I have created an web service I need to publish this service. I need to host and authenticated users need to access my services using ASP.net 2.0
I'm not sure if you are asking for an alternative, but I've been experimenting with this code that seems to work well on codeproject.com (CP).
If your question is on security, perhaps this article on CP is a useful start.
Related
I have a small routine that programmatically builds an XML file that resides in memory based on a dataset that I send to the routine (it's called CreateAdXML()).
My buddy says I should turn it into a 'webservice', but I'm not quite sure what he means or how to do that. Can someone offer me some pointers? Is it relatively easy to take existing code for an asp.net site and turn it into a webservice?
There are many possibilities to create web services for an ASP.NET application. It all comes down to what you actually need:
If you need secure connections, advanced serialization, WSDL support etc...
Go for WCF (http://en.wikipedia.org/wiki/Windows_Communication_Foundation)
MSDN : http://msdn.microsoft.com/en-us/library/vstudio/ms735119(v=vs.90).aspx
If you only to expose a few methods:
Go for WebMethods (that's deprecated + quick and dirty in my opinion)
WebMethod tutorial: http://msdn.microsoft.com/en-us/library/byxd99hx(v=vs.90).aspx
If you need to expose data through a standardized interface, interoperable and bandwith-friendly service (that's called REST):
Go for Web APIs
Official page: http://www.asp.net/web-api
There also a lot of webservices frameworks available on codeplex, do some research to see if one suits your need better. A few well known are RestSharp and ServiceStack.
My advice:
From what you described, I would go with WebMethods for test purposes only. Once you know more about the client that will consume you web service, chose one of the apropriate framework.
If however you need to expose more methods, you should consider using Web APIs or WCF from the start, since these are much cleaner web service frameworks. It will also make you service stack MUCH easier to maintain.
It sounds to me more like you need to make it a utility method instead of a web service, as this will allow all of your web project to use this functionality, but not necessarily expose it beyond the boundaries of your application.
If you insist on making it a web service, then read A Beginner's Tutorial for Understanding Windows Communication Foundation (WCF).
It is fairly easy to create web services from ASP.NET code (VB.NET/C# etc..)
You can use the following link to help you understand more about ASP.NET Web Services.
http://msdn.microsoft.com/en-us/library/t745kdsh(v=vs.90).aspx
HOW TO: Write a Simple Web Service by Using Visual C# .NET
But all of the other answers are good too.
We are planning to receive a SAML assertion from another website into ours (ASP.NET). No one here has ever worked with SAML. We simply need to verify the signed assertion, decrypt the token containing a user id and if we can verify it, log them into our site (authenticate/authorize). We are using Forms Authentication for all other authentication. I would like to avoid installing WIF if possible because my understanding is we'd have to install the runtime on all the developers machines and servers. Our machines are locked down by policy such that it would be a lot of paper work to get it installed. Are there alternatives to WIF and are they realistic to use in an enterprise environment? If so, can someone point me in the right direction, a good tutorial, video, book or anything with examples would be helpful? I looked at some third party components but I'd have the same issue as with WIF on our servers (not to mention dealing with procurement).
Thanks
Is this internal or an external facing application? You may want to checkout PingOne.com Application Provider Services (APS) [Note: I work for Ping]. PingOne handles all the SAML protocol stuff for you and provides self-service capabilities, reporting, etc. No need to install WIF... just a few lines of .NET code (or whatever) to integrate with the RESTful service that PingOne provides.
HTH - Ian
I'm creating a web service (asmx) using asp.net mvc 3 and it has a few web methods that send and receive data. I want to encrypt this data as it goes in and out. Does anyone know of any references that might help me out? Or have a solution? I'm quite new to this, although I've done some reading I haven't found anything on the best way to protect information going in and out of the server.
I think the easiest thing to do is to make your web service endpoints secure using SSL certificate.
See this MSDN article for more info
Also, I would recommend using WCF as it will give you more configuration options (a lot more!) but is also widely used. See this article for more info about using SSL with WCF
First off, i'm fairly new to programming, I've built a few asmx web services but I am a little lost regarding how I should set up a WCF web service. I've tried to research this over the past couple days by reading through a lot of the documentation/articles/videos on MSDN but I'm still a confused.
Since my current web services are hosted on a separate box using IIS, from what I understand I need to create a WCF Library, then reference the Library in another WCF App and then host that app in IIS and reference the WCF App from my Front End? Seems like an extra step to me...? Not to mention a pain when developing on my local box.
Any advice or a point in the right direction would be very much appreciated. Thanks!
WCF gives you the option of sharing common assemblies (i.e. so both your service and clients can use the same domain model library), but it's not a necessary step.
You can host a WCF service through ASP.NET, same as ASMX. The "WCF Service Application" project template in Visual Studio configures it this way by default - as a WCF service hosted in IIS.
For the most common scenarios, it's really no different from ASMX. You create a WCF Service application, deploy it to a web server, and add service references in client applications. The importer will automatically generate classes for you, so you don't need to reference any assembly. No extra steps.
If you haven't already, you really should have a look through Microsoft's Tutorial. You'll find the steps very similar to those for setting up an ASMX-based architecture.
I've got a requirement that a ASP.NET web app use Shibboleth for the authentication. Has anyone done this before? Are there libraries out there to support the method calls? Or is this a Java only thing?
It's definitely not a Java-only thing, there's an Apache module available for download on the Shibboleth site.
I don't know if there's anything specific for .NET.
We implemented Shibboleth a while back and we originally tried to use the Java solutions - it was a nightmare. The java apps were badly-written, buggy and badly documented. It was hassle after hassle and we eventually decided to use the Apache module on a dedicated server and forward successfully authenticated users onto our Tomcat app.
The Apache module was a breeze to setup, configure and get working.
Don't know if you've already realised but the Shib documentation and website are incredibly hard to navigate - it's a fight to find any useful information. I did go and look for a .NET implementation on there but gave up!
If our Java experiences are anything to go by I would seriously suggest setting up an Apache server with the Shibboleth module installed and saving yourself a world of pain.
This is a good site for testing your Shibboleth install once you have it set up: http://www.testshib.org/testshib-two/index.jsp
If you do find a good .NET solution then I'd be very interested to hear about it. Good luck!
I know this is a really old question, but I thought I might be able to do a bit better expanding for those who are finding the answers from Google.
As recommended above, you really want to configure your web server to load a module. The hard part of shibboleth is the configuration file, but assuming some one else in your organization has utilized shibboleth you can use theirs as a template and its fairly easy.
For .NET based authentication, you'll need to configure Shibboleth in IIS. The default configuration for IIS creates a directory called /secure, and anything put under there will require shibboleth authentication (i.e. it will redirect to the identity provider). You can configure it to cover other directories or even do lazy authentication.
Once you have the authentication piece in place, you can check headers to "read" the information the identity provider is passing to you. IIS handles things a bit differently then Apache, but its still pretty easy. If you just want username you could use HTTP_REMOTEUSER although there could be better options; i.e. Ohio State University recommends using the eduPersonPrincipalName.
As MatthewMartin says Shibboleth is just a SAML server, Windows Identity Foundation supports SAML as explained in this blog post.