I am working with Apigee edge lately and am having trouble with a specific implementation. Essentially, the client will request an oauth token from their API through apigee. However, to make calls to our proxy they need an oauth token from us as well. So far my flow goes like this.
Client calls token endpoint on apigees side, a service callout is made to get a token from one of our other proxies (returned as a json object). Then the request passes through and gets the token from the clients API.
Here is where I am having trouble. After the response from the clients API, I want to use the assign message policy to modify the response to include the first token that was grabbed from our other proxy. The problem is the variable seems to be falling out of scope between request/response.
Am I missing something obvious here? I have looked into the PopulateCache policy, but I feel like this may be overkill as I only want the variable to remain in scope for the request/response. Thanks for any clarity you guys can provide! Sorry if my explanation is not very good, I am VERY new to Apigee Edge.
You aren't missing anything obvious. Variables should not fall out of scope between request and response flows. You are right that PopulateCache isn't necessary.
One item that catches people sometimes is how you access the response from the service callout. If you configure the service callout response to be stored in a variable called calloutResponse, then when you access the body to extract information, you'd use calloutResponse.content as the source. If you try to access calloutResponse instead, you might think that the variable had disappeared.
Add more details/trace if that is not the problem, and we can figure out what is going wrong.
Related
I am trying to implement OAuth in a web service such as:
http://www.codeproject.com/Tips/372422/Secure-WCF-RESTful-service-using-OAUTH
Each time, when the Authenticate method is fire, WebOperationContext.Current.IncomingRequest exists, but UriTemplateMatch is null. This is even the case when using the WCF Test Client, so my client app isn't the problem. Ultimately, I need to access the QueryParameters under UriTemplateMatch.
In the Authenticate method, this is where the code breaks:
NameValueCollection pa = context.UriTemplateMatch.QueryParameters;
Looking for a different solution than this so everything is processed in one request:
https://stackoverflow.com/questions/7344478/using-the-wcf-http-web-api-uritemplatematch-is-always-null
Also, just as much as a solution, I am looking for a reason why the UriTemplateMatch would be null only in the case of a WCF Service. There are hundreds of articles on the presence of this problem, but I haven't found a good solution and/or explanation. I think I may be missing something in my web.config.
It seems that this solution is expecting incoming calls like :
http://localhost:49262/TestProject/Service.svc/user/123?oauth_consumer_key=key&oauth_nonce=10a33ed37b549301644b23b93fc1f1c5&oauth_signature=cUobFDxVB5wjPe9X2XICJ6awmnE%3D&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1289976718&oauth_version=1.0
There are two ways to attach oauth parameters, one is through headers, another is through query string, both are valid, so I choose to attach oauth parameters in query string. There is not any problem to retrieve them from IncomingWebRequestContext.Headers if those oauth parameters are in headers
This solution is not from me. Check this link.
I am using Customvalidator class inheriting the UserNamepasswordvalidator
The problem is Its getting called on every request. I want to bypass it once the user is authenticated
any help would be appreciated
There's no way to skip the validator, custom, UserName/Password or certificate based. It's actually called before the request hits your main function, so there's no way to step around it using a session or variable.
And that's really the point of separating authentication from the message processing ... it allows you to reject bogus requests at the earliest stage of the request/response process so your program's not wasting cycles fighting off zombie attacks and the like.
You can, of course, apply no authentication up front in your message processing and authenticate when the request arrives (not before as in the prior model). At that point you can create a session programmatically and go on from there ... but you'll be processing every message that comes through.
I'll add this, however. If think that if you use something like NetTCPBinding, or NetNamedPipesBinding, you can create a persistant session between the client and host, thus authenticating only once.
Can anyone point me in the right direction with this issue? We have a WCF central router and we want to manipulate the responses passing through the router based on some xpath criteria. Basically we want to remove a lot of the details from some error requests and sub some extra details in. Ideally we would also like to log the error.
I know it is generally better practice to update the web services to do this but in our case this is not possible and needs to be performed on the router if at all possible.
Also it would be great if we could log each request and response but that is likely a different solution to the manipulation of the responses.
Not sure if you have solved this but...
You should be able to use WCF Behaviours to do what you need.
Have a logging behaviour to log the requests and responses and another one to log errors/manipulate responses
We use behaviours to log to app fabric, and we have one (nasty) behaviour which catches all exceptions and returns a valid response with an error message. I personally don't like this 'feature' but you can basically do anything to your requests/responses with behaviours
I'm developing a WCF SOAP web service based on this schema.
Basically it takes product orders from many clients.
As part of the submit operation the client is allowed to provide a URL where it expects asynchronous status updates on the order and it's line items.
I want to know if anyone has experience with a similar architecture? How did you go about implementing this?
Can i use a dynamic web reference as stated here? I would think this won't work very well in this situation. I'm pretty sure i'll need Chuck Norris to handle all the exceptions that get throw at the presence of any client service that is not identical or slightly different... even if it does pass schema validation.
The best thing i can think of is building the status object, serializing it into the SubmitResponse request soap message xml then sending it off using curl. something like:
curl -d "<my soap message xml>" "http://www.example.com/target"
Any ideas?
Question FOCUS
The problem i'm trying to solve is how to submit status responses to web service urls dynamically without having any prior knowledge of them.
I am newbie to WCF rest. I have two operation contracts, a POST and GET Method.
In my client, i use HttpWebRequest and try to access the operation contract.
Whenever i access the POST method operation contract i get a timeout error.
But when i try accessing the POST method after a successful GET method, everything works fine.
Is it necessary, that i should use GET method call subsequent to a POST method call?
What wrong am i doing here?
Doing a GET before a POST is not necessary. Your error might not actually be a POST timeout but rather bad data going to the server and the server failing on deserialization.
Is it possible that the GET is setting up some data on the client that travels back to the server? If this is the case then, is it possible for that data that the GET sets to be the data that when unset, makes the POST fail on the server?
The best way to find out is to set tracing on your server. Look here for good examples of WCF tracing.
UPDATE: Another possibility is that your GET code is initializing something on the server side that your POST call is missing. Perhaps a DB connection?