I have an extremely basic API set up on my IIS. I'm doing nothing with the code yet:
public class RESTAPIController : ApiController
{
// GET: api/RESTAPI
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}
// GET: api/RESTAPI/5
public string Get(int id)
{
return "value";
}
// POST: api/RESTAPI
public void Post([FromBody]string value)
{
}
// PUT: api/RESTAPI/5
public void Put(int id, [FromBody]string value)
{
}
// DELETE: api/RESTAPI/5
public void Delete(int id)
{
}
}
What I need to do is be able to POST/GET to this API from another computer on the same network. I can POST/GET/etc. on my own computer using the YARC Google Chrome extension. If I am debugging the API from Visual Studio, the breakpoint hits letting me know that it's working, I also get the 200 response back.
I'd like to be able to POST/GET to this API from another computer that lives on the same network. I always get a connection timeout error. The URL seen in the YARC app photo uses http://172.16.1.132:100/RestAPI/api/RESTAPI where "172.16.1.132" is my PC's ethernet port ip address for the port I am connected to. ":100" is the port that I have bound in IIS, ":80" could also be used. "RestAPI" is the name of the API that I am trying to call and "api/RESTAPI" is how to call the POST/GET method.
I've tried:
Completely disabling my firewall and Windows Defender;
Disabling the firewall on my router;
various configurations of the URL (different ports/authentication types/etc).
I'm very new to web apps and networking and I'm not even sure if what I am trying to do is possible. Any help is greatly appreciated. Thanks in advance!
Use iisexpress-proxy - A simple local proxy for accessing IIS Express from remote machines.
Open command prompt as administrator and run
npm install -g iisexpress-proxy
then
iisexpress-proxy 100 to 81 (100 - localPort and 81 proxyPort)
Access the API using this address on the other PC http://172.16.1.132:81/RestAPI/api/RESTAPI
Note: instead of 81 any other unused port can also be taken.
I added a new asp.net project which only hosts (Classic) WebServices on top of my MVC app.
The Web Service calls the Biz Objects which are located in Biz Layer Dlls.
WebService clients are just like the regular users, they have to be authenticated and authorized per operations.
I am using a SOAP authentication token to validate the user upon first call, then passing that token around per following calls.
BizObjects access the IUserSessionManager to get the authorized user, and then call the authorize the user per request. This was pretty easy with the MVC app and the Windows app that the BusinessObjects are called from.
So how do I store user info in the following system where my BusinessObjects can retrieve them from. (This might be easy for you but I am not comfortable working with Web Services)
public class XyzUserSessionManager
{
private static IXyzUserSessionManager _instance;
public static IXyzUserSessionManager UserSessionManager
{
get { return _instance; }
set { _instance = value; }
}
public static IXyzUserSession Current
{
get { return UserSessionManager.Current; }
}
}
public IXyzUserSession Current
{
get
{
if (HttpContext.Current == null || HttpContext.Current.Session == null || HttpContext.Current.Session[SessionKey] == null)
return null;
return (IXyzUserSession)HttpContext.Current.Session[SessionKey];
}
protected set
{
HttpContext.Current.Session[SessionKey] = value;
}
}
You can enable session state support just like for regular web apps. This is done on a per-method base. See more details here: http://msdn.microsoft.com/en-us/library/aa480509.aspx
I'm just getting started with ServiceStack and, as a test case, I am looking to rework an existing service which is built using standard ASP.Net handlers. I've managed to get it all working as I want it but have certain aspects which make use of the ASP.Net Session object.
I've tried adding IRequiresSessionState into the service interface:
public class SessionTestService : RestServiceBase<SessionTest>, IRequiresSessionState {
public override object OnPost(SessionTest request) {
// Here I want to use System.Web.HttpContext.Current.Session
}
}
The trouble is I can't seem to get it to work as the Session object is always null.
I've done a lot of Googling and have puzzled over https://github.com/mythz/ServiceStack/blob/master/tests/ServiceStack.WebHost.IntegrationTests/Services/Secure.cs and similar but I can't find any example code which does this (which surprises me). Can anyone explain why the above doesn't work and advise what I need to do to get it working?
Note: Ultimately I'll probably look to replace this with Redis or will try to remove any serverside session requirement, but I figured that I'd use the ASP.Net implementation for the time being, to get things working and to avoid reworking it more than is necessary at this point.
Using ServiceStack ISession
ServiceStack has a new ISession interface backed by ICacheClient that lets you share same ISession between MVC Controllers, ASP.NET base pages and ServiceStack's Web Services which share the same Cookie Id allowing you to freely share data between these web frameworks.
Note: ISession is a clean implementation that completely by-passes the existing ASP.NET session with ServiceStack's own components as described in ServiceStack's MVC PowerPack and explained in detail in the Sessions wiki page.
To easily make use of ServiceStack's Session (Cache & JSON Serializer) have your Controllers inherit from ServiceStackController (in MVC) or PageBase (in ASP.NET)
There is also new Authentication / Validation functionality added in ServiceStack which you can read about on the wiki:
Authentication and authorization
Validation
Using ASP.NET Session
Essentially ServiceStack is just a set of lightweight IHttpHandler's running on either an ASP.NET or HttpListener host. If hosted in IIS/ASP.NET (most common) it works like a normal ASP.NET request.
Nothing in ServiceStack accesses or affects the configured Caching and Session providers in the underlying ASP.NET application. If you want to enable it you would need to configure it as per normal in ASP.NET (i.e. outside of ServiceStack) see:
http://msdn.microsoft.com/en-us/library/ms178581.aspx
Once configured you can access the ASP.NET session inside a ServiceStack web service via the singleton:
HttpContext.Current.Session
Or alternatively via the underlying ASP.NET HttpRequest with:
var req = (HttpRequest)base.RequestContext.Get<IHttpRequest>().OriginalRequest;
var session = req.RequestContext.HttpContext.Session;
Although because of the mandatory reliance on XML config and degraded performance by default, I prefer to shun the use of ASP.NET's Session, instead opting to use the cleaner Cache Clients included with ServiceStack.
Basically the way Sessions work (ASP.NET included) is a cookie containing a unique id is added to the Response uniquely identifying the browser session. This id points to a matching Dictionary/Collection on the server which represents the browsers' Session.
The IRequiresSession interface you link to doesn't do anything by default, it simply is a way to signal to either a Custom Request Filter or base web service that this request needs to be authenticated (i.e. two places where you should put validation/authentication logic in ServiceStack).
Here's a Basic Auth implementation that looks to see if a web service is Secure and if so make sure they have authenticated.
Here's another authentication implementation that instead validates all services marked with an [Authenticate] attribute, and how to enable Authentication for your service by adding the Attribute on your Request DTO.
New Authentication Model in ServiceStack
The above implementation is apart of the multi-auth provider model included in the next version of ServiceStack. Here's the reference example showing how to register and configure the new Auth model in your application.
Authentication Strategies
The new Auth model is entirely an opt-in convenience as you can simply not use it and implement similar behaviour yourself using Request Filters or in base classes (by overriding OnBeforeExecute). In fact the new Auth services are not actually built-into ServiceStack per-se. The entire implementation lives in the optional ServiceStack.ServiceInterfaces project and implemented using Custom Request Filters.
Here are different Authentication strategies I've used over the years:
Mark services that need authentication with an [Attribute]. Likely the most idiomatic C# way, ideal when the session-id is passed via a Cookie.
Especially outside of a Web Context, sometimes using a more explicit IRequiresAuthentication interface is better as it provides strong-typed access to the User and SessionId required for Authentication.
You can just have a 1-liner to authenticate on each service that needs it - on an adhoc basis. A suitable approach when you have very few services requiring authentication.
That's a great and comprehensive answer by #mythz. However, when trying to access the ASP.NET session by HttpContext.Current.Session within a ServiceStack web service, it always returns null for me. That's because none of the HttpHandlers within ServiceStack are adorned with the IRequiresSessionState interface, so the .NET Framework does not provide us with the session object.
To get around this, I've implemented two new classes, both of which use the decorator pattern to provide us with what we need.
Firstly, a new IHttpHandler which requires session state. It wraps the IHttpHandler provided by ServiceStack and passes calls through to it...
public class SessionHandlerDecorator : IHttpHandler, IRequiresSessionState {
private IHttpHandler Handler { get; set; }
internal SessionHandlerDecorator(IHttpHandler handler) {
this.Handler = handler;
}
public bool IsReusable {
get { return Handler.IsReusable; }
}
public void ProcessRequest(HttpContext context) {
Handler.ProcessRequest(context);
}
}
Next, a new IHttpHandlerFactory which delegates the responsibility for generating the IHttpHandler to ServiceStack, before wrapping the returned handler in our new SessionHandlerDecorator...
public class SessionHttpHandlerFactory : IHttpHandlerFactory {
private readonly static ServiceStackHttpHandlerFactory factory = new ServiceStackHttpHandlerFactory();
public IHttpHandler GetHandler(HttpContext context, string requestType, string url, string pathTranslated) {
var handler = factory.GetHandler(context, requestType, url, pathTranslated);
return handler == null ? null : new SessionHandlerDecorator(handler);
}
public void ReleaseHandler(IHttpHandler handler) {
factory.ReleaseHandler(handler);
}
}
Then, it's just a matter of changing the type attributes in the handlers in Web.config to SessionHttpHandlerFactory instead of ServiceStack.WebHost.Endpoints.ServiceStackHttpHandlerFactory, ServiceStack, and your web services should now have the ASP.NET session avaialble to them.
Despite the above, I fully endorse the new ISession implementation provided by ServiceStack. However, in some cases, on a mature product, it just seems too big a job to replace all uses of the ASP.NET session with the new implementation, hence this workaround!
Thanks #Richard for your answer above. I am running a new version of service stack and they have removed the ServiceStackHttpFactory with HttpFactory. Instead of having
private readonly static ServiceStackHttpHandlerFactory factory = new ServiceStackHttpHandlerFactory();
You need to have
private static readonly HttpHandlerFactory Factory = new HttpHandlerFactory();
Here is updated code for this service
using ServiceStack;
using System.Web;
using System.Web.SessionState;
namespace MaryKay.eCommerce.Mappers.AMR.Host
{
public class SessionHttpHandlerFactory : IHttpHandlerFactory
{
private static readonly HttpHandlerFactory Factory = new HttpHandlerFactory();
public IHttpHandler GetHandler(HttpContext context, string requestType, string url, string pathTranslated)
{
var handler = Factory.GetHandler(context, requestType, url, pathTranslated);
return handler == null ? null : new SessionHandlerDecorator(handler);
}
public void ReleaseHandler(IHttpHandler handler)
{
Factory.ReleaseHandler(handler);
}
}
public class SessionHandlerDecorator : IHttpHandler, IRequiresSessionState
{
private IHttpHandler Handler { get; set; }
internal SessionHandlerDecorator(IHttpHandler handler)
{
Handler = handler;
}
public bool IsReusable
{
get { return Handler.IsReusable; }
}
public void ProcessRequest(HttpContext context)
{
Handler.ProcessRequest(context);
}
}
}
As of ServiceStack 4.5+ the HttpHandler can also support Async. Like so:
namespace FboOne.Services.Host
{
public class SessionHttpHandlerFactory : IHttpHandlerFactory
{
private static readonly HttpHandlerFactory Factory = new HttpHandlerFactory();
public IHttpHandler GetHandler(HttpContext context, string requestType, string url, string pathTranslated)
{
var handler = Factory.GetHandler(context, requestType, url, pathTranslated);
return handler == null ? null : new SessionHandlerDecorator((IHttpAsyncHandler)handler);
}
public void ReleaseHandler(IHttpHandler handler)
{
Factory.ReleaseHandler(handler);
}
}
public class SessionHandlerDecorator : IHttpAsyncHandler, IRequiresSessionState
{
private IHttpAsyncHandler Handler { get; set; }
internal SessionHandlerDecorator(IHttpAsyncHandler handler)
{
Handler = handler;
}
public bool IsReusable
{
get { return Handler.IsReusable; }
}
public void ProcessRequest(HttpContext context)
{
Handler.ProcessRequest(context);
}
public IAsyncResult BeginProcessRequest(HttpContext context, AsyncCallback cb, object extraData)
{
return Handler.BeginProcessRequest(context, cb, extraData);
}
public void EndProcessRequest(IAsyncResult result)
{
Handler.EndProcessRequest(result);
}
}
}
Asmx web service is called using Visual Studio generated code from MVC2 controller using code below.
Method call throws exception since web service certificate has expired. How to fix this so that web service can still used?
Using .NET 3.5 and MVC2.
public class AsmxController : Controller
{
public ActionResult Index()
{
var cl = new store2.CommerceSoapClient();
// System.ServiceModel.Security.SecurityNegotiationException was unhandled by user code
//Message=Could not establish trust relationship for the SSL/TLS secure channel with authority 'asmxwebservice.com'.
var vl = cl.GetVendorList( AsmxService.LicenseHeader() ,
new AsmxService.GetVendorListRequest());
return View();
}
}
}
From James blog:
So, for testing, we needed to find a way to bypass the certificate
validation. It turns out that you need to provide a
RemoteCertificateValidationCallback delegate and attach it to
ServicePointManager.ServerCertificateValidationCallback. What’s not
clear is what happens if two threads are competing to set this
property to different values, since it’s a static property. Reflector
suggests that the property set method doesn’t do anything fancy, so
you could easily get into a race condition.
so, he does the following:
// allows for validation of SSL conversations
ServicePointManager.ServerCertificateValidationCallback += new RemoteCertificateValidationCallback(ValidateRemoteCertificate);
// callback used to validate the certificate in an SSL conversation
private static bool ValidateRemoteCertificate(
object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors policyErrors)
{
if (Convert.ToBoolean(ConfigurationManager.AppSettings["IgnoreSslErrors"]))
{
// allow any old dodgy certificate...
return true;
}
else
{
return policyErrors == SslPolicyErrors.None;
}
}
I am making our large set of web services available to AJAX calls. I have added the [System.Web.Script.Services.ScriptService] to each service. We have a registered HttpModule that initializes some objects we use regularly for logging and internationalization in the IHttpModule.Init override. It appears that the IHttpModule.Init is called when I make a SOAP request to any web method, but not when I make a JSON request to any web method. I've confirmed this by writing to a file when it's called.
Are HttpModules utilized when a .Net web service is called through the javascript proxy (AJAX)? If so, am I lacking some sort of configuration? Relevant code bits included below.
-colin-
Web.config:
<httpModules><add name="GlobalApplicationModule" type="Common.GlobalApplicationModule, Common"/></httpModules>
HTTPModules.cs:
class GlobalApplicationModule : IHttpModule
{
public void Dispose()
{
Internationalization.LanguageProvider.ReleaseAllResources();
}
public void Init(HttpApplication application)
{
// DEBUG: Confirm that this method is called
StreamWriter writer = new StreamWriter("c:\\deleteme-HTTP_module_test.txt");
writer.WriteLine("Init called.");
writer.Close();
// Initialize logger
Common.Logger.Initialize("LogAssemblyPath", "LogClassName");
Common.CentralConfiguration.CreateConfiguration(new Common.CentralizedStrategy());
// Initialize language provider
if (!Internationalization.LanguageProvider.Initialized)
{
try
{
string debug = System.Configuration.ConfigurationManager.AppSettings["debugInternationalization"];
string languageAssemblyLocation = System.Configuration.ConfigurationManager.AppSettings["LanguageAssemblyLocation"];
string languageAssemblyBaseName = System.Configuration.ConfigurationManager.AppSettings["LanguageAssemblyBaseName"];
languageAssemblyLocation = System.Web.HttpContext.Current.Server.MapPath(languageAssemblyLocation);
Internationalization.LanguageProvider.Init(languageAssemblyLocation, languageAssemblyBaseName, false);
if (debug != null && bool.Parse(debug))
{
Internationalization.LanguageProvider.PrefixText = "*";
}
}
catch (Exception x)
{
Common.Logger.Instance.LogError("Could not intialize assembly language provider. Error: " + x.Message);
}
}
}
}
That's a very odd debug logging method... Your problem is most likely due to your IIS configuration. It sounds like IIS is not handing off the request to ASP.NET at all. Check your mappings.