I need to create a C# 3.0 Web service which is capable to retrieve (only) the userid of the CALLER in an intranet environment. I realise I could possibly pass the information from the caller program but in my case it is not feasible. The Web service is going to be consumed by a Windows app (Infopath 2003 to be precise)..and retrieve the userid from my Windows app is not practical in this circumstances.
Is that achievable? The IIS (hosted in windows 2003 standard server) uses windows authentication. I have tried a few things using WindowsIdentity but it only works for localhost.
Have you tried this? HttpContext.Current.User.Identity.Name
Related
I have developed a REST web service using JAX-RS, hosted on Apache Tomcat server. I used Eclipse for developing this and hosted on a Windows 7 Enterprise machine. Now I need to provide Kerberos Authentication to access my service from any client (for example SoapUI). I have tried to get information from many sites but, all I get is configurations on linux machines.
I'm a newbie to the security concepts and authentication mechanisms and architectures, I would appreciate a good detailed explanation.
Here is a good description of how to integrate Tomcat with Windows authentication:
https://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html
Please note that there might be 2 separate things you might want, I'm not sure which one you are looking for.
Authenticate transparently with the Kerberos tickets the user already has.
Authenticate with username+password always, using MS AD to check them.
The first is always transparent, meaning the user does not have to enter username+password again. In the second one she obviously has to.
If you are looking for other services (like SoapUI) to access your services with Kerberos tickets, then those services would need to get a ticket themselves. If you just want those services to use username+password (instead of Kerberos), then you don't need a ticket of course.
Edit after clarification: Using username+password from a windows domain actually does not involve Kerberos at all. It is using LDAP to authenticate, which maps to JNDI in Java. There is a JNDIRealm in Tomcat to set it up, described here:
https://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JNDIRealm
I need to develope WAS application and should be hosted into Demandware platform. Can i develop the WAS application using tomcat and can host it into the Demandware or should WAS application be developed in the Demandware platform?
I am new to Demanware platform and WAS. Guide me.
You cannot build a web service outside of the UX Studio paradigm like what you described, but you can build a psuedo-service like pipeline in UX Studio that returns JSON, XML, etc. and it will work more or less just like any other REST service.
Demandware is Software as a Service (SaaS) provider, which will not allow you to access the underlying infrastructure (e.g. Tomcat server, Oracle DB, etc.) to make/install your custom extensions.
UPDATE (25.09.2015):
Currently Demandware are making extensions to their controllers, migrating from pipeleine-based controllers to script based ones. Chances are that at some point they may even introduce an API for creating web-services.
Until this happens, your only option is to make some custom pipelines and utilize something like XML/JSON over HTTP for this type of functionality. (Or if you insist on having it as SOAP based service, you would need to parse the SOAP envelopes with explicit code)
Demandware platform is a proprietary technology which allows developing only using their sandboxes and own IDE "UX Studio". All this stuff is available for demandware developers on their xchange portal. Access there could be requested by a merchant you do a development for.
Demandware has the core framework is closed to third parties and is exposed via the Demandware script and REST API's as well as Demandware's own Pipelet system.
Sadly you can't deploy external application in Demandware server, we have to separately create new app in UX studio
You can get the proper help on Demandware Wiki or on Exchange
The Window desktop application provides C++ API that gives an array of customer information such as name and address. I want to expose this as SOAP Web Service with Security so that authorized clients (from remote servers Linux/Java based through ESB) of this web service can get this information at any time they want in SOA implementation (Java based).
The desktop application does not have a standard database. It stores its data internally. Its basically old custom built CRM application that is installed on each agent's PC box. Each agent has its own list of customers.
What are the steps to achieve this task?
Do I need to run this as Windows service?
The short answer is, yes, you can expose data from a desktop application through a SOAP web service. It is easier to do with C# and .NET, but not impossible to do from C++. What steps you need to take will depend on which platform you are developing for.
Roughly -
Implement an endpoint that supports SSL where clients can connect to your desktop application (using sockets in C++ or HTTPListener using .NET).
Write code that can receive and dispatch SOAP requests.
Handle SOAP requests and return properly formatted SOAP responses.
Handle WSDL requests.
Implement a security mechanism (cookie based or otherwise).
Using .NET, most of this is in the platform code already, you just have to put the pieces together. With C++, you may find some third party libraries but essentially you'll be writing your own.
You only need to implement a windows service if you want the data to be available while a desktop user is not logged in and running your desktop application. The challenge here is that you'll have to make sure the windows service can access the same data the desktop application is using.
Another strategy would be to access the data from your desktop application using the C++ API and Interop and implement the web service as a standard out of the box asmx hosted on IIS.
In all cases we are running .NET Framework 3.5
My company has a server running Windows Server 2003 R2 (Service Pack 2), 32-bit processor. The IIS instance on this machine runs several Websites. One of the Websites we are running is Microsoft CRM 4.
When I attempt to log in to CRM from my local PC, everything's perfectly straightforward. I receive a prompt for username and password, I enter the details, I'm authenticated, and I pass through. Easy.
However: I can RDP into the 2003 Server and open IE. If I then browse to our CRM website I am prompted for a username and password. I provide exactly the same details - including the correct domain - as I enter from my local PC. But nothing. I'm denied access.
I am an administrator both of my local PC and of the 2003 Server.
This is very weird. I don't even know where to begin looking on this one. I don't even know what key terms to hit into Google.
Any help would be very much appreciated.
Context
Now, knowing what developers are like (I am one) the first response is going to be: "If you can log in from your PC, why do you care?"
There's more going on.
We have another website on that server that does nothing but host a set of critical web services. This is because the critical web services themselves rarely change but the other features change all the time. We don't want the critical web services to go down while maintenance is performed on other areas, so they were split off into their own independent web site about 18 months ago.
I am developing a web service for the critical site. This Web Service itself includes a proxy that points to the CrmService of CRM 4. The idea is that we want people to be able to submit certain information - such as lead contact information - into our CRM. However, we don't want to give just anyone access to the whole CRM system (obviously). So by publishing our own WebService that sits in the middle we can expose only the functionality that we want other people to have.
This new web service is now ready for deployment. All scenarios are met, all unit tests pass, everything that should fail does. It's all hunky-dory.
When I put that WebService on the 2003 Server, suddenly it can't communicate with CrmService any more due to authentication failure. ???
In my attempts to diagnose the problem, I noticed that no-one - not even administrators - can log into the CRM Website from within the 2003 Server. So I'm suspecting that whatever is causing that issue is also responsible for my web service to be unable to access the CrmService too.
For additional context, we have a new multi-domain SSL cert on the 2003 Server and we're splitting access to all our websites via host-headers.
I can't think of any more relevant information. If I've left out something critical, just ask.
Found it!
http://support.microsoft.com/kb/896861
Did the trick.
I'm developing an application for Blackberry that consumes .NET Web Services that are hosted on our public web server.
We are using JSON as our data interchange format.
So far we have been testing the application and everything is working fine but there is one big thing to solve: the .NET web services are public. If you go to the service URL: http://www.whatever.com/myservice.asmx you can assign values to the parameteres and invoke the service.
Obviously we don't want to have them publicly available and we want them to be secure.
I've been reading some questions here at stackoverflow but I haven't found a good answer.
I was thinking of adding a "password" parameter to every web service that I have and there sending a password to the server so that it can verify that it's the Blackberry trying to consume the service and not some spammer. That password would go as a String in each JSON request that the Blackberry does.
Another thing that is important to mention is that we have a simple web hosting solution from GoDaddy so our hosting is shared, we don't have full control on the computer.
Is this a correct approach?
For better protection depending on content importance you can use checksums or encryption methods.
You can use bouncycastle cryptography API http://www.bouncycastle.org/. This is free and good.
This can be used in both C# web service and blackberry application because it supports both C# and Java.