I've researched the web extensively before posting this questions here, couldn't find anything usefull for me, so here it goes. Sorry in advance for the wall of text.
I have a classic ASP website that needs to call a web service method (not wcf, but an asmx page) on a asp.net website (4.0)
The way I consume the web service is as follows:
I have a webserviceclass.asp that helps me consume web services in classic asp.
code of webserviceclass.asp -> https://docs.google.com/file/d/0B1Wr1Kw74xy3ZkducEtiTWNtWDA/edit?usp=sharing
Then calling the class to consume the method.
Dim strWebServiceResult
Dim ws
Set ws = new webservice
ws.url = "http://www.myurl.com/mywebservice.asmx"
ws.method = "HelloWorld"
ws.parameters.Add "Parameter1", "Test1"
ws.parameters.Add "Parameter2", "Test2"
ws.Execute
strWebServiceResult = ws.response
This works perfectly if www.myurl.com is not encrypted, strWebServiceResult holds the XML returned by mywebservice.asmx, however I really need the data traveling between the users and www.myurl.com to be encrypted (mywebservice.asmx has parameters for login and password to authenticate on the webservice) so I bought an SSL cert and assigned it to www.myurl.com website becoming https://www.myurl.com
So when I set the URL in the class to: ws.url = "https://www.myurl.com/mywebservice.asmx"
and that is the only thing that changes, the method doesn't get called anymore. I have log on pageinit and pageload of the mywebservice.aspx and it doesn't even get called.
Sorry about the long text, and I hope someone can help me. I have no experience with jquery or json and I'd rather not go that way to solve this problem, but if that's the only way, I can try if there's enough info out there to help me out but I'd rather try to fix my current code if that possible. I just don't understand why it works with http but not with https
Many thanks in advance
In this SO question ("Can't use HTTPS with ServerXMLHTTP object"), this issue was addressed.
For a starter, you should be using "MSXML2.ServerXMLHTTP" instead of "Microsoft.XMLHTTP" on the server side. This is discussed here, f.i.: differences between Msxml2.ServerXMLHTTP and WinHttp.WinHttpRequest?
Related
I am using jetty version 7.5.1 .
My webservice works fine with a "http://..." endpoint, but when I change it to "https://..." things go wrong.
Endpoint e = Endpoint.create(webservice);
e.publish("https://localhost:" + serverPort + "/ws/mywebservice);
I get the following error message:
"https protocol based address is not supported".
I've tried using an SslChannelConnector, a SelectChannelConnector and the combination of both.
Connector connector = new SelectChannelConnector();
connector.setPort(59180);
SslContextFactory factory = new SslContextFactory();
factory.setKeyStore("keystore");
factory.setKeyStorePassword("password");
factory.setKeyManagerPassword("password");
factory.setTrustStore("keystore");
factory.setTrustStorePassword("password");
SslSelectChannelConnector sslConnector = new SslSelectChannelConnector(factory);
sslConnector.setPort(443);
sslConnector.setMaxIdleTime(30000);
server.setConnectors(new Connector[]{connector, sslConnector});
I also tried modifying the port in the publish path. But without success.
Could it be that something went wrong with the creation of my keystore file?
Even I put the wrong password though, it does show a different error message, explaining that my password is wrong.
My options are running out. Any ideas?
EDIT: More information:
Servlets work fine with HTTPS now. But the webservices are not. Am I maybe publishing it the wrong way ?
I found several threads on various forums with similar problems. But never found a solution. I would like to write down my solution for future victims:
The publish method only accepts the http protocol. Even if you are publishing for https, this should still be "http://...". On the other hand, you should use the port of your SSL connector.
Endpoint e = Endpoint.create(webservice);
e.publish("http://localhost:443/ws/mywebservice);
Use any other protocol and you will always get the "xxx protocol based address is not supported" exception. See source code.
Note 1: The webservice already works fine at this point. However there is a point of discussion: The generated wsdl file (at https://localhost:443/ws/mywebservice?wsdl) will reference the http://... path. You could argue if the wsdl file is a requirement or just documentation.
Correcting a hostname in a WSDL file is not that hard, but replacing the protocol is harder. The easiest solution is probably to just edit the wsdl file and host the file, which is not very "dynamic" of course.
Alternatively, I solved it by creating a WsdlServlet which replaces the address. On the other hand, it does feel bad to create an entire class just to fix 1 character. :)
Note 2: Another bug in this jetty release, is the authentication. It's impossible to offer the webservice without any authentication. The best thing you can get, after turning off all possible authentication: you will still have to use 'preemptive authentication' and enter a random username and password.
I apologize if this isn't "programming" worthy. I'm wondering if a service exists that when the HTTP service is pinged, it echos back the exact same request you made as the response.
The reason I want this is I want to UnitTest a class I made to build requests and send them over a socket. I realize I could just do a Mock object of some sort, but I think that involves more complexity than just making sure the request being sent was properly built.
Ideally, the web service would send the content back as proper HTTP 1.1 with the request info I sent in the body of the response.
Thanks!
Kyle
-- edit --
Just a quick reference to the solution. Point your browser to: http://scooterlabs.com/echo.json or http://scooterlabs.com/echo.xml
This guy seemed to have the same problem as you web service echo test
Refers to some links you might be interested in
I guess there are some uses for a simple echo, but in any kind of a realistic interaction it's going to be pretty hard to isolate just the piece you are trying to test.
A more general approach would be to use a local proxy server, stands as the man in the middle
between you and all remote sites, and can log urls, responses, content and so on.
If you're developing the server side as well as the client, you definitely ought to run a
local mirror of the server site.
I try do develop a web application with ExtJs 4.0.
On startup the application sends a request to a server. This server sends a response. The responses' header contains Set-Cookie:"connect.sid=foobar"
When I look into the preferences of my browser, I can see that the cookie was created correctly.
My problem is that somehow I cannot access this cookie in my ExtJs application and I don't know why.
I tried to retrieve it with the following methods:
document.cookie.split(";")[0]
Ext.state.Manager.get("connect.sid"); => of course I initialized the state manager with a cookie provider
Ext.util.Cookies.get("connect.sid");
No matter which method I use, I get always undefined as return value
I hope somebody can help me, because I really don't understand why it does not work.
Thanks in advance.
Finally I found the problem.
The httpOnly flag was set in the response header. Therefore the cookie was not accessible for java script.
I am wanting to expose a restful web service for posting and retrieving data, this may be consumed by mobile devices or a web site.
Now the actual creation of the service isn't a problem, what does seem to be a problem is communicating from a different domain.
I have made a simple example service deployed on the ASP.NET development server, which just exposes a simple POST action to send a request with JSON content. Then I have created a simple web page using jquery ajax to send some dummy data over, yet I believe I am getting stung with the same origin policy.
Is this a common thing, and how do you get around it? Some places have mentioned having a proxy on the domain that you always request a get to, but then you cannot use it in a restful manner...
So is this a common issue with a simple fix? As there seem to be plenty of restful services out there that allow 3rd parties to use their service...
How exactly are you "getting stung with the same origin policy"? From your description, I don't see how it could be relevant. If yourdomain.com/some-path/defined-request.json returns a certain JSON response, then it will return that response regardless of what is requesting the file, unless you have specifically defined required credentials that are not satisfied.
Here is an example of such a web service. It will return the same JSON object regardless of from where the request is made: http://maps.googleapis.com/maps/api/geocode/json?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&sensor=true
Unless I am misunderstanding you (in which case you should clarify your actual problem), the same origin policy doesn't really seem to apply here.
Update Re: Comment
"I make a simple HTML page and load it as file://myhtmlfilelocation/myhtmlfile.html and try to make an ajax request"
The cause of your problem is that you are using the file:// URL scheme, instead of the http:// protocol scheme. You can find information about this scheme in Section 3.10 of RFC 1738. Here is an excerpt:
The file URL scheme is used to designate files accessible on a particular host computer. This scheme, unlike most other URL schemes, does not designate a resource that is universally accessible over the Internet.
You should be able to resolve your issue by using the http:// scheme instead of the file:// scheme when you make your asynchronous HTTP request.
I'm trying to implement Facebook Connect on a website with .NET MVC using C#.
I've followed the instructions here: http://wiki.developers.facebook.com/index.php/Trying_Out_Facebook_Connect step by step. I can make the login work as in that when I log in through the site I'm also logged into Facebook.
In order to work with this in the server I think I need to access the cookies Facebook is supposed to leave like:
APIKEY_user
APIKEY_session_key
...
as mentioned here http://wiki.developers.facebook.com/index.php/Verifying_The_Signature.
The thing is I'm not getting any of these cookies. I've googled and it seems like I'm the only person with this problem. Any ideas as to what I could be doing wrong ? Has this happened to anyone else ?
The issue was that I was developing locally using localhost.
I resolved the problem by changing the settings for the application to point to a certain web address instead of localhost and changing my hosts file lo point that same web address to 127.0.0.1
from the UI/client-side perspective, always insure you have the correct path indicated for the xd_receiver file in your FB.init() method.
Firecookie is very useful for seeing what Cookies are/aren't being set.