I am trying to using sabre web service in one of my php application.
But I am confuse how to implement it.
I done lots of R & D on google but still not get result.
Has anyone solution ? please guide.
Thanks in Advance.
You should look into PHPs Soap Client APIs:
http://php.net/manual/en/class.soapclient.php
To use sabre php, you will need to create a session with the username and logins. In the session there will be a token which you include in your soap request.
You could either use SOAPUI or just post to the endpoint with a xml.
To get fares back, it is best to use BargainFinderMax.
Why have to be with PHP?
Sabre SOAP model is easy to consume using .NET, just point to the Service WSDL, instanciate the service, create the request object, pass it to the service then get the response and mapp to a custom object.
Related
I built a wcf rest service with form authentication. All the settings are set in config file. This service needs to be consumed by android client. So can any body please tell me how to send the request with log in credential to the rest service which is implemented using forms authentication.
Note: I know by implementing custom login service method we can validate the client and pass the cookie for the wcf rest method to authenticate.
I am looking for different solution like in single request we pass the credentials it validates the user with membership and gives the response. Please let us know if u need any further information.
This is a very broad question, so it will be difficult to answer completely. For the WCF side, you can follow this: How to Consume WCF Service with Android. The idea is to return a token, or session, ID when the user successfully authenticates in the system, and each subsequent request uses this token to identify itself. That approach uses SOAP, but you can also use REST too, which REST may be easier to consume in an Android client (REST worked great for me).
See this post, Need advice on authentication for android client connecting to the WCF Rest setup, for more guidance on the setup too. When I setup my authentication mechanism, I did a lot of research online to figure out the best approach to take. A lot of people mentioned just use OAuth 2, and make sure you are using HTTPS communication. So if you can use OAuth or Facebook/Twitter/Google+ for authenticating, that would be a good approach and take a lot of the headaches away.
I am looking for something that I haven't been able to find out as yet.. Can you please tell me that if there's a way that I can use, the token returned by the STS, with a claims aware WCF webservice. Like for now I am trying to do it I am able to create a claims aware WCF service but when i try to call it's function in the Relying party (which has been authenticated by the STS) its unable to consume it. It gives an error {"The incoming policy could not be validated. For more information, please see the event log."}
Any help or suggestion will be highly appreciated. Thank you.
Finally got the answer to my question. Now when it comes to consuming a claims aware webservice we should have an Active STS for its authentication. There are two kinds of Secure Token Services one is Active and other is passive. Active is used to authenticate Webservices and Passive is used for websites authentication.
I have asp.net Web services, and I use them in my site using JS ajax calls.
I would like to set up a security mechanism (of any type) that will allow only users surfing the site to call them, and not just anyone requesting from those webservices.
How can I do that?
Thanks
Have a look at Building Secure Web Services.
A simple way will be to know the IP address of your site and then check whether its same as
HttpContext.Current.Request.UserHostAddress
Allow access only if both matches.
You can use ASP.NET Authentication.For more on authentication in webservirce check this
I have implemented security to my Webservices with Web Service Enhancements 3.0. There are many basic examples on the net that you can check out. But basically you want every Method to be called through a Post instead of a Get, and you would send a SOAPHeader with every HTTP call. The service/method checks the SOAPHeader validates and returns valid content only if the user is authenticated/valid.
Good luck!
I have one VS application named Dotnetpanel, which provides a lot of webservices.
I created another another VS application say TestModule in which I need to create the webservice client. But when I try to create a client and call the webservice in TestModule, an error occured"The request failed with HTTP status 401: Unauthorized." From one of articles I have read that
DotNetPanel API implemented as a set of SOAP Web Services.
Requirements:
WSE 3.0 or Basic Authentication
****Each API call should have user’s credentials provided****
Basic Authentication:
For interacting with DotNetPanel API you should use Basic Authentication. DotNetPanel recognizes “Authorization” header with the user credentials provided in the following format: username:password.
So my question is I have a user credentials which can pass to the TestModule and after that how can I call the DotnetPanel webservices from the TestModule with Basic Authentication.
Regards
Fenix
Sounds to me that you have to send those credentials as a parameter to the web service.
Try to call the web service url to see its methods. When calling to the web service directly from the browser, you have to be able to see a list of methods, then search for the method you're trying to use and click on it. You'll see the SOAP request and response definitions. You can take a look at what parameters is the web service expecting. I think if it asks you for credentials, there has to be a couple of param for that there.
Hope it helps.
I've built ASP.NET Web Services in the past that either were publicly consumed, or used Windows Authentication. I now need to build a Web Service that uses the SOAP 1.1 protocol and it needs to be secured with a username and password from the caller.
It seems setting up the infrastructure for WCP is overkill for one or two Web Services. Any other suggestions? I was also thinking of using ASP.NET 4.0 Beta, if anyone has explored that for this scenario, it would be helpful to know your opinion.
Thanks in advance for your suggestions.
The simple way is to create a special header that carries the auth info for every call and authenticate/authorize the user that way
Here's some sample code:
http://aspalliance.com/805_Soap_Headers_Authentication_in_Web_Services
Note that in this way you are sending clear text username and password so you would want to use ssl or use some kind of digest authentication
There are different ways of doing this. One could be enabling access to a specific sets of IPs. If the IP doesn't match one of the lists then you could easy reject the call at method's level.
Otherwise, you could create another method that would return a token and then make all the relevant methods to expect that token in return in order to process the request.
Use SSL. Force everyone who consumes your webservice to use https.
//Check for Secure Channel: HTTPS
if (!Context.Request.IsSecureConnection)
return "The HTTP Connection must use Secure Sockets (HTTPS)";