Could someone please be kind enough to show me the best way to determine if a webservice (ASP.NET) exists at a given URL?
I assume an approach will be something along the lines of issuing a request using System.Net.Webclient but how could I determine if it is a valid webservice and what sort of request should I issue?
EDIT: To add a bit more context I am determining if a webservice exists because I am attempting to build a generic tool that uses arbitrary webservices.
The only way IMHO to be sure the service is up is to be able to call an innocuous method on the service and verify the response. Retrieving the WSDL is not sufficient.
There is a similar SO question on this here:-
How do I test connectivity to an unknown web service in C#?
I would ask for WSDL document. If you get it back it means that the service exists and you can check to WSDL for implemented methods.
Consider reading about WS-Discovery
http://docs.oasis-open.org/ws-dd/discovery/1.1/wsdd-discovery-1.1-spec.html
Related
Currently working on an ajax call to an ASP web service (.asmx).
In a situation where I POST to the url/.asmx/WebMethod, am I exposing information of any kind?
In the 'WebMethod' I am running a PostJsonAsync that calls an API and passes along a json string.
As I am still learning, I've been told that calling any public [WebMethod] exposes the code, but I am not sure how that is possible.
Is it possible at all for a user to access the WebMethod server-side code that I have and peek into the API calls that are available?
I've attempted some minor security methods.. We are working with Sitefinity CMS. What I did was call a WebMethod that receives the CurrentUserIdentity and returns a GUID. If the current user is logged in, it returns a valid Guid, if not it returns a Guid full of zeros.
Then, I call the WebMethod containing my API call and post a json object along with the valid or invalid GUID. The server-side WebMethod code will then verify if the GUID is valid and continues based on if a UserProfile can be generated.
To me, this seems to be secure, but I've been told that this still leaves the WebMethod exposed as well as the API. I am however just not understanding what is exposed and what can be used.
If anybody can direct me to any resources that has more information on this, or if anybody can advise me on WebService security, I would appreciate it.
Thanks in advance.
If you're calling the methods via AJAX, then they are exposed to the public...and can be called by anything that can make a call to your server. That being said, there's nothing wrong with it unless you're doing something that's easily abused.
In your particular case, it sounds like the code is accepting a GUID that is assumed to have come from the first API call. If that's really the case, you may want to rethink how the mechanism works. Adding authentication checks for each method that needs to be restricted may be a better solution.
I am considering implementing WCF Data services in one of my projects. After extensive research, I have some questions that have yet to be answered. If someone can please help me out?
When we are passing concrete data specific operations (albeit over HTTP using URI's), why is a WCF data service next to the UI layer in most of the documentations? Shouldn't it be a higher level of abstraction than interfacing between UI and the EDM?
Why is the passing of a URI needed to establish context? Wasn't the URI passed into the ADD SERVICE REFERENCE (or DATASVCUTIL) to generate client proxy classes? Why this redundancy whenever a context needs to be established?
What if my service URL changes? How to determine this service URL dynamically? For example, let's assume I have a WCF DATA SERVICE at http://localhost:8443/project1/WCFSERVICE1. How can i get this URL dynamically at runtime (because of the changing port under VS)????
I have seen some examples where DataServiceRequest and DataServiceResponse are used; sometimes they are not and the query is directly executed via CREATEQUERY or EXECUTE. What is the difference in one line??
How to access a remote service over corporate network proxy? I know we can pass defaultcredentials to the webrequest but how is that to be done with wcf data service client proxy classes?
P.S. For now, I have configured a static port in visual studio. However, how to get this port dynamically?
Appreciate your help.
Just saw this, I'm sure by now you've got answers to most of these questions, but here goes.
Your question 3 is the answer to your title question. Passing the URI in the constructor means you have greater runtime flexibility for the location of the data service. So in my case I've got the port and server name as application settings that can be modified at runtime without the need to modify the application.
Hope this helps.
Lets say I am building a web service that is returning a random number?
Real world example: http://www.random.org/integers/?num=10&min=1&max=6&col=1&base=10&format=plain&rnd=new
random.org does this via GET method, which is not RESTful I think. Specs are saying that GET method should be idempotent.
What method would you suggest and what would your URL be?
There is no problem here. Being idempotent has nothing to do with returning the same thing all the time.
I would like to pass an arrayList of objects to a servlet from a java program.
Can some one please tell me, how this can be done.
Look at this link they describe the process ind detail
http://www2.sys-con.com/ITSG/virtualcd/java/archives/0309/darby/index.html
Please note that if you are going to serialize objects back and forth that the compiled version must be in sync on both the client and the server or you will get errors. I would recommend converting your objects to either XML or JSON and then reading them from that on the server side. That way if you client and server code get out of sync it will still work.
For the client I would recommend Apache's HttpClient (or whatever they have renamed it to)
Have you considered using a web service framework for this instead of coding a naked servlet? The whole business might be about 10 lines of code using, for example, an Apache CXF JAX-RS service and client. If the objects are complex, you might want to use a full SOAP service.
Our web services are distributed across different servers for various reasons (such as decreasing latency to the client), and they're not always all up-to-date. Rather than throwing an exception when a method doesn't exist because the particular web service is too old, it would be nicer if we could have the client check if the service responds to a given method before calling it, and otherwise disable the feature (or work around it).
Is there a way to do that?
Get the WSDL (append ?wsdl to the URL) - you can parse that any way you like.
Unit test the web service to ensure its signatures don't break. When you write code that breaks the method signature, you'll know and can adjust the other applications accordingly.
Or just don't break the web services and publish them in a way that enable syou to version them. As in http://services.domain.com/MyService/V1.1/Service.asmx (for .NET) so that way your applications that use v1.1 won't break when you publish v1.2 and make breaking changes.
I would also check out using an internal UDDI server if it's really that big of a hasle to manage your web services. Using the Green Pages of UDDI will tell you what you want to know about the service.
When you are making a SOAP request you are just sending an HTTP request to a server. If the server understands it, it will respond with an HTTP 200 and some XML back, if it doesn't it will send you some error HTTP code (404, 500, ...)
There is no general way to ask for the existance of a "method" exposed by a web service. Try to use the WSDL exposed if it is automatic, or just try to use the "method" and check for an error in the response (you don't have to send an exception to the user...)
Also, I don't know if I understood you well, but you are thinking of quering the server twice, once to check if the method exists, and second to make the actual call it if it does? I would just check for the error if it doesn't, and proceed normally if it does.