I am using wcf services for interaction between my javascript files and server side.
I am concerened about security around this as anyone can call these services via an application, firebug etc.
So I want to secure my web services to only be accessible from specified sources, for example the javascript files on my site - ie. the main function why I have wcf services.
I am running on the .net 3.5 framework in a c# web application.
Could anyone assist my securing my wcf services as outlined above?
If this is a combination of javascript and server side , you can probably generate a Key from the server side and store it in the javascript variable and pass again to the WCF webservices.
Kobe's answer of generated request keys is definitely one possible way. Given that your services are running on the same machine as your UI code, another way to limit access would be to set them up as regular services and not Web Services. That is of course assuming you don't need them to be Web Services.
Check out the cool work that the WCF team has done/ is doing with jQuery and WCF.
Related
I know that ASP.net web service supports only HTTP protocol and with WCF you have more options like TCP and Named pipes etc. Can you think of any scenarios in which one might have to consume a WCF service through an ASP.net Web API?
Following would be one of them use case where you want to call wcf service from web API.
If you already have a wcf service running and available which is doing some complex operations and you do not want it to be available directly to your consumers, you can create a web API and call the wcf service to perform the complex tasks and let the consumers to use the web API. In web API you can put extra logic of validation and authorization of the incoming requests.
Wcf being an older technology it would be better to write something new and eventually replace wcf rather than maintaining it.
Also If the current wcf is setup is not available via http protocol then not all the clients can communicate with it. Web API has that edge over wcf service.
How web API would connect to wcf service?
This depends on lot of factors such as network, deployment strategy, security etc.
But following would be one of the examples.
If the wcf service is available on tcp and web API and wcf are running on the same network, then web API can call wcf.
There may be a different answer to this question based on what exact problem you are trying to solve.
My answer is based on what information you have provided and the experience I gained by solving similar issue in real life.
I am working on a Visual Studio Application that references a WCF web service, and after some reading online I am pretty confused.
I have read that WCF is a framework for building a web service, but it is not an API. Is this true?
I was under the impression that Web Services are APIs; I always thought that APIs were Software as a Service (SaaS). Doesn't that mean that APIs and Web Services are pretty much the same thing? Or do I have the wrong idea?
Could this be a misconception of my understandings of SOAP and REST?
Basically I want to know whether a WCF built web service counts as an API, and why/why not?
WCF is an API that can be used to create APIS within your application.
Web Services usually involves creating an API within your application. There are valid APIs that are not Web Services, like the Win32 API.
Its possible to build a WCF web service with one web method for an application that would not be considered an API specifically since it does not contain a set of routines, protocols, or tools for building applications.
Review http://en.wikipedia.org/wiki/Application_programming_interface for what an API is.
According to wikipedia, yes, yes it is:
APIs often come in the form of a library that includes specifications
for routines, data structures, object classes, and variables. In other
cases, notably SOAP and REST services, an API is simply a
specification of remote calls exposed to the API consumers.
An API (Application Program Interface) is a way to interact with components of a system. It defines the operations that can be used to get data out or push it in.
WCF (Windows Communication Foundation) itself is a framework for building web services and other applications that need a communication channel to share data with other services/applications, it is actually a lot larger on what it can do. You can read more about it on MSDN. It is an API as it gives you objects that allow you to tell it interact with its' components.
REST and SOAP are just architecture styles that can be used to serve data via a service, it is defining how you should interact with the data rather than the components themselves.
I've been trying to find a tutorial on here, MSDN, and Google on how to implement my own SOAP API. I have an application written in C# that I want to be consumable by PHP so that calls from the web can interact with the application. How do I generate and tie a WSDL file to my application so that it can be communicated with over SOAP calls? Any suggestions?
I think for this you just need to create WCF service in .net that will allow you to consume server from any language.
Create an ASP.Net Web Services .wsdl file to communicate with the various applications. Host the Web Service on windows IIS server and configure the ports accordingly, then you can access the endpoints to whcih ever application you are using, using the address and the web method name.
We are in process of re designing an old windows client server based application to web based application.
This application is built in C# using Remoting and WCF. On client side its Windows and WPF.
My Queries
What all concepts should be taken care when we make this application web based?
What design patterns should be followed for Web Based Architecture?
In WCF part we are using Net TCP Binding which can be easily migrated to HttpBinding, but I am more concern over Remoting, will it able to Serve the purpose, means can Remoting serve the purpose when Http calls are being made?
I would probably merge "remoting" with wcf and use httpbinding endpoint. font-end you could decide to use MVC pattern which will give you a better performance.
Sorry to answer your question with a question but: From an architecture or business point of view, why would you want to do this?
Your original application uses Remoting, which does not work over the Internet, therefore I am assuming that this is an internal application.
A web application would have the following tiers:
The presentation which runs on the browser
The Web Server which sends the pages to the browser
The application server which would host your WCF services
The database server
As you see the web application in the browser does not call the services directly (unless you use REST based services)
I'm migrating an old Delphi application that I wrote into C#. The application is a datalogger that exposes logged data requests via a SOAP web service interface.
The web service is contained with the delphi graphical windows application, i.e. no need to run a web server like IIS, etc I just run the application and it's up and running under the hood.
I'm looking to do the same in my c# Windows form application, I can find loads of resources on writing web services that are ultimately hosted within IIS but am struggling to find a solution for a self contained web service within my application.
Does anyone have any suggestions or can point me towards any resources on this?
The web service does not neceserily have to be SOAP, REST is fine (in fact probably prefered).
Look into WCF Services.
Hosting and Consuming WCF Services
Hosting WCF services in a Windows Forms Application
The System.Web.Hosting namespace allows you to host ASP.Net pages without using IIS within your applications. I have never used it to host web services but I found a tutorial that seems to provide a guide on doing this-
http://msdn.microsoft.com/en-us/magazine/cc163879.aspx
If you're wanting to host a service inside your application, it's possible with the System.ServiceModel.ServiceHost class. You need to learn WCF first, but that at least answers your question to get you started. If you have any further questions, leave me a comment or two and I'll update my answer to accommodate your inquiries.