I'm creating a web service (asmx) using asp.net mvc 3 and it has a few web methods that send and receive data. I want to encrypt this data as it goes in and out. Does anyone know of any references that might help me out? Or have a solution? I'm quite new to this, although I've done some reading I haven't found anything on the best way to protect information going in and out of the server.
I think the easiest thing to do is to make your web service endpoints secure using SSL certificate.
See this MSDN article for more info
Also, I would recommend using WCF as it will give you more configuration options (a lot more!) but is also widely used. See this article for more info about using SSL with WCF
Related
I need to be able to have some web methods (in asmx) require windows authentication to be used, and others to require no authentication at all. Is this possible? If not, what would you recommend I do, best practices etc?
I am fairly new to web development, sorry if this is trivial.
Thanks for the help
Create and host two different webservices and separate your methods based on their authentication need. So you can enable windows authentication in one.
I have a small routine that programmatically builds an XML file that resides in memory based on a dataset that I send to the routine (it's called CreateAdXML()).
My buddy says I should turn it into a 'webservice', but I'm not quite sure what he means or how to do that. Can someone offer me some pointers? Is it relatively easy to take existing code for an asp.net site and turn it into a webservice?
There are many possibilities to create web services for an ASP.NET application. It all comes down to what you actually need:
If you need secure connections, advanced serialization, WSDL support etc...
Go for WCF (http://en.wikipedia.org/wiki/Windows_Communication_Foundation)
MSDN : http://msdn.microsoft.com/en-us/library/vstudio/ms735119(v=vs.90).aspx
If you only to expose a few methods:
Go for WebMethods (that's deprecated + quick and dirty in my opinion)
WebMethod tutorial: http://msdn.microsoft.com/en-us/library/byxd99hx(v=vs.90).aspx
If you need to expose data through a standardized interface, interoperable and bandwith-friendly service (that's called REST):
Go for Web APIs
Official page: http://www.asp.net/web-api
There also a lot of webservices frameworks available on codeplex, do some research to see if one suits your need better. A few well known are RestSharp and ServiceStack.
My advice:
From what you described, I would go with WebMethods for test purposes only. Once you know more about the client that will consume you web service, chose one of the apropriate framework.
If however you need to expose more methods, you should consider using Web APIs or WCF from the start, since these are much cleaner web service frameworks. It will also make you service stack MUCH easier to maintain.
It sounds to me more like you need to make it a utility method instead of a web service, as this will allow all of your web project to use this functionality, but not necessarily expose it beyond the boundaries of your application.
If you insist on making it a web service, then read A Beginner's Tutorial for Understanding Windows Communication Foundation (WCF).
It is fairly easy to create web services from ASP.NET code (VB.NET/C# etc..)
You can use the following link to help you understand more about ASP.NET Web Services.
http://msdn.microsoft.com/en-us/library/t745kdsh(v=vs.90).aspx
HOW TO: Write a Simple Web Service by Using Visual C# .NET
But all of the other answers are good too.
I'm pretty new to services within .NET and not too experienced with .NET in general, so please excuse my ignorance.
I've been tasked with implementing a self-contained login control which could be used within a number of applications. I've done some browsing around and have made a little progress, but wondered if there might be a better way to go, before I go too far.
So far, I have an AJAX Server Control which includes a .asmx web service that is being called through AJAX.
I have concerns about the security of this solution and also understand that .asmx is no longer in favor due to the rise of WCF and Web API. I've tried to find an example of WCF or web API being used in a similar manner, but haven't come across anything. Is this possible?
I'm also thinking that maybe a better approach would be to have the Web API service run outside of the Control, but just have the control call it.
Is this even a secure way to manage authorization and authentication?
Any pointers would be appreciated.
You can start here: Exposing WCF Services to Client Script
I can't find anything on the implementation of service discovery for the ASP.NET Web API. For a new project I need to make a decision between WCF and Web API. The service element will be consumed by a variety of clients, mobile, client-side JavaScript but also an ASP.NET website.
For the website the convenience of being able to generate a client against a WCF service is obviously a plus. I am not that familiar with RESTful web services but I see that there is Web Application Description Language (WADL). Maybe it is my ignorance but surely it is a good thing to be able to advertise the correct way to consume your service?
My main question: is there anything that generates a WADL or similar for WEB API?
Secondary question: this tool looks like it generates a client based on a WADL, is there anything else that makes life easy keeping a client up to date with a RESTful web service?
There is a considerable amount of work going in there. It is not finished but watch the space.
Having a look here (and newer Yao posts):
http://blogs.msdn.com/b/yaohuang1/archive/2012/05/21/asp-net-web-api-generating-a-web-api-help-page-using-apiexplorer.aspx
Also
http://blogs.msdn.com/b/yaohuang1/archive/2012/06/15/using-apiexplorer-to-export-api-information-to-postman-a-chrome-extension-for-testing-web-apis.aspx
I blogged an approach to generating WADL with ASP.NET Web API here: http://blogs.msdn.com/b/stuartleeks/archive/2014/05/20/teaching-asp-net-web-api-to-wadl.aspx
I'm looking to make a RESTful API on ASP.NET for a website. My problem is that I need it to be integrated into the website and not as a separate project.
I understand that WCF makes this really easy and its the ideal way to do it, but I don't think you can combine a WCF Service Project and a ASP.Net Website, Is this correct?
Is there a way we can do this using a webservice (asmx) file (since I know that asmx services use SOAP no?)
The reason I need this to be in the same project is that the customer will be able to purchase ssl for their domain (which the website is going to use) and I need to make the API secure as well, but the customer should not be asked to purchase two ssl or even a wildcard one.
Knowing this, is there a better easier way of doing this using WCF?
Take a look at the new MVC4 Beta, it's set to go live sometime between March and April this year and should be able to accommodate your requirement to build a RESTful web service alongside a web application. I haven't spent too much time with MVC4 to go into the details, but it's definitely worth a look. Links: Get MVC4; MVC4 and WebAPI blog.
Hope this helps!
You can use ASPNET MVC to build an API along with your website.
See How can I implement a site with ASP.NET MVC without using Visual Studio? for some details on building a basic MVC site.
ASPNET MVC services can respond in JSON or XML, or both.
There will be no special requirement for two SSL certs.
I have an ASP.NET MVC 3 application that exposes both WCF REST services. I'm using .NET 4. You'll have to pay attention to how you configure your routing. For example, my WCF services are prefixed with something like "api/v1/" while all other requests are handled by ASP.NET MVC 3.
I had a problem because IIS refused to serve some "localhost" requests (like when your MVC 3 controllers try to consume your WCF rest services). That was solved by adding an entry to my hosts file. Also be aware of this when implementing an OAuth 2.0 Resource Server or Authorization Server.
Using WCF for REST services works ok in .NET 4, but the JSON serialization sucks big time. There are issues with default dates and it is rather slow. You may want to look at using a different serializer. With WCF you sacrifice some flexibility for some features you get for free.
ASP.NET MVC 4 (and the WEBAPI) is still in BETA, so I'd avoid that for a project with a short term release date.
I'd actually use NancyFX. Setting up routes is super-easy, and it comes with built in XML and JSON serializers that act based on the data in the headers.