I have an asp.net mvc application, which allows to upload company structure using CSV file. I was asked about possibility to automate this function using powershell script.Creating CSV in powershell is easy, but I do not have an idea how upload to asp.net.
My first choice was to use WebClient, but I have problem with authentication - in mvc we are using forms authentication.I read here that it is possible, but if my login form changes I will have to send updated script to client. I would like to omit mange code on client side.
The second option is to crate separate controller and use in it authorization token, but I look like "inventing a wheel again", because I would need to write all code responsible for authentication.
Can I improve one of above options? Or maybe there is a better choice?
You might be able to use the existing web service using the Invoke-RestMethod cmdlet, but it could take two separate invokes. For both invocations you'll probably need to say -Method Post. Its possible to do all this with WebClient, but the cmdlet may be easier to describe. I haven't actually tried this, but it could look something like this:
Invoke-RestMethod -Method Post $loginPage -SessionVariable webSession -Body "..."
Invoke-RestMethod -Method Post $uploadPage -WebSession $webSession -Body "..."
For the first invocation, you specify the URL of the login page, and would simulate a web forms login by providing a username and password in the -Body parmeter, and use -SessionVariable to capture and store context for making the next request(s) authenticated.
In the second request, you use your data upload URL, the -WebSession parameter to supply the context established by the first request, and -Body to upload your CSV. Note that you need the dollar sign on the webSession variable in the second one, but not the first.
Of course, you'll need to store the username/password for the automation to use somewhere, but that's always needed for unattended automation. A possible slick approach to mitigate this would be to use client certificate-based credentials rather than a web form authentication.
How about using a side channel?
There are two approaches. You either send it to the customer's web server every now and then, or the web server downloads the data from you.
For sending data, FTP over SSL should be secure enough. Here is an example about how to command FTP with Powershell. FTP/SSL is easy enough to configure for IIS.
For receiving data, just publish the CSV on your own web site. Set up a script on the customer's web server that downloads CSV every now and then. If the CSV should not be accessible to anyone but the customer, require a client certificate.
I would probably do it like this:
Step 1: Create an https webpage on the asp.net server to receive the csv
Step 2: Create a powershell script that calls curl with the -F option to post a file to it and append any metadata you need on the call
Step 3: Upon receiving the file, store it using the metadata provided in the form and append clientid/date/etc to the file
Related
we would like to know if it is possible to send parameters to Webdav server (for example as query string path: http://server:8080/WebDavItHit/Notes.txt?param=value...") using IT Hit WebDAV Server Library for Java + JS Client.
We are looking forward to validate individual users using other application, and sending some parameters could be really useful.
We appreciate any way or alternative for doing this with your library.
Some WebDAV clients, such as MS Office will truncate query string when saving a document. So to pass parameters, you will typically do this in file path, for example:
https://server/[SessionID1234567890]/path/file.ext
I am working with a historic API which grants access via a key/secret combo, which the original API designer specified should be passed as the user name & password in an HTTP Basic auth header, e.g.:
curl -u api_key:api_secret http://api.example.com/....
Now that our API client base is going to be growing, we're looking to using 3scale to handle both authentication, rate limiting and other functions. As per 3scale's instructions and advice, we'll be using an Nginx proxy in front of our API server, which authenticates against 3scale's services to handle all the access control systems.
We'll be exporting our existing clients' keys and secrets into 3scale and keeping the two systems in sync. We need our existing app to continue to receive the key & secret in the existing manner, as some of the returned data is client-specific. However, I need to find a way of converting that HTTP basic auth request, which 3scale doesn't natively support as an authentication method, into rewritten custom headers which they do.
I've been able to set up the proxy using the Nginx and Lua configs that 3scale configures for you. This allows the -u key:secret to be passed through to our server, and correctly processed. At the moment, though, I need to additionally add the same authentication information either as query params or custom headers, so that 3scale can manage the access.
I want my Nginx proxy to handle that for me, so that users provide one set of auth details, in the pre-existing manner, and 3scale can also pick it up.
In a language I know, e.g., Ruby, I can decode the HTTP_AUTHORIZATION header, pick out the Base64-encoded portion, and decode it to find the key & secret components that have been supplied. But I'm an Nginx newbie, and don't know how to achieve the same within Nginx (I also don't know if 3scale's supplied Lua script can/will be part of a solution)...
Reusing the HTTP Authorization header for the 3scale keys can be supported with a small tweak in your Nginx configuration files. As you were rightly pointing out, the Lua script that you download is the place to do this.
However, I would suggest a slightly different approach regarding the keys that you import to 3scale. Instead of using the app_id/app_key authentication pattern, you could use the user_key mode (which is a single key). Then what you would import to 3scale for each application would be the base64 string of api_key+api_secret combined.
This way the changes you will need to do to the configuration files will be fewer and simpler.
The steps you will need to follow are:
in your 3scale admin portal, set the authentication mode to API key (https://support.3scale.net/howtos/api-configuration/authentication-patterns)
go to the proxy configuration screen (where you set your API backend, mappings and where you download the Nginx files).
under "Authentication Settings", set the location of the credentials to HTTP headers.
download the Nginx config files and open the Lua script
find the following line (should be towards the end of the file):
local parameters = get_auth_params("headers", string.split(ngx.var.request, " ")[1] )
replace it with:
local parameters = get_auth_params("basicauth", string.split(ngx.var.request, " ")[1] )
finally, within the same file, replace the entire function named "get_auth_params" for the one in this gist: https://gist.github.com/vdel26/9050170
I hope this approach suits your needs. You can also contact at support#3scale.net if you need more help.
So I have a webpage, ("http://data.terapeak.com/verify/") and I don't see any & tags in the URL so I am unaware how to post data to this. I need to do this via HTTPRequest rather than browser control. I am creating a double threaded batch searching program. I have already successfully made this using a single browser control but that wont allow for multi-threading, atleast with my current knowledge due to the fact that even when creating a new frmBrw that already exists it needs for me to set the threat apartment to single. If i set it to single, I am unable to have it send the data the the excel sheet I need both threads to access. I hope this is clear... The basic question is how can I log into this form via HTTP request.
This isn't going to be easy to answer without further details however I suspect you'll need to provide the variables via a HTTP POST request.
Can you successfully login to this page in your browser? If so, run a proxy tool such as fiddler and check the HTTP headers it makes to the server. You should see the form variables being passed over. You then need to mimic this in code.
How to: Send Data Using the WebRequest Class
Hope this gets you started
I am using a thirdparty credicard processing company. I am sending amount to pay creditcard number etc to them. They said they will postback the results such as confirmation number to a url provided by me. I have to save the confirmation number in my database. Mine is an asp.net web application. I am wondering what will be best way to provide a url. Should I give an aspx page or create a http handler which will process the data from the third party company?
Thanks
Definitely a generic http handler (.ashx), because it's a lot more lightweight than .aspx.
The basic idea: use .ashx when you don't need to display a web page to end user, otherwise use .aspx.
Should I give an aspx page or create a http handler ... ?
Neither, use a WCF service.
WCF service to accept a post encoded multipart/form-data
I'm trying to utilize the Amazon Product Advertising API. They provided me with a .wsdl file which I consumed and generated wrapper classes for via Visual Studio 2008's "Add Service Reference" option. This wrapper class works just fine as is and I've been successfully sending requests and receiving responses from Amazon.
However, they are now requiring that all partners start authenticating their requests. They have provided me with two .pem files (one which they call my X.509 certificate file, and one which they call my private key file). I'm not entirely sure what to do with these files. Amazon states the following:
Each SOAP request must be signed with the private key associated with the X.509 certificate. To create the signature, you sign the Timestamp element, and if you're using WS-Addressing, we recommend you also sign the Action header element. In addition, you can optionally sign the Body and the To header element
I realize that much more information may need to be provided here, so please let me know if I need to provide further detail in order to get an answer to this question.
Checkout this article --> http://www.byteblocks.com/post/2009/06/15/Secure-Amazon-Web-Service-Request.aspx
Looks like it should help you out.
Other links that might help:
1) http://developer.amazonwebservices.com/connect/thread.jspa?messageID=132705