hi i have developed a application, that works fine on the simulator, now i want to test the application on the actual device.
my application tries to access web services over the internet. I mean to say, the application makes SOAP request to web services. Also i am accessing the web services using https
So in this case, do i need to first sign the application.
if not, then how do i go ahead, with deploying the application.
i tried deploying the application, using the blackberry desktop manager, the application got installed, but it is not making calls to web service.i mean to say, the application is not hitting the web service
Are you getting any error messages from the application? If you need to sign any API's then you'll receive an error.
Use the Blackberry Browser to check if you can hit the webservice. Sometimes there can be issues if your handset is on a BES or if the webservice is behind a firewall.
Check that you have connections or it will timeout.
For https connection you can refer to foll. post :
http://supportforums.blackberry.com/t5/Java-Development/Connecting-your-BlackBerry-http-and-socket-connections-to-the/m-p/206242
This issue has to do with some MDS servers having a low default for how large the requests they can pass through are:
http://supportforums.blackberry.com/t5/Java-Development/HTTP-413-Request-Entity-Too-Large/ta-p/445983
Still trying to sort out a good solution to this myself for a service that returns a large XML packet since it can't be reliably known whether a user's service has the default minimum or something higher.
Related
We configured Azure web app infrastructure such way that consist
customer web portal and WebApp API site
Scenario: when a user accessing a customer web portal where all requests communicate from Web API like (GET, POST, DELETE, PUT).
Here actually the problem is Web API portal is publicly available for now (but I don't know about for what extent Web API visible to users publicly still requires or not?).
In our case Customer ----API call should be in internal communication only there no third-party vendors supply.
Is there any methods secure the cus--API.
We tried to secure cus---API azure network restrictions in Web API network settings but that not helps us (we got stuck the complete cus--API communication is blocked)
As I mentioned Web API hide from the internet then we applied Azure AD authentication for Web API.
In this case, we got results were negative
we have no prior knowledge from code level securing and communication token generation
Finally, we looking for suggestions, and suggest me what are security checks to WEB APP-API COMMUNICATING WITH CUSTOMER PORTAL. WHAT ARE SECURITY CHECKS THAT NEED FIGURE OUT?
Another big problem is really WEBAPP-API put publicly if yes then what are the ways to tighten security.
Please share ideas and suggestion it would be greatly helpful to us.
Thank you
In production mode I have the angular 5 client and the web api on the same site so I have no problem with the session but in development mode my angular 5 is hosted on localhost:4200 which reset the session on each call to a service.
I can host the angular 5 and the web api on the same host on development mode but it means I have to do ng build all the time(which will have a big overhead).
Any ideas?
Should I use the session? or there is a better way?
update
First of all just like Andrei Dragotoniu said the use of session in the web api is not best practice and should be avoided.
But if the web api must use the session I have found the solution for the development mode - add a proxy to the angular 5 project:
I had to proxy my requests to my web api server and than the requests to the web api and the web api are is the same domain.
how to add a proxy to the angular 5 project:
angular-cli server - how to proxy API requests to another server?
if you are talking about the dot net back-end session then no, you should not be trying to use that. The reason is simple, an api is stateless, each request is separate and needs to have all the data required to complete it.
On the client side however, you can use something that allows you to store stuff for later use, the local storage is a good candidate for that.
Also, in angular, you can share data using singleton services : https://angular.io/guide/singleton-services
These are services which are only create once, you can store data in them, inject them in whatever component needs that and they really become a way to share data. If you happen to hard reload your application, all that data will be lost so in such scenarios local storage can help.
I suspect you will end up with a combination of singleton services and local storage, but do stay away from trying to use session in a stateless api.
I'm new to web services. i'm developing a project that includes a website for introducing information (backoffice), and that information will be send to mobile devices.
My Question is, is better to create a website that connects to the database to insert and update information and then create a webservice only for the mobile devices to get that information, or create a webservice that does all the work?(website and mobile devices connected to webservices).
Thank you
There are many solutions and which you choose depends on how your application will be used.
In any case it is always good to have reusable code, and having single service tending to both web and mobile applications would be good.
If your application is write intensive, data which is passed between user and the website is critical and data integrity must be preserved, then you should go for a single service which runs in the background, takes care of integrity and provides data retrieval and modification methods to clients (web/mobile/desktop applications).
If your application is read intensive, will be mass deployed, with tens or hundreds of thousands of clients, then you should go for each web application which connects directly to database. In this case you need to sacrifice data consistency, because writes made on one node of the web application will not be instantly visible on others. Using this method, when you need to scale out you can add replicated database nodes, and new web application nodes that connect to them.
If you have a client application running on a mobile device, you want a web service. I recommend a RESTful one using JSON. If you want to access this functionality from a computer browser, you'll want a website - which could be accessed from a browser on a mobile device.
The trade-off is accessibility vs. quality of the client application. A website may work great from a computer browser, but may not be well-suited for mobile access. The website would be a single solution though. If you use a web service, you need a mobile application to consume it (presumably for multiple platforms), plus either a desktop application to consume that web service or a website to run in a browser...
In my opinion. You should go with Services Based Architecture. You can use WCF /Asp.net Webapi on MS Stack. Using Services either SOAP Based or REST gives you more Flexibility and a degree of scalability for the consumers to consume your service.
Hope this helps.
So I'm making a app for a bank, but it doesnt manage very important data. I have two problems, it will run over a VERY large LAN network protected by all kinds of security(antivirus and firewalls) and the bandwidth in certain regions is as low as 56kbps.(Its a desktop app with a web server backend connected by web services)
From the security point of view all I want is to prevent someone from executing the web services from some other source or app results in change in the database . I'm thinking of each desktop app installed with a install code, this will be hashed and required as a parameter for every function call and will act as an authentication ticket? Is this good enough? Are they better SIMPLER means?
For performance, how do I measure or know if the web service will send and receive data at a decent rate?
Thanks
Gideon
Assuming you are on a windows domain. You could configure the server to use windows authentication and restrict the users which can access the web service.
For performance measuring - asp.net will show you a sample request and response if you hit the web service from a browser, you can work out the site of a message and use the bandwidth to calculate how long it should take. You could also call the web service and use the stopwatch class to measure the time it takes.
I would prefer assigning usernames and passwords. Either way, the user can disclose their code to someone else. And either the user or a recipient can access the app using other programs (there's no way to prevent someone extracting an install code). But if you assign usernames, they are more likely to take personal responsibility for what happens using the authorization.
Is it possible to embed an external application inside the browser (IE, Chrome, Safari, Firefox) so it will look like a native web application but actually having access to the USB ports of the client machine? I have heard that I need to make an ActiveX control. I would like to use the .Net framework, but if that is not possible, maybe using Java or C++ will be fine.
I have to make an application that will allow to the users to connect an external device to an USB port, this device will take a backup of the information contained in a SIM card and send it to the user's account online agenda. So the user can restore it later using the same application. This should be a web application or at least look like one.
If the first is not possible. Is there any way to launch an external application from all the browsers, and then pass information to the browser window to allow it to refresh after the backup has been made?
Thanks for your help in advance.
First off this seems to be a big security issue and hence this is the reason why you might be finding it tricky.
What I would do is look at it from a different angle; what am I trying to achieve? How is the user going to use the data? Where is the user going to use the data?
From you question I have answered those questions with the following; I hope I've not miss interpretted anything.
I want to copy the data from an external sim card to a central location
I want the user to see this data from the central location; preferablly from a web application.
The user is going to see and use the data from the web app
Assuming all of these things are true; one design option is the following:
1 - Have a client based application which can read stuff from the usb device
2 - Have a secure webservice which the client based application can upload the data too
3 - Have a web application which can view this data and see refreshes
Let me go into bit more detail for each step.
1 - If you write a small client application it is installed or at least runs on the client computer. Due to this it can access the local client resources such as usb and interface with them. This will mean they can read the sim data throuogh this app, buut also potentially save it locally as well as upload the data. To access the web service they would enter their username/password so you could authenticate them for the upload.
2 - This web service would do the authentication from the client application, but also receive the data submitted from the client app. Acessing web services from .net now a days is really straight forward. Using this web service the client application could also do some checking to make sure the data has been updated and it could handle re-tries if the network dropped etc.
3 - The web front end of the system would interface to the same data source. This site would take the username / password to authenticate them on the site, but also let them see the uploaded data. As for the refreshes; if the user is logged in and looking at the data you could have a javascript timer polling an action/service to see when new records have been added etc. This could then display a message through jQuery or similar to notifiy the user. This could be similar to the notifications which StackOverflow gives when you visit for the first time or get a new badge etc.
Hope this helps :-)