|
Thank you.
I was able to solve that problem. My socket was time based(timeout) and not databased. I had to make some correction in the code so that it recevies the data till the last byte.
Sri
|
|
|
|
|
Hi.
I have a webservice - and I want to make sure that only MY application is using it.
Is this possible, in a secure way?
Thanks,
Cormac
|
|
|
|
|
It helps if your webservice isn't exposed at all. That means get rid of all disco file on your web server.
In your web.config you can add this code:
<webServices>
<protocols>
<remove name="HttpPost" />
<remove name="HttpGet" />
</protocols>
</webServices>
That causes your webservice to only allow soap protocols. This means if you access your asmx file you would see links you can click.
Finally, you could have your application pass some sort of key into each request. Of course, if you don't use ssl the data could always be read. I think if you webservice isn't exposed through disco files and it rejects http protocol you probably have 90%. To go the whole way you would have to have ssl and some sort of key.
Hope that helps.
Ben
|
|
|
|
|
That's a good idea, I never thought of removing the WSDL!
I am already using a username/password type of authentication, which I made myself, and it will be operating over SSL also.
But, I am worried that there is a possiblity of my users creating their OWN application, and utilising the web service (with their own credentials), which would not implement the logic based in my client application, and therefore wreak havoc.
"To go the whole way you would have to have ssl and some sort of key."
Even then, hard coding a key into a .NET app is really dodgy - too easy to decompile.
Maybe I'm being too cautious?
Regards,
Cormac Redmond
|
|
|
|
|
When I am talking about a key I am talking about using a private key for signing. If you are already planning on using a username and password along with ssl I think all you need to do is remove the ability of non users to see your webservice.
Ben
|
|
|
|
|
Yes, but there is still the risk of a registered user creating their own application.
|
|
|
|
|
If you are really that concerned about this, you could pass a custom xml structure. That way if the correct xml structure is not passed in the webmethod won't work. This adds a level of complexity that you may not want to deal with.
Ben
|
|
|
|
|
What would that do that a tech-savy user couldn't?
|
|
|
|
|
Well, if normally you just have web methods where you pass in things like username, password, orderitem, quantity etc. That is pretty ovious. If you have one parameter called param1 which has to be xml that contains all the parameters for that method. That would be a bit harder to figure out from anything you could get from disco file or anything else.
Ben
|
|
|
|
|
I'm confused. Doesn't SOAP just wrap itself in HTTP? If POST and GET are blocked, how is SOAP not? What is the difference in the headers?
P.s., I just tried it, and it blocked my SOAP requests (which I expected). Can you explain what you meant?
Thanks,
Cormac
-- modified at 22:58 Monday 30th April, 2007
|
|
|
|
|
YOu can try this instead:
To leave WSDL file generation on for Web services within a Web application, but not provide any human readable information regarding the Web services, you can add an <wsdlHelpGenerator> element to the Web.config file for the Web application and set the href attribute to a blank HTML page you have created. The following code example is an excerpt of a Web.config file that sets the service help page to a MyBlank.htm file in the docs folder beneath the folder containing the Web.config file.
<webServices>
<wsdlHelpGenerator href="docs/MyBlank.htm"/>
</webServices>
Ben
|
|
|
|
|
Make it a class?
Brad
Australian
- Me on "Public interest"
If you actually read this let me know.
|
|
|
|
|
|
I think he is saying that you could embed functionality of webservice into application itself, since it is service's only consumer anyway.
"Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony. " - Morpheus
"Real men use mspaint for writing code and notepad for designing graphics." - Anna-Jayne Metcalfe
|
|
|
|
|
No, the web server is talking to database.
|
|
|
|
|
Hi. I'm a complete noob in this area.
I'm working on a website that I want to view on a Pocket PC. I don't own a Pocket PC, so I thought I would use the emulator in Visual Studio 2005. When I run the emulator and bring up IE, I'm told that I do not have a connection. I'm on a local network at work that has internet access. How do I setup the emulator to give it access to browse the web?
Thanks!
Ian
|
|
|
|
|
Hi Guys,
Do you have any idea if where can I download a richtext server control for asp.net? Because, in AJAX when using a simple textbox it produce an error if that value contains <em>, <h>, <p>, etc.
Or do you have some ideas on how to save the formatted paragraph from a simple textbox into the msssql2000 database?
Thanks in advance Guys
hifiger2004
|
|
|
|
|
It depends if you want to pay for this or not. Here is an article that shows how to create your own (assuming you have the time)
http://aspalliance.com/1092_Rich_Text_Editor_Part_I
|
|
|
|
|
Hi toticow,
I will try this one. But where am I going to stored the hamHtmlEditor.ascx? Under what directory of ASP.Net framework? Does it appear on my Visual Web Developer Toolbox?
hifiger2004
|
|
|
|
|
Hi, well this is a user control, so you would add it to your existing solution - perhaps a subfolder in your application called UserControls.
As you are asking a question like this, I must assume you are fairly new to asp.net - perhaps reading this will help you:
|
|
|
|
|
Hi toticow,
I already solved my problem regarding the html tag. At the very top of my aspx I added the validaterequest="false" inside the directives, and it is working fine now.
Thanks for the support
hifiger2004
|
|
|
|
|
Hello
I see your original question changed. Rather than turning off the validation at the top of the page as you do, you could also use the Server.HtmlEncode method
For more information, read this: http://www.asp.net/faq/RequestValidation.aspx[^]
|
|
|
|
|
Although not necessarily the best, FCKEditor is quite mature and comes with ASP.NET helper controls....oh and its free.
linkety
|
|
|
|
|
Hi badgrs,
I already solved my problem regarding the html tag. At the very top of my aspx I added the validaterequest="false" inside the directives, and it is working fine now.
Thanks for the support
hifiger2004
|
|
|
|
|
I've run into the same issue wuth AJAX, specifically when using JSON - as a workaround, I did a Server.URLEncode at the server end, and then a javascript unescape() followed by a global replace of "+" chars....seems to work quite nicely...
"Now I guess I'll sit back and watch people misinterpret what I just said......"
Christian Graus At The Soapbox
|
|
|
|