar Messages:
Jan 23, 2010
I am writing two ASP.NET apps. One is a web service that provides xml data and the other is a web client that will use the service to display and manipulate data. I would like for the web service to do the membership authentication and authorization. Is there any way to simply point the login controls in my client application to the web service instead of to a database. I assume I would have to provide the necesarry methods in my web service interface, which would then use the membership provider database I created and pass the results back through to the client.
Is this possible? I have seen many articles on security provisioin from a web service but none has really been what I am looking for. I was hoping that, since my service and my client are both written in ASP.NET, there might be some built functionality that would benefit me.
View 8 Replies
Jan 16, 2010
I have a client asp.net website that uses ASP.Net Membership, Roles and Profile providers and Login controls. I need to expand the application so was going to use WCF Workflows, the ASP.Net website will be hosted on a different server than the WCF Services so what I want to do is get the ASP.Net Website to auth via the WCF Service. So process will go:
ASP.Net Website ------------------> WCF Service ------------------> SQL Database (Membership, Roles, Profile, Workflow Persistence Data and Business Data)
I tried creating a custom Membership and Role providers but I have had problems managing the users (Membershipuser class) saying null when a vaild user has been return by the WCF Service as can access the properies but not the methods.
View 5 Replies
Feb 8, 2010
I need to call a Rest service but would like to do so without having to redirect. Here is my dilemma. The Rest service we are trying to integrate offers the option to sign up for a subscription but does not allow us to upgrade an existing subscription. So if a user wants to upgrade an existing subscription we have to first cancel and then have the user sign up for a brand new subscription. I don't know how I can make this so it flows nicely in my code. I ideally I would like to do something like this
User decides to upgrade
Click upgrade button
Existing account is being cancelled, if cancellation was successful
New account is being created
How can I do this with a Rest service? Here is a sample URI/URL
https://someservice.com?
Action=CancelSubscriptionAndRefund
&AWSAccessKeyId=AKIAIIFXJCFIHITREP4Q
&CallerReference=CallerReference07
&CancelReason=MyWish
&RefundAmount.CurrencyCode=USD
&RefundAmount.Value=1
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Signature=1uFUSSFvau1zadnSzKRS5ZchuLMn9p5M3ifaHGHie7M%3D
&SubscriptionId=17d62772-c53e-4bdb-9667-65d7b7841cfc
&Timestamp=2009-10-06T08%3A05%3A13.296Z
&Version=2008-09-
Could anybody give me some ideas how to make this work in an elegant manner. We thought we could keep the old subscription and then just sign the user up for a new subscription for the difference of the money. For example the first subscription would be 2.95 and the second one would be 2.00 which would amount to a subscription of 4.95. I think it is not elegant and the user would see 2 charges on the credit card, weird, I think. Since I don't know much about Rest maybe there is a way that this can be solved.
View 1 Replies
Oct 15, 2010
I have developed an rest enable wcf service by using the following link
[URL]
Now I want to know is there any difference between rest enabled wcf service (or restful web service) & rest web service ? If there is any difference then what is that ? If there is difference the can you provide me any link (which represents steps visually as in above link) through which I can develop rest web service ?
View 2 Replies
Aug 24, 2010
I'm considering to host WCF Rest Service that i've built on IIS 7. The URL to access my service will be something like
[URL]
Recently, i've been looking to some REST API implementation with a clean URL like Yahoo API
[URL]
I'm wondering what will be the best WCF host environment (e.g. Windows Service) or any solution (e.g. URL rewrite module) considering that I dont want to have application name and .svc in my URL so that I can have a completely clean URL for my REST API
View 2 Replies
Jan 14, 2011
I'm trying to consume the following web service http://ipinfodb.com/ip_location_api.php
this web service returns an xml response, the code below gets the XML response, but somehow when phasing the values from the XML response it does not work.
What is wrong with my code?
using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
using System.IO;
using System.Net;
using System.Xml;
namespace ConsoleApplication3
{
class Program
{
static void Main(string[] args)
{
HttpWebRequest request = null;
HttpWebResponse response = null;
String Xml;
// Create the web request
request = WebRequest.Create("http://api.ipinfodb.com/v2/ip_query.php?key=<yourkey>&ip=74.125.45.100&timezone=true") as HttpWebRequest;
// Get response
using (response = request.GetResponse() as HttpWebResponse)
{
// Get the response stream
StreamReader reader = new StreamReader(response.GetResponseStream());
Xml = reader.ReadToEnd();
}
// Console xml output
Console.WriteLine(Xml); //see if we get the xml response, (YES we do)
Console.ReadLine();
string _currentField = "";
StringReader _sr = new StringReader(Xml);
XmlTextReader _xtr = new XmlTextReader(_sr);
_xtr.XmlResolver = null;
_xtr.WhitespaceHandling = WhitespaceHandling.None;
// get the root node
_xtr.Read();
if ((_xtr.NodeType == XmlNodeType.Element) && (_xtr.Name == "Response"))
{
while (_xtr.Read())
{
if ((_xtr.NodeType == XmlNodeType.Element) && (!_xtr.IsEmptyElement))
{
_currentField = _xtr.Name;
_xtr.Read();
if (_xtr.NodeType == XmlNodeType.Text)
{
switch (_currentField)
{
case "Status":
Console.WriteLine(_xtr.Value); //we print to console for testing purposes, normally assign it to a variable here!
break;
case "CountryCode":
Console.WriteLine(_xtr.Value);
break;
case "CountryName":
Console.WriteLine(_xtr.Value);
break;
case "RegionCode":
Console.WriteLine(_xtr.Value);
break;
case "RegionName":
Console.WriteLine(_xtr.Value);
break;
case "City":
Console.WriteLine(_xtr.Value);
break;
case "ZipPostalCode":
Console.WriteLine(_xtr.Value);
break;
case "Latitude":
Console.WriteLine(_xtr.Value);
break;
case "Longitude":
Console.WriteLine(_xtr.Value);
break;
case "Gmtoffset":
Console.WriteLine(_xtr.Value);
break;
case "Dstoffset":
Console.WriteLine(_xtr.Value);
break;
case "TimezoneName":
Console.WriteLine(_xtr.Value);
break;
case "Isdst":
Console.WriteLine(_xtr.Value);
break;
case "Ip":
Console.WriteLine(_xtr.Value);
break;
default:
// unknown field
throw new Exception("Unknown field in response.");
}
}
}
}
}
Console.ReadLine();
}
}
}
EDIT: this is the XML response returned
<?xml version="1.0" encoding="UTF-8" ?>
- <Response>
<Status>OK</Status>
<CountryCode>US</CountryCode>
<CountryName>United States</CountryName>
<RegionCode>06</RegionCode>
<RegionName>California</RegionName>
<City>Mountain View</City>
<ZipPostalCode>94043</ZipPostalCode>
<Latitude>37.4192</Latitude>
<Longitude>-122.057</Longitude>
<Gmtoffset>-28800</Gmtoffset>
<Dstoffset>0</Dstoffset>
<TimezoneName>America/Los_Angeles</TimezoneName>
<Isdst>0</Isdst>
<Ip>74.125.45.100</Ip>
</Response>
View 4 Replies
Mar 21, 2011
I am building a subscription based web site, which currently has three subscription levels, i.e. Horses, Soccer, and Horses and Soccer. I was thinking of implementing standard role based authorization, where a Horses subscriber would get roles including those to use the Horses section, etc.
Should I use a standard role provider, and when a member subscribes to the site, assign roles for his subscription to him, or use a hierarchical role provider, that when asked for the roles for a member, only then uses the member's subscription level to 'calculate' a set of roles for the member.
View 2 Replies
Aug 27, 2010
I am trying to interface a website we have with our helpdesk software. The helpdesk software has a REST API that i can connect to. So far I have been successful in getting a current ticket with the following code.
[Code]....
[URL] How would I implement this in ASP.Net? I want to create the ticket, and need to be able to retrieve the access key that it returns. I tried using the same code above, but instead changing the method string to this.
Code:
method = "request.create&tNote=Testing method&sFirstName=Jose"
But I get a "Bad Request" error from it.
View 3 Replies
Dec 3, 2010
Trying to deploy a wcf rest service inside of an asp.net web application. Works wonderfully when deploying to test server in visual studio, however when i deploy to iis 6 I get nothing. It is as if my service is not there at all.
here is my web config under system.service model:
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
and im registering a route in the global.cs
routes.Add(new ServiceRoute("Service", new WebServiceHostFactory3(), typeof(WcfJQueryService)));
my web service class is decorated with:
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
I am using windows authentication if that matters in this case.
View 1 Replies
Apr 28, 2010
I have an old website running fine in Classic ASP with large customer base registered onto the site. The current site allows users to have their own user name(unique) registered against an ID assigned to them. They can change the User name later as well provided it is still Unique in the database(Database is SQLServer2005).
The Problem: Now i want to move the website to .NET and want to use the .NET Membership. I know how to create the database structure in SQL Server through aspnet_regsql script but my problem is how should i import the existing username and passwords as the password stored in MembershipDB is Hashed (salt). Also i might want to allow admins to impersonate as users later.
View 5 Replies
Jan 18, 2011
can Pass object in Rest Service Uri
View 1 Replies
Mar 29, 2011
I made a simple WCF web-service inside an ASP.net website.
The web-service is hosted by IIS and works fine on localhost, ie when accessing for exemple to
[URL] I get the correct "Hello World" response as expected.
But accessing to it by my computer hostname [URL] gets me an error 404 response. This is particularly confusing as the remaining of the site (mainly aspx pages) is accessible without any problem from both ways.
[code]....
View 2 Replies
Aug 31, 2010
I have a WCF REST service built with C# and it returns an image as part of a CPU intensive operation. The client is running on Android (Java) By default, it will return a text JSON object that looks something like this:
{"d",[9,0,77,12,11,...]}
Those are they bytes of the image. Fine. However, all the solutions for decoding this JSON are intolerably slow. I've tried Gson, Jackson, and the built-in Android JSONObject class. I have no idea why they are so slow.
As an alternative solution, I have my REST service return a GUID, and then that GUID can be used by the Android client to go to a regular URL that serves up the image as a regular binary stream, via an MVC controller.
This works well, and it fast, and is pretty easy to handle on the Android side. However, it does feel like a bit of kludge and kind of a violation of the REST design principles. Am I missing something here? Is there a better way to do this?
View 4 Replies
Jan 3, 2011
I am attempting to parse the XML output from a REST web service and have been pointed in the direction of using Linq2Xml to query the XML for the attributes that I am after. The XML output is as follows:
<?xml version="1.0" encoding="UTF-8"standalone="yes" ?>
<Response Status="OK">
<Item Name="NumberZones">2</Item>
[code]...
The returned datatable is empty, I have confirmed that result does have the XML assigned, and result.value is the string version of the XML file (200Westralia0{81C56183-31DA-45C2-90C3-81609F01B38B}Lounge10001{eac0109e-0090-a992-7fba-dc67fe29e6e7})Is anyone able to provide assistance in how I can read from the REST XML example above the name (ZoneName%) and the attribute value (Westralia and Lounge)?
View 1 Replies
Oct 26, 2010
[Code]....
this method i can access using asp.net but not by using a android.. i have checked for the headers etc.. the response is OK in android while debugging but the data is not inserted..
what is the equivalent of stringbuilder in android??
in android i use
StringEntity se = new StringEntity(json.toString());
//and post the data to my service...
post.setEntity(se);
what is the equivalent of stringentity in C# and what can i do for this prob?
View 2 Replies
Mar 21, 2011
As I am getting Problem while hosting WCF Service on Win 2003 Server.As it is working fine in my local P
View 1 Replies
Mar 15, 2011
We have an existing, proprietary data processing application that runs on one of our servers and we wish to expose it as a web service for our clients to submit jobs remotely. In essence, the system takes a set of configuration parameters and one or more data files (the number of files depends on the particular configuration template, but the normal config is 2 files). The application then takes the input files, processes them, and outputs a single result data file (all files are delimited text / CSV or tab).
We want to now expose this process as a service. Based on our current setup and existing platforms, we are fairly confident that we want to go with WCF 4.0 as the framework and likely REST for the service format, though a SOAP implementation may be required at some point.
Although I am doing a lot of reading on SOA, WCF and REST, I am interested in other thoughts on how to model this service. In particular, the one-to-many relationship of job to required files for input. It seems pretty trivial to model a "job" in REST with the standard CRUD commands. However, the predefined "job type" parameter defines the number of files that must be included. A job type of "A" might call for two input files, while "B" requires 3 before the job can run.
Given that, what is best way to model the job? Do I include the multiple files in the initial creation of the job? Do I create a job and then have an "addFile" method where by I can then upload the necessary number of files?
The jobs will then have to run asynchronously because they can take time. Once complete, is it best to then just have a status field in the job object and require the client to regularly query the system for job status, or perhaps have the client provide a URL to "ping" when the job is complete?
View 1 Replies
Oct 1, 2010
My code below
BtnClick
YahooSample();
public void YahooSample()
{
HttpWebRequest request = WebRequest.Create("http://developer.yahoo.com/yui/") as HttpWebRequest;
[Code]....
View 1 Replies
Mar 30, 2010
How may I post arbitrary data to a REST WCF webservice? I mean, wihout use contracts.
Because my data is dynamic and I cannot have contracts, I want to get ride of the serialization overhead.
How should I declare my service and method?
View 1 Replies
Apr 12, 2010
Is it possible to create REST based web service using asmx?
View 1 Replies
May 7, 2015
I was told to build a rest web service using asp.net so does the code below represent the same
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Services;
[Code] ......
View 1 Replies
Mar 13, 2014
Why it is not working?
internal static int AddCatalog(string name, Guid key, string userName) {
HttpClient client = new HttpClient();
client.BaseAddress = new Uri("http://localhost:25169/ScopraAdminRESTService.svc/");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
[Code] ......
View 1 Replies
Feb 9, 2011
I read on a post that you can use ASP.Net authorization in the web config to control access to a WCF web service to replace the following attribute:
[PrincipalPermission(SecurityAction.Demand, Role="Administrators")]
To test I have been using "Administrators" which is a valid role so should allow me access and "TEST" which isnt. This works fine when using the above attribute however when I comment that out and use this in my Web.Config file:
<authentication mode="Windows" />
<authorization>
<allow roles=".TEST"/>
<deny roles="*"/>
</authorization>
It still allows me access.
So I was wondering if I have just got something wrong in the web.config or whether what I read was wrong saying to use that.
Just for reference this is the post I looked at:
Using Windows Role authentication in the App.config with WCF
and the following is my web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Windows" />
<authorization>
<allow roles=".TEST"/>
<deny users="*"/>
</authorization>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WcfService1.ServiceBehaviour1" name="WcfService1.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding"
name="BasicHttpEndpoint" contract="WcfService1.IService1">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.ServiceBehaviour1">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
View 1 Replies
Apr 2, 2010
I want to develop my own REST service, so I've created an IHttpHandler that is configured with verb="*" and path="*", the the application in ~/MyRESTsrv/ will handle any derived URL.
This approach works good in IIS7 with "integrated mode" and apparently in IIS6 if you map all the extensions to "aspnet_isapi.dll".
Is this possible in Apache/XSP with Mono? Do I have to do something special or it will work out of the box?
View 1 Replies