Running an old (we hope to phase it out soon(tm)) WCF Rest API. We got an endpoint like GET .../MyService.svc/. When WCF receives a request to GET .../MyService.svc (without slash) it will automatically redirect to the resource with a slash (through an HTTP 307).
Is there any way to change this behavior to either throw an error, or, ideally, having the resource listen to either of those endpoints (generically)? Because obviously WCF finds the right resource (otherwise it couldn't redirect), so it would make much more sense to directly execute that call instead of redirecting - especially with a temporary 307.
Cheers!
Related
I have a Collector service which receives information via RabbitMQ about all currently running services - service name and host address. And now I need to implement Sender-part in each WebApi service I have. I don't want to make this sender class a controller, because I want to send info to Collector by raising an event each minute and because of that I can't use Request.RequestUri... and so on. Now it works manually - by calling Get method that gets host address and sends a message (raises an event). So, I need somehow make my code to know about where is it hosted. Is there any way of doing that?
And if there isn't, what if a best practice of solving this problem by using Request? Because I need a hostname to send a request that gets hostname... makes no sense.
Thanks!
Found a solution to my question here https://blogs.msdn.microsoft.com/carlosag/2011/01/21/get-iis-bindings-at-runtime-without-being-an-administrator/
bindings section contains exactly what I needed to get.
I have a WCF application, that's making an external REST call to gather some data. The call is being made by an included dll, so we have no say in this call; we only have the url. I'm trying to set a timeout in Web.Config file for this (particular) external call. So setting the timeout generically for all the REST calls doesn't work in this case. Can someone point me in the right direction, what should I write in the Web.Config?
you might want to specify a particular WebHttpBinding
I have a WCF REST service hosted in SharePoint that uses SSOM. The client web application sends AJAX requests containing the REQUESTDIGEST in a X-RequestDigest header. I am using the typical SPWeb.ValidateFormDigest() for my POST requests to prevent CSRF vulnerabilities. Works great.
Here's the weird part. Our client uses HP Fortify, and it is reporting that our GET requests are vulnerable to CSRF attacks. My GET requests are indempotent so this seems silly, but I must be compliant.
To get around it, I want to use ValidateFormDigest() in my WCF method for the GET request the same way I do for POST, but it throws this exception:
"Updates are currently disallowed on GET requests. To allow updates on a GET, set the 'AllowUnsafeUpdates' property on SPWeb."
I tried setting AllowUnsafeUpdates, but that just makes the request succeed without validating the digest!
Is there a way to have SPWeb validate the digest within a GET request?
HP Fortify gives recommendations, not edicts. If you think - and can prove - that the warning is spurious, then justifying the pattern should be treated as being compliant. Code analysis tools are not perfect.
I'm on IIS 6 and I have an ASP.Net 4.0 site that's a single page to serve as a SOAP reverse proxy. I have to modify the return content in order to delete a trouble node from the response and add a tracking node.
In order to facilitate its function as a reverse proxy for all addresses, I have the 404 on the server set to a custom "URL" of "/default.aspx" (the page for my app)
For requests without a payload, it works perfectly - such as for ?WSDL Urls. It requests the proper URL from the target system, gets the response and sends it back - it's pretty utterly transparent in this regard.
However, when a SOAP request is being made with an input payload, the Request.InputStream in the code is always empty. Empty - with one exception - using SOAPUI, I can override the end point and send the request directly to /default.aspx and it will receive the input payload. Thus, I have determined that the custom 404 handler is - when server-side transferring the request - stripping the payload. I know the payload is being sent - I have even wiresharked it on the server to be sure. But then when I add code to log the contents of Request.InputStream it's blank - even though Request.ContentLength shows the right content length for the original request.
I've also been looking for a good way to use ASP.Net to intercept the requests directly rather than allowing the normal IIS 404 handler to take care of it but even with a wildcard mapping, I can't seem to get the settings right nor am I fully confident that it would help. (But I'm hoping it would?)
Finally, I don't have corporate permission to install MVC framework.
Thus, I need either some configuration for IIS I am missing to make this work properly or some other method of ensuring that I get the request payload to my web page.
Thanks!
What about using an HTTP Handler mapped to all requests?
You'll need to add a wildcard application mapping as detailed here and correctly configure your HTTP Handler.
I have a page fetching HTML content from a WCF REST service via AJAX. I started seeing errors on IE to the effect that "This page is accessing information that is not under its control...". For some content, the WCF service will, instead of returning the content directly, return instead an object or iframe tag pointing back to itself with different parameters. The WCF service sees a different URL than was requested, and the discrepancy causes the "security" error as IE thinks it's loading content from a different domain.
So, for example, the XHR request asked for
"http://localhost/Services/Content.svc?id=123..."
or even
"http://mymachine/Services/Content.svc?id=123..."
As soon as the request reaches the WCF service, however, the URL is turned into:
"http://mymachine.mydomain.com/Services/Content.svc?id=123..."
How can I get the originally requested URL within the WCF service? I've inspected theWebOperationContext.Current.IncomingRequest.UriTemplateMatch properties to no avail, there is no remaining trace of "localhost". I've also looked at the following posts and still cannot find the original URL:
What is the WCF equivalent of HttpContext.Current.Request.RawUrl?
http://jstawski.com/archive/2008/05/01/wcf-wsdl-location-address-with-https.aspx
Is there any way to get to it?
Be aware that any service running in IIS will use the host name specified in the IIS bindings. In order to change this, you will need to change the settings in IIS.