From the Ahoy repository's examples (see the README), in the basic example, they do use XML Comments to generate some metadata for Swagger to serve up. However, they only configure it if the app is in the Development configuration. See that specific setup here.
However, what if we want to keep the metadata generated by the XML comments for our production environment? Do you suggest deploying with XML Comments enabled - does it matter? What are you currently doing? Is there a better way?
I'm creating an API that will be consumed by other developers. I want the metadata I've placed in XML comments to be out there for those developers to see in production, not just the Swashbuckle-generated things from the ASP.NET Core annotations.
Related
Recently , we have been working on security and vulnerability of our application in dotnet core using coverity tool.
We are using Swagger / Swashbuckle in our API application where we are getting the security threat issue as Unrestricted document type definitions (XML_EXTERNAL_ENTITY) for the line below.
c.IncludeXmlComments(xmlPath);
Also the recommended is also mentioned , however I am unable to implement . Please suggest.
The recommended and strongest prevention against both external entity and entity expansion attacks is to disable DTD processing in the parser. Set the XML parser configuration to disable DTD processing.
First off, I need to mention that I'm not sure if what I'm trying to achieve is even supported by Piranha CMS (that's partly what I'm trying to determine here). They mention the ability to create a standalone content hub on their website, but my assumptions of what is possible with that model might be incorrect. What I've already done is created an ASP.NET MVC application that is hosting Piranha CMS and I've published it to Azure websites for testing purposes--that part works as expected. The content management interface is the only user facing piece here--it is meant only to serve as the content hub for the client application (just the one for now as this is just proof of concept work).
I am now trying to build a client ASP.NET MVC application that pulls content from the hub. This is where I'm thinking that my assumptions may have been wrong. I was thinking that I'd be able to install the Piranha CMS nuget package(s) on the client as well, and I'd be able to configure the framework to get content from the hub in the same way that it would if the content were hosted on the client site. I realize that I could get the content from the hub using Piranha's REST api, but what I want to do is to be able to use the more friendly entity model based api for this.
So my question is whether it is possible (within reason) to setup Piranha CMS in the way that I've described. If it is, how exactly do I configure the client such that it is aware of the location of the content hub?
There are currently no .net client api consuming the rest services as the simplest scenario would be to deploy .net applications together with the server. In the setups I've done native apps & html5 knockout/angular applications have used the rest api's for getting json data. You should however be able to white such a module, performing the HTTP calls and the deserializing the json without any problems.
Regards
HÃ¥kan
The functions for operating the restful api is quite same. Is there any project that can generate the source code for different platform such android,ios and backend stuff.
I suggest you to use API description languages such Swagger ou RAML.
After having described your RESTful application with a language like this, you will be able to generate things like server skelekons and client sdks with different technologies and languages. You can even generate documentations.
With Swagger, swagger-codegen will do that. swagger-ui may also interest you for the documentation part.
To finish, I would like to mention the Restlet studio that allows to define graphically and quickly the structure of RESTful applications and generate then the corresponding Swagger and RAML contents. The APISpark plaform provides a mecanism to introspect Restlet applications and generate the corresponding contents with these languages. It also allow you to generate a set of server skelekons and client sdks.
Hope it helps you.
I will suggest you to use Spring RESTful webservices starter kit. Which will manage your back-end with centralized database. Also Spring has its own android libs to communicate with REST Apis.
I created a web service within my MVC application. All contracts are using the same namespace. AssemblyInfo.cs also maps the ContractNameSpace with ClrNameSpace.
The generated WSDL does not define my contract types.
This is my second project with ServiceStack. However, the results are different.
Does contracts have to reside in a different assembly in order to ServiceStack to generate WSDL correctly?
The issue was fixed in the latest ServiceStack release: https://github.com/ServiceStack/ServiceStack/issues/306
Make sure you're not using a dodgy tool like WCFStorm. I was getting the same issue even with the current ServiceStack release. I switched to soapUI and everything works expected.
The Types in the WSDLs and XSDs are determined by the Request + Response DTO's used in your services, i.e. they need to be used by your services to be included.
Also be sure to read through the SOAP limitations to make sure there isn't anything you've missed.
If you still think it's an issue, submit an stand-alone project, via gist or pull-request that shows the issue.
Your question is identical to the issue I was having so I'll post my solution here:
I've downloaded the source code and done some investigation on my own. I'm not sure how recent this change is but it appears that in order for your DTO's and Response objects to be included in the wsdl you need to add a query string like "?includeAllTypes=true".
I'm also using the ServiceStack BasicAuthProvider setup which is causing AssignRoles and UnAssignRoles to be added to the Service automatically. The request and response objects for those calls are still failing to make it into the wsdl and causing "Add Service Reference" to fail. Fortunately we aren't making use of them so if I can find another configuration setting to remove them all should be working correctly.
I am currently using Glassfish to host a bunch of RESTful Web Services. Glassfish is very helpful and generates a wadl for me. The problem that I'm having is the wadl it generates puts all the resources in a random order.
Our wonderful QA folks (and us developers) use SoapUI to consume the wadl and manually call the web serivices for testing purposes. This process has become frustrating because it is hard to find the web service we want to call because it is not alphabetized. To make it worse every time we add or change a web service we have to re import the wadl into SoapUI which changes the order of the web services.
I have done a lot of digging and have not found a configuration file or property that will tell glassfish to order the wadl before publishing it. I also could not find a way to get SoapUI to reorder the web services to be in alphabetical order. The solution that I came up with is to use JAXB to convert the wadl to Java objects, reorder the Java objects, then convert it back to Java.
What all of this boils down to, is there a way to get Glassfish 3.1 to reorder the wadl to be in alphabetical order or get SoapUI to display the web services in alphabetical order?