I would prefer to avoid getting into a debate about whether HTTP verbs PUT and DELETE are appropriate or obsolete and focus on the question of actually making Silverlight work when "forced" to use these verbs.
I am trying to create a Silverlight 4 client application that calls an existing REST web service that has operations for the PUT and DELETE verbs. This service is not going to change.
I've added the following statement into constructor in my App.xaml.cs:
WebRequest.RegisterPrefix("http://", WebRequestCreator.ClientHttp);
The service has a clientaccesspolicy.xml file that contains:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
I am using the WebClient class to handle GET and POST requests. When I attempt to do the same with PUT or DELETE for the verb/method, I get an ambiguous "security error" which led me to adding the statement above.
I've seen various posts and blog articles talking about using HttpWebRequest to get around this but have not found one that actually SHOWS HOW to make these (asynchronous) calls from a Silverlight client.
If there is something wrong with the code above, please let me know. Otherwise, if you can show me or point me to an example demonstrating how these requests can be implemented, I'd greatly appreciate the help.
In your clientaccesspolicy.xml file, you must allow the PUT and DELETE HTTP verbs.
I usually allow all HTTP verbs, which would look like this given your original configuration:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" http-methods="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Notice the added http-methods attribute on the allow-from element.
I've solved my problem but am still not 100% sure why it is fixed.
At the suggestion of a co-worker, I enabled running the application out-of-browser and checked the setting to require elevated trust when running outside the browser. The app ran fine. I disable running out-of-browser and the app still runs fine!
As the setting says, it requires elevated trust WHEN RUNNING OUTSIDE THE BROWSER. So, if this was the problem, then I'm not sure having it checked should be fixing my problem when running IN the browser. But it does...
Add
HttpWebRequest.RegisterPrefix("http://",WebRequestCreator.ClientHttp);
HttpWebRequest.RegisterPrefix("https://", WebRequestCreator.ClientHttp);
https://mattduffield.wordpress.com/2011/12/11/silverlight-specified-method-is-not-supported-on-this-request/
Related
I have trouble with the HTTPS setup in Mule. I have tried both at work and at home with fresh Anypoint Installs. I have checked every StackOverflow posts every tutorial every blogposts but nothing is doing it. I have also tried EE and CE runtimes. I am using the lastest edition of Mule and also tried doing the HTTPS inbound endpoint but with the same result. This is a major part in my project and have just lost a day trying to figure this out and it's driving me crazy...
I am trying to use the self signed certificate at first but ultimately I would like to use an SSL certificate we purchased.
I put the JRE in the anypoint directory and also tried from Program Files JRE.
This is my first time doing SSL stuff so maybe I'm missing something but here goes :
I first go into my Jre bin directory using CMD in Admin mode.
I run this command as described in the HTTPS Transport Reference documentation:
keytool -genkey -alias mule -keyalg RSA -keystore keystore.jks
I enter all the informations correctly and keep both passwords the same to simplify everything. The password is changeit.
I have also tried instead of FirstName LastName to enter the IP of my server I'm running my Anypoint on.
After having the keystore.jks, I copy it in my src/main/resources folder.
Here is my simplified flow in Mule. Normally I would then call a SOAP webservice or a REST webservice but I am trying to keep this the simplest possible :
<?xml version="1.0" encoding="UTF-8"?>
<mule xmlns:tls="http://www.mulesoft.org/schema/mule/tls" xmlns:http="http://www.mulesoft.org/schema/mule/http" xmlns="http://www.mulesoft.org/schema/mule/core" xmlns:doc="http://www.mulesoft.org/schema/mule/documentation"
xmlns:spring="http://www.springframework.org/schema/beans" version="EE-3.6.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-current.xsd
http://www.mulesoft.org/schema/mule/core http://www.mulesoft.org/schema/mule/core/current/mule.xsd
http://www.mulesoft.org/schema/mule/http http://www.mulesoft.org/schema/mule/http/current/mule-http.xsd
http://www.mulesoft.org/schema/mule/tls http://www.mulesoft.org/schema/mule/tls/current/mule-tls.xsd">
<http:listener-config name="HTTP_Listener_Configuration" protocol="HTTPS" host="localhost" port="8080" doc:name="HTTP Listener Configuration">
<tls:context>
<tls:key-store path="keystore.jks" password="changeit" keyPassword="changeit"/>
</tls:context>
</http:listener-config>
<flow name="omgHttpsPlzWorkFlow">
<http:listener config-ref="HTTP_Listener_Configuration" path="/" doc:name="HTTP"/>
<set-payload value="#['Hello']" doc:name="Set Payload"/>
</flow>
</mule>
I then use DHC or Postman (Google Chrome Extensions) or the browser directly to call my listener https://localhost:8080/
I always get 500 or no response. In Chrome I get
Your connection is not private
Attackers might be trying to steal your information from localhost (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
I tried adding loggers but nothing is showing up in the console.
I thought the problem could be with the ports or proxies at work but now I try from home with the same results.
I've tried putting port to 443 putting my ip as host. Adding truststores etc..Nothing is doing it. I think I am simply missing something very small and simple.
I hope someone can help me as this is the final step to my project and if it doesn't work I cannot deploy it as it contains sensible information that I want to be secured.
Thank you for your time
You are doing everything correctly. Just click on the link https://localhost:8080/ from your browser first so that you add the unsigned certificate to your local machine and everything will work fine. You can use Postman or DHC to access your service afterwards.
in Chrome click on Advanced -> Proceed to localhost (unsafe))
in Firefox click on I understand the risks -> Add Exception...
I want to run the svcutil.exe tool to access a web service on the internet. Unfortunately, whenever I try, I get a bunch of errors that include the following message:
The request failed with HTTP status 407: Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy filter is denied.
As I have learned from this related post (with more details here), the problem is that I am sitting behind an authenticating proxy. That post explains that I need to edit the app.config file, but I can't figure out how to do that. I think I will use the /svcutilConfig:alternate_app.config switch, but I don't know how to construct a valid .config file to pass to that switch. What is the default app.config file that svcutil.exe uses?
Well, I think I have figured out the answer to my question:
It turns out that the default .config file used by svcutil.exe is called svcutil.exe.config, and (at least for me) it lives in this folder:
C:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\bin
I decided to just edit that file directly (rather than fumble around with the /svcutilConfig switch). I needed Admin privileges to do so.
The final contents of that file looked like this:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false" />
</runtime>
<system.net>
<defaultProxy useDefaultCredentials="true" />
</system.net>
</configuration>
(with the secret sauce buried in the <system.net> element.)
In order for this all to work, I had to start the Command Prompt as Administrator, navigate to the folder listed above, and run the svcutil.exe command from there.
Hope this helps some other poor soul who gets stuck in this mess! Thanks to #AndrewWebb for the clues that got me going!
I am new to CXF framework. Recently successfully created webservices using CXF and Spring Endpoint. I am using WSDL first approach. Can you please suggest how to use SSL(https) for web services. I have idea about truststore and keystore. I am using Apache Tomcat server.
below is my ApplicationContext.xml -->
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:cxf="http://cxf.apache.org/core"
xmlns:jaxws="http://cxf.apache.org/jaxws"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd
http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd"
default-autowire="byName">
<!-- Service endpoint -->
<jaxws:endpoint id="CalculatorWebService"
implementorClass="com.web.calculator.service.CalculatorContractImpl"
implementor="#CalculatorImpl"
address="/CalculatorWS">
</jaxws:endpoint>
<bean id="CalculatorImpl" class="com.web.calculator.service.CalculatorContractImpl"/>
I believe I need to make some configuration entries for truststore here and similarly some configuration for keystore in client side in some xml. Also I think I need some Passwordcallback class for using keystores.
Can you please help me with the configurations that has to be made to enable SSL.
Your help is truly appreciated...
Thanks...
Here is great tutorial how to set up everything you need with SSL in your CXF. Please refer to section Configuring SSL Support.
And do not forget to enable https in your tomcat. The full "how to do this" is provided here. I assume that you did not try anything yet. All you need to do just follow these steps because there is everything explained very clear.
Can I use NLog in a WCF Service? I am trying to but cannot get it to work.
First I set up a simple configuration in a Windows Forms application to check that I was setting up correctly and this wrote the log file fine (I am writing to a network location using name and not IP address).
I then did exactly the same thing in the WCF Service. It did not work.
To check permissions I then added some code to use a TextWriter.
TextWriter tw = new StreamWriter(fileName);
tw.WriteLine(DateTime.Now);
tw.Close();
This worked OK so I know I can write to the location.
Check that your NLog.config file is in the same directory as your .svc file and NOT the Bin directory.
If you've just added the config file to the WCF project, then published it you will probably find your config file has been copied to the bin directory which is why NLog can't find it. Move it to up a level then restart the website hosting the service (to make sure the change is picked up).
This had me stumped for a while this morning!
Put your NLog config in the web.config file. Like so:
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="nlog" type="NLog.Config.ConfigSectionHandler, NLog"/>
</configSections>
. . . (lots of web stuff)
<nlog>
<targets>
<target name="file" xsi:type="File" fileName="${basedir}/logs/nlog.log"/>
</targets>
<rules>
<logger name="*" minlevel="Trace" writeTo="file" />
</rules>
</nlog>
</configuration>
See my comment to your original question for how to turn on NLog's internal logging.
To turn on NLog's internal logging, modify the top of you NLog config to look like this:
<nlog xmlns="http://www.nlog-project.org/schemas/NLog.mono2.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
autoReload="true"
internalLogLevel="Trace"
internalLogFile="nlog_log.log"
>
The key parts are internalLogLevel and internalLogFile.
You can also set internalLogToConsole to true or false to direct the internal logging to the console.
There is another setting, throwExceptions, that tells NLog whether or not to throw exceptions. Ordinarily, this is set to false once logging is successfully configured and working. You can set it to true to help determine if your problem is due to an NLog error.
So, if you had all of those options enabled, the top of your NLog configuration might look like this:
<nlog xmlns="http://www.nlog-project.org/schemas/NLog.mono2.xsd"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
autoReload="true"
internalLogLevel="Trace"
internalLogFile="nlog_log.log"
internalLogToConsole="true"
throwExceptions="true"
>
My first guess is that NLog is not finding the config information. Are you using an external config file (NLog.config) or "inline" configuration (in your app.config or web.config)? In your project, is(are) your config file(s) marked (in Properties) as Copy Always?
I'm using a ClientAccessPolicy.xml file that I think allows pretty much all access to my WCF service:
<?xml version=""1.0"" encoding=""utf-8""?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers=""*"">
<domain uri=""*""/>
</allow-from>
<grant-to>
<resource path=""/"" include-subpaths=""true""/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>"
So far, I only want to allow my Silverlight application, and my website (MVC2 if that matters) to be able to access the service, but I don't know how I should modify my policy file to do that. I don't really know what type of access each of them needs. Can someone recommend a good resource on how to get caught up with that, as well as a suggestion as to what to specifically do with my clientaccesspolicy.xml file to make my service secure, but still available via BasicHttpBindings and WebHttpBindings?
Check out HTTP Communication and Security with Silverlight
I found it to be very helpful with these kinds of questions.