The ERP application we use has webservices but not with the functionalities we want.
So we would like to build an in-between webservice which forwards the request to ERP. And sends the result back without the requester, to even noticing, the difference. We don't know how the wsdl will look. It can be a list of customers, or one item. thats not important.
Is this something you have done/seen before? I have looked for examples everywhere I can think of. The code im trying to do it now with, just reacts as a webrequests.
I would like to show the visitor an adjusted wsdl from the ERP webservice and it has to be modified a little bit to accept a simple login en from then on forward the requests.
I was thinking the visitor logs in first and after a check receives a session id. This session id needs to be added always into an extra header value with the original webservice. These I will translate to the ERP webservice.
Hope someone has seen such an implementation and give me some hints/links.
The webservice can run in ASP but I prefer it to be a simple service in Windows.
I found this:
http://www.java2s.com/Code/CSharp/Network/ImplementsamultithreadedWebproxyserver.htm
Don't know if it will work in production but it looks to be passing it all thru..
Please comment if you see issues with this?!
Related
Im building a website based on asp.net MVC, with a web api which allows me to upload and edit content through a windows program i also wrote.
So there is, and will only be 1 windows client, that needs to communicate with the web api.
I dont know anything about security, but before i dig in, and read alot about it, i wanted to hear which solution to go with (that is fairly simple, but still secure)
I've been looking a little into ssl and self-signed certificates, but that seems kinda overwhelming right now.
Since i only have 1 client and 1 website, would it be a disaster to hardcode something (like just adding a string field to the DTO's which is called "key" and some hardcoded key. Or mayby some kind of encrypt/decrypt algorithm?)
What do you guys think?, How would you come around this?
EDIT: Forgot to say that once in a while, the website will also contact the windows client, which is through a simple TCP server/client connection. This connection ofcouse also need to be secure
This might seem like an odd question and is probably very specific to our current requirements but I couldn't find anything through Google, so I thought I would give this a shot.
I am working in ASP.NET C# MVC4, and with a backend that is a legacy database system. We have two MVC projects; one for the API which interacts with the database and one for the front end which returns Views etc and interacts with the API. From the API, we are able to run subroutines that exist on the backend database server.
I am making an HTTP request from the front end to the API which contains JSON-encoded data. The API will use this to run a subroutine on the backend (the subroutine will save the data on the server and send out emails).
My question is this: What HTTP method should I use in this case?
For right now, I chose a POST request, and since this isn't an idempotent action, I think it is the best choice but it isn't really a CREATE operation, so I wanted to ask if anyone had any different advice.
Good morning everyone,
I recently got a request if it's possible to retrieve data from other sites search results. I tried searching, but didn't exactly know how to word my searching.
Best explained by example.
Visit: https://bcbst.vitalschoice.com/professional?search_specialty_id=29&ci=DFT&geo_location=33688&network_id=39&sort=relevancy&radius=any&page=1
You'll see a list of doctors.
I'm looking for a way to programmatically get the list of doctors. Like the name, address, phone.
I just need some direction as I will probably be doing this for multiple sites.
I program in C# and JS.
In the case of the website you linked it has an API available for use. What you can do is make an AJAX request (if using JQuery) or WebRequest (if using C#) to one of the endpoints, and then convert the JSON you get from the website into whatever you need to use.
You can test what you'll be getting back from the server by typing the url into the browser, example
As for the search parameters, you'll have to add those to the url. I'd advise taking a look at their API to see what functions they support.
Hope this helps!
I'm trying to make a login script in PHP, however a user will signup/login via a C# program.
For obvious reasons I don't want to use GET, but I don't want to make forms and use POST either.
How should I (securely) send data over?
This is only a proof of concept so there isn't any SSL on my website/etc, so there's no extra loops to jump through.
Just so nobody's confused:
Web-based login will be made in PHP, and data will be sent to the website via a program made in C#
You have to use GET or POST to submit your form data back to the PHP page. There is no way around that.
Once your PHP code has it on the backend you can do whatever you want to get it to the C# program.
Using a POST would eliminate items being added to the query string like GET does and of course doing it over HTTPS would make it more secure.
The only way to be secure is to use https:. You can look at client-side encryption, but that involves private/public keys - https will be easier.
Client side is HTML/JCSS/Javascript. If you want a user to enter ID annd password then you will have forms, and GET or POST is what you will use. Even if you wrap it up in AJAX, it will still be the same.
Go and think this through, and come back with a proper question. Telepathy isn't sufficiently reliable for your needs. Yet.
I'm not quite sure I understand correctly but what I understood was you want to send the login via a C# program. In that case check this question: HTTP request with post.
If however you want to send the data via the webpage, without having a form. You'd need to make the POST request via javascript.
Any of both methods require POST requests, even though you don't use forms.
I'm building a complex, public web service in WCF that send email to a specific address, similar to a contact form but with some features.
With jQuery I get the data from the textbox and with Ajax and json I send to the web service the strings to proceed at the send.
Now, is there a good way to make it secure?
I mean.. the service is public so someone can have access to it and starting to spam on this address. Can I restrict the users to use the web service only from the correct web site?
Thanks.
IF the WCF service is hosted in the IIS you can allow calls only from a specific IP address, look at the directory security settings under IIS.
By far the simplest way is to have your web service require some type of access key in order to run the operation.
Something simple like a base64 encoded GUID would work. It doesn't even have to change. Just add a parameter called "AccessKey" or something similar. Have your app pass that and let the service validate that it is good.
Another idea is to have the web service check the http headers to see if it came from the page you authorized to use it.
Neither of those are perfect. The first one means that your "key" will be inside the html you send to the client. The second one can be spoofed.
Personally, I'd probably not bother at this level and just log what the service is doing. If the traffic counts to the service start to exceed what you think it ought to be, then I'd investigate ways to mitigate it. Most likely, given that it's a service you won't see any issues.