It appears that Onvif authentication is a bit of a minefield!
I read that SOAP WS-security was deliberately not included in Microsoft Web Services so people have to code it up...
Not sure if this applies to HTTP digest as well?
Before I begin to port one of the c# code examples of the authentication over to my vb.net application, has anyone already done this?
Have there been any updated services, dlls etc that include WS-security?
I have yet to find any vb.net examples of working with ONVIF, but maybe I haven't searched hard enough yet!
Related
I've been working lately on my own WCF AtomPub service (based on the example in the "WCF REST Starter Kit") for using WLW with my custom written blog. All basic actions such as adding, updating, retrieving and deleting an entry are working "fine".
Although, right now I'm a little stuck when trying to implement the authentication. I can't seem to understand how WLW manages the authentication with AtomPub services.
I've tried to implement it on my side by checking the Authorization header. If not present sending the Unauthorized header etc... but their fails WLW on me.
I also checked all headers send by WLW (for exemple when adding an entry) but I can't seem to find anything related to authentication.
I must say that the WCF service currently is hosted in the same site as my website. And the IIS authentication is set to Unauthorized and Forms. All others are disabled.
Can anyone help me into the right direction? Some interesting websites for example explaining this? (something I have missed in my searches on the web).
Thanks
I had to write an atompub service for the Live Writer about an year ago. These blog posts helped me a lot at that time: http://jcheng.wordpress.com/2007/10/15/how-wlw-speaks-atompub-introduction/. For your case you may look at part 2. In short - "Use Basic, Digest, or X-WSSE over HTTP or HTTPS". I used the basic authentication and had to use this library MADAM http://msdn.microsoft.com/en-us/library/aa479391.aspx to get forms and basic authentication work together. I hope this helps.
I tried using JIRA's REST API but the function that I needed wasn't there and found it at JIRA's SOAP API. A newbie like me wants to know if you can use JIRA's SOAP API in a VB.NET desktop application? Thanks!
Absolutely. The point of a SOAP service is to allow access to the data and functionality of application from another application regardless of the language it is written in. All you need is something in your program that understands how to talk to and work with a SOAP service.
I have no doubt that a VB.NET application can talk to a SOAP service without issue, but I am not a .NET programmer so I can not provide any specific guidance on how to do it.
What you will want to search for is "Consuming SOAP services with VB.NET". I did that myself and came up with some god looking tutorials.
http://www.codeproject.com/KB/vb/vbwebservice.aspx
http://www.vbdotnetheaven.com/Uploadfile/SrinivasSampath/WebServiceusingSOAPToolkit11242005002126AM/WebServiceusingSOAPToolkit.aspx
http://visualbasic.about.com/od/learnvbnet/a/LVBE_L6_3.htm
Like I said, I think everything you need will be built into the .NET framework. I don't think you will need to download anything additional or include extra libraries.
Classic Asp (as I understand it) is not really “encouraged” by Microsoft (e.g. there is no classic ASP project in VS) and essentially is a collection of asp pages that contain HTML and some kind of scripting. There’s no .config file as such.
That being the case., can classic ASP sites be integrated into WIF?
How do you “force” the application to authenticate using a STS? (There’s no .config file for FedUtil to change).
How do you approach the problem of a large customer that still has a lot of legacy classic ASP sites and wants to move to federated authentication using a STS?
P.S. There is a reference on the Internet i.e. “In IIS7 you select the URLAuthorisation Module and untick the use for managed code only setting. I have used this to protect static files and a cgi exe, so I assume it will also protect .asp files too”.
I’m still confused as to where the STS comes into this solution? How does IIS 7 know where the STS is?
The issue here is that as you are using ASP, IIS doesn't run in pipeline mode. Therefore, it won't execute the HTTPModules required by ADFS. (Or any .NET httpmodules...)
In your case, I have two idea (both aren't pleasant, I am afraid)
You could implement the WIF protocol in ASP. It's documented. Well, you certainly could do it, but beware of errors in your implementation, which could damage the security of your application. The bright side is that you will be able to leverage all the WIF goodies in your apps.
You could attempt to host CGI/ ASP in an IIS HttpModule, in pipeline mode. Perfs would probably decrease, and you would need to send to CGI all the required request infos (and server parameters). It was the idea of this guy. I don't know if he succeded.
The first proposition is probably the good one. Hem. Good luck, WIF isn't a trivial piece of code. (Even if understanding the protocol is not very difficult. As always, hell lies in the details)
I was tasked with implementing either a SAML authentication service, or a EWS (Entitlement Web Service Authentication) service, and I was wondering if anyone has any samples or documentation on such options. I am almost 100% sure that SAML is out of the question due to the time frame of the project.
EWS has been difficult to find online, I can't seem to find any good samples or documentation on implementing such service.
You have not stated which platform you are using, but there are open source SAML implementations that you can use. In php there is SimpleSAMLphp and for java there's Shibboleth.
I'm rather new to the WCF/IIS/MS web stack corner of the world so I'm hoping for some help evaluating my design.
What I need is a system that presents a number of resources as URIs. Each resource is a WCF web service providing a number of read and write operations. I need to provide username/password security for different resources.
How I'm hoping to make this work is to have IIS handle the security using the normal devices it uses for everything else. Then uses URL rewriting to remap everything to a single web service that will provide the correct resource based on the rewritten query string.
Will this work?
Am I missing something?
Is there a better way to do this?
If you happen to known of a really good tutorial for the bits and peaces (like what file does the security settings go in?) I would appreciate links?
For now there will be only a handful (2 to 20) users so static config files would be preferred for that as along as it won't cause problems later.
As I said, I hardly known jack in this domain so I don't really known what I don't known.
A few links I have found (don't even known yet if I'm looking in the right direction)
Fundamentals of WCF Security (assumes a bit more familiarity than I have)
Improving Web Security: Scenarios and Implementation Guidance for WCF (really long, book length)
Yes this sounds sane. For authentication you want to use ASP.NET membership module it provides a generic security API which can use intergrated (windows user), web form login, even LiveID or some custom authentication. In my experience MSDN has proven a good resource, here's a hands on article.
For web http binding WCF provides Uri rewriting out of the box using WebGet attribute.
for SOAP, the end point URL is the same, so I assume you want RESTful endpoint. If so, you need Basic auth over https not WS-Security.