I have simple asp.net webservice has login method and its deployed on IIS server url is http://sitename.domain.org:9111/membership/membershipdir.asmx.
My network team created a SSL proxy url on proxy server (i think it is apache) for this web service site.Now webservice can access through proxy like this https://www.domain.org/webservices/spws/Membership/membershipdir.asmx.
It works fine but when I invoke the webservice method. the result window url showing on http://servername.domain.org:9111/Membership/membershipdir.asmx/Login
Now network team complaining the port 9111 still exposes to public for the login portion. something has to change in application. I am not understanding what should I change in application level.
I am also not understanding why results on showing with server name without proxy name?
Anybody have any clue?
Check out: What's the best method in ASP.NET to obtain the current domain? to always use the same domain the user made the initial request to.
Now, I'm not sure about the proxy server situation... if the proxy server is making any changes, it should be doing the opposite on the way back out... so I really can't speak to that problem... but, regardless, make sure you are using the original request domain by either using relative paths, or by the method in the Question linked to above.
Related
I have a challenge and I believe there is a developer smarter than me that can provide some insight.
I have a web service. This web service is written with ASP.NET MVC in C#. I want to allow developers to call this web service. When developers are writing code, I recognize that web apps typically run from localhost. When they call this service, I want to be able to identify if the request is coming from localhost. However, if I look at the IP address, its the IP address of their machine.
Is there a way for me to even do this? Clearly Request.IsLocal won't work as my web service is running on an entirely different machine.
When you call a web service, the browser usually passes the page in the Referer header. So you can check if that value starts with "http://localhost". Virtually anything in an http request can be forged (including this), so be careful what kind of decisions you make based on this data.
Without passing some additional data along with the request from the app, there's not going to be any way for you to know.
You'll only be able to get the IP address or Host name that was used to make the request to your Web Service and it sounds like you want to be able to find the Host Name (localhost) that was used to make the request to the app (which then triggers the call to the Web Service).
How will you then define local (from the perspective of your service)? You'd be better off setting up a development service on a different API end point instead of attempting to guess this.
All production level API calls can go to something like api.yourservice.com with all development level requests coming in via dev.yourservice.com.
You can then have two separate services or have your service read the URL being requested and differentiate based on this.
Hi stackoverflow users.
My server setup is the following:
A webserver with access on http/80 running www.domain.com
A app server with access to the internal network (db etc.) running a webservice
I have this simple little server setup problem.
Now I want to call my webservice from a ajax script from a website on my webserver. But since my application server does not have access to the internet this will (in my mind) not be possible since the javascript (running in the end-users browser) shoud have access to that webservice.
I came up with the solution by inventing a webservice on the webserver calling the webservice on my application server, but thats a odd solution, does any of you have a idea how to solve this?
I don't think you can do this. You will have to provide some thing on WebServer using which end user can access your App Server.
You have multiple options for this
PageMethods
Web Services on WebServer which will relay ajax calls to the App Server
Hope this info helps you.
If I understand correctly, you are just just using a webservice as a proxy through some network firewalls. There are tools that will do this for you, however, if you are running a simple service, then I don't see a problem with your setup.
One such tool for IIS is Application Request Routing
Following scenario:
Having a hosted IE web browser control and an in-app web server (like this one).
The web server runs at (e.g.) http://127.0.0.1:14284 and the web browser calls this URL.
Now we have a customer which has a proxy server configured in IE options, and also checked "bypass proxy on local addresses".
Unfortunately, the hosted IE web browser control still used the proxy settings, even for the local URL http://127.0.0.1:14284.
My question is:
Am I somehow able to tell my hosted web browser to always directly call my hosted web server, without going through a proxy?
(I found this thread but still am unsure how to apply this to my question)
I think you have to do some interop, as the docs say you can disable the proxy with the InternetSetOption function. There are a lot of flags you can pass to this function you need INTERNET_OPTION_PROXY or INTERNET_OPTION_PER_CONNECTION_OPTION, theres also a kb-article which describes how to set the proxy settings.
I hope I helped you a bit :)
I've followed the advice in various places, including other questions posted on stackoverflow about sharing the session state between a WCF service and an ASP.NET website, but cannot get my specific scenario to work:
The website and WCF service are both virtual directories of the same application in IIS 7 and both share an app pool. The website stores some data into the session. A flash object rendered on the client makes a call to the WCF service. I would like the WCF service to be able to access the data in the session.
I have put the [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)] attribute on the service class, and I have the following lines in the web.config for the service:
and on the binding I have allowCookies="true".
All server side code is written in C#.
However, when using HttpContext.Current.Session from the WCF service, I find that there are no keys stored in the session object.
I have checked with Fiddler, and the flash object definitely passes through the ASP.NET_SessionId with the same value as requests to the website from the browser use.
Can anyone shed any light onto how I can make this scenario work?
Thanks.
Check this:
http://msdn.microsoft.com/en-us/library/ms731193.aspx
Duplicate: This is the exact same question, from the exact same person, as Issue with Incorrect URLs in the WSDL of a .NET Web Service, and has the exact same answer. Let's please close this and merge it with the other.
We have installed an ASP.NET web site on a client's server. This site has a web service with a couple of web methods that are called by a Flash object in order to display a news feed. If you browse to their site (ex: www.domain.com), everything's working fine except the flash.
The issue is that when we browse to the .asmx, the header shows that the Host is a subdomain internal to their network (internal.domain.com). Obviously this doesn't resolve to any public IP when browsing from outside of their network. This causes the Flash to fail since the flash object is embedded on a page and is therefore running client side.
I checked the computer name on the server in question, and it doesn't even match "internal.domain.com" - it is something completely different. Where is it getting this information from. It is not coming from IIS, since we have no host headers set up, and the IP for the site is set to (all unassigned).
We either need to force the web service to run against a specific host, or we need to change something on the server so that it resolves to a valid public-facing host name. Any and all help is greatly appreciated!!!!
Web service host names are usually configured in the web.config when being consumed by .NET. When they are being consumed by flash you might need to go looking in the flash file. (my guess is that it is still configured for some sort of SIT environment.
I'm not sure of the details of this, but I've seen this complaint with respect to WCF. The answer had to do with setting the host headers in IIS.
It's IIS that passes the host name to ASP.NET or WCF, and it passes the host header when that is configured. If it's not configured, then I suppose it won't send that header as the "host name", even if the client sets that header in the request.