Java ME consuming .NET Web Service the safe way - web-services

I'm developing an application for Blackberry that consumes .NET Web Services that are hosted on our public web server.
We are using JSON as our data interchange format.
So far we have been testing the application and everything is working fine but there is one big thing to solve: the .NET web services are public. If you go to the service URL: http://www.whatever.com/myservice.asmx you can assign values to the parameteres and invoke the service.
Obviously we don't want to have them publicly available and we want them to be secure.
I've been reading some questions here at stackoverflow but I haven't found a good answer.
I was thinking of adding a "password" parameter to every web service that I have and there sending a password to the server so that it can verify that it's the Blackberry trying to consume the service and not some spammer. That password would go as a String in each JSON request that the Blackberry does.
Another thing that is important to mention is that we have a simple web hosting solution from GoDaddy so our hosting is shared, we don't have full control on the computer.
Is this a correct approach?

For better protection depending on content importance you can use checksums or encryption methods.
You can use bouncycastle cryptography API http://www.bouncycastle.org/. This is free and good.
This can be used in both C# web service and blackberry application because it supports both C# and Java.

Related

Consume Web Service in Drupal?

Trying to understand which of the better modules to use for my page's specific need. Services module is popular, but that seems more for providing service, where the Web Service Client is good for consuming a web service.
Here's the requirement:
On the web page, I've got a form whose fields (location, service areas, region, indicators, etc) are to be built dynamically and some are selectable based on other selections. (So choosing worldwide would make Hubzone 8A not appear.)
Another team built the SOAP web service, it sits on another server outside the web server. What they delivered to me is a URL to invoke, basically an XML file:
http://webserviceurl.com:52901/navigator/NavigatorServices?wsdl
(Obviously, I just can't use the Feeds module to import the XML manually, right? The whole point of the web service approach is that as the data in the web service is updated, the Process form will by dynamic.)
So I'm really at the beginning of this. Need some guidance.
Web Service Client and SOAP Client are the ones that should do the work for you.
If you find it difficult to understand how to use them, you can simply use nuSOAP library + some PHP code inside a module. This article provides a good tutorial about providing and consuming Web Services using nuSOAP.
PHP provides a SOAP API. So you can simply create a module using this API (and Drupal Form API).

Web application as a client for web service

I am new to Web development. And hence, if the question is dumb, please be polite. For creating my application, I had to take a decision of whether writing a web service or a web application. After searching a few questions in stackoverflow, I came to know that, web service is something which doesn't involve human interaction. And web application is what human uses ( the UI/web page kind of stuffs ).
But lately, I saw gmail is a web service ( email service ). But I was confused from here on, because, gmail provides a UI, and human interactions do occur. And from there on, I got confused again.
So what I figured out from this is, gmail website is like a web application for users to use directly. The web application in turn uses the web service provided by Google for email. Is my understanding right? So can a web application be a client for web service?
If I am wrong somewhere, please do correct me. I hope to be clear after someone throws light on this with some good example. Thanks in advance.
You are quite right. Basically a Web Service has several endpoints over HTTP (normally) that provides data (generally in JSON or XML) and are meant to be consumed by Web Clients. Sometimes the are also called Web API's (Application Program Interface).
A Web Application is quite similar to a Web Service but it provides an interface where the user can interact with. Usually Web Applications are consumers of Web Services or Web APIs.
Following your example, Google email is could be considered as both, a Web Service and a Web Application. It is a Web Service because it provides a set of HTTP endpoints that works independently of its Web UI Application (GMail). In fact, you can find third party Web Apps that interact with the Google email Web API.
This concept is very important when designing Web Solutions. Ideally you want to design and implement a good Web API, usually a RESTful Service (in JSON/XML). Then you or others will be able to implement different types of applications (Web, Mobile, etc.) because of this API.

When to use standalone web service approach

I just started learning web services. In bottom up approach, I have found some examples without being deployed in any application server. I mean a standalone web service application.
Here is an example of such type.
I have also given a try and done a walk-through of deployable simple web service examples.
So far to my learning of web services, I got to know that firstly, bottom-up- approach is not recommended. Now, in bottom-up approach, this standalone web service. When is it applicable to follow standalone web service procedure?
Endpoint.publish();
I guess, this approach is provided just for beginners and not to follow as a real-time practice. Is my interpretation correct?
I would make my application as a standalone web service if it will have multiple clients like:
Web Client via a web browser
Mobile App Client
Desktop Client
Then I could build every one of them alone using whatever the technology I prefer, and make it consumes my standalone web service.
For example, You could imagine the guys behind Twitter started developing it by building their core system as web service, then they build an independent web interface application for it, then they built the Twitter Android and iPhone APP, and another one came and introduced a Twitter Desktop client like Tweetbot and TweetDeck ... etc

How to expose desktop application as a Secure Web Service?

The Window desktop application provides C++ API that gives an array of customer information such as name and address. I want to expose this as SOAP Web Service with Security so that authorized clients (from remote servers Linux/Java based through ESB) of this web service can get this information at any time they want in SOA implementation (Java based).
The desktop application does not have a standard database. It stores its data internally. Its basically old custom built CRM application that is installed on each agent's PC box. Each agent has its own list of customers.
What are the steps to achieve this task?
Do I need to run this as Windows service?
The short answer is, yes, you can expose data from a desktop application through a SOAP web service. It is easier to do with C# and .NET, but not impossible to do from C++. What steps you need to take will depend on which platform you are developing for.
Roughly -
Implement an endpoint that supports SSL where clients can connect to your desktop application (using sockets in C++ or HTTPListener using .NET).
Write code that can receive and dispatch SOAP requests.
Handle SOAP requests and return properly formatted SOAP responses.
Handle WSDL requests.
Implement a security mechanism (cookie based or otherwise).
Using .NET, most of this is in the platform code already, you just have to put the pieces together. With C++, you may find some third party libraries but essentially you'll be writing your own.
You only need to implement a windows service if you want the data to be available while a desktop user is not logged in and running your desktop application. The challenge here is that you'll have to make sure the windows service can access the same data the desktop application is using.
Another strategy would be to access the data from your desktop application using the C++ API and Interop and implement the web service as a standard out of the box asmx hosted on IIS.

server side for mobile application in java me

Im making mobile application in java me and I want to have server side from where Ill get some information for the application (not to have much information in xml file in the application).
I dont have much experience with servers, so I would like to know how to deal with it.
Probably I should make some web services.
Im working in NetBeans 6.7
Thanks in advance!
Milan
Assuming you want to stick with Java, I would implement your server side as a simple Servlet. If all you want to do is send an XML file to the client I think using a proper web services stack is probably overkill and will over complicate things.
Using this approach your mobile app simply makes an HTTP connection to your Servlet, which responds with your XML file.
In fact, if it's a static XML file you don't need any kind of server side code, any web server would suffice.
The Glassfish application server that probably comes with Netbeans will let you run a Java servlet on your local computer.
Accessing it from a J2ME emulator running on the same computer is easy.
Accessing a servlet from a MIDlet running on a real mobile phone is more complicated.
I would suggest looking at Google App Engine for easy deployment of a test server that can be accessed from a mobile phone.
I recommend you to use Http Post instead of Web services. Some mobile devices does not support web services (defined in JSR 172)