I need to implement SAML 2.0 for a WCF client that is talking to a java web service (Glassfish). I know very little about SAML, and after a bit of searching here (and elsewhere) I do not find much about how to implement with WCF. Since WCF abstracts you away from the SOAP layer how can I add SAML assertions to the SOAP header? Will a 3rd party tool like ComponentSpace work best? Or should I roll my own? Other advice?
You may need to use this SAML Toolkit for ASP.NET. The setup package includes several sample projects which help you to get started quickly.
Related
I'm working on segregating the authentication part of my ASP.net MVC4 application using DotNetOAuth 2.0, Which will means that one project will do only authentication and send out response,based on response it will have access to other application.
The Idea is to get any application or project added later on use one common authentication process.
First thing came to my mind was building a service, in the process a read a lot about Web API and think it can help to achieve what I'm looking for.
Please suggest if you guys have implemented something like this or whats's the best practice.
Should i go with API or service, any link or sample to direct is appreciated
ASP.NET Web API is also a service - a RESTful service. The choice of using a "Service" although is good your underlying authentication platform will define what you should be using.
WCF is much more than a web service where as a Web API is pure HTTP service.
If you expect all your "applications" to be web based then there is no reason why this cannot be a Web API.
This article might be something that should help you decide on your authentication model: http://www.asp.net/web-api/overview/security/external-authentication-services
I know, there are 1000x topics about WCF and security - seems to be a hot topic. I still want to get some up-to-date opinions about this.
I am creating a Webservice (free to use) where clients can register on my website, get a secure token, and can consume the webservice with this token. Consuming the webservice must be very simple independent from what language the client is using (PHP,Java,.NET).
Also I need to have one webservice-call exposed for use in Windows Phone 7.1, Android, iOS.
I've currently implemented the Service in WCF using wsHttpBinding and TransportWithMessageCredential security. Now I have already compatibilty issues trying to consume with WP7...
What, in your opinion would be the best Webservice/Security Framework for my needs?
* REST
* SOAP (With SoapHeaderAuthentication)
* etc...
Any feedback highly appreciated!
Thanks!
If it has to be consumed easily by different frameworks and devices, I would build a Rest service. Take a look at ASP.NET Web API.
You can use Web Api to return Json, which can be easily consumed by Windows Phone 7 apps, Java, php, whatever. You have the possibility to implement https and authentication.
Keep in mind that it's still in a Beta stage and that you'll have some issues accessing it cross domain, but it's a problem that can be overcome. I guess this will be made easy before it hits RTM.
Rest is easier with interoperability. If you do use soap then basicHttpBinding is much better than wsHttpBinding since the latter has some proprietary protocols.
What are the pros and cons of using each technology?
WCF Web Api is now merged into Asp.net
Asp.net web api now supports self hosting.
I still imagine if I want to expose multiple protocol schemas for the same operation I would still lean towards WCF or can Mvc end point do this too?
Also does the new Asp.Net web api expose Wsdl? If not how would the client figure out what operation is available to them?
Arguably the best feature of Mvc is the modelbinder. How robust is the WCF equivalent?
So can someone tell me what advantage does the Asp.net web api bring to the table? WCF seems overwhelmingly the more powerful/scalable choice, imo. About the only thing the Mvc Web Api has over the WCF model is probably ease of development, but that means squat if it ends up being a serious design limitation down the road.
First, I suggest you read my post on the subject:
http://blogs.microsoft.co.il/blogs/idof/archive/2012/03/05/wcf-or-asp-net-web-apis-my-two-cents-on-the-subject.aspx
Regarding your WSDL question - since the WebApi does not use SOAP, it does not require a WSDL, and does not export one. You can use Hypermedia to return resources with a list of possible activity URLs (think of it as a self-describing resource)
The choice depends on what we want to do.
ASP.NET Web API is a framework for building non-SOAP based services over HTTP only - so there aren't more transport protocols available using this framework.
WCF / Windows Communication Foundation is a framework for exchanging SOAP-based messages - here we use a lot of transport protocols: HTTP, TCP, Named pipes, MSMQ, etc...
I am not sure about which one has better performance regarding the amount of data, maybe WCF since we can use low protocols. Any comments are appreciated.
The WCF Web API primarily focuses on REST implementations. If you are setting up a REST implementation, the standard WCF bits are a bit of a pain in the rear. If you are setting up RESTful services, you will find the WCF Web API a much nicer experience. If you are setting up SOAP services, then the WCF Web API is not your best friend, and you are better off using WCF for your services.
Use WCF for intranet/B2B sites n Web API for B2C/C2C/internet sites...SOAP/XML is still the standard for intra-businesses communication n it's not going to go away!!!
I want to learn doing RESTful webservices. I have surfed the web some hours and think that I have a good overview over what RESTful services are and now want to build my first service-application. I have a good small project that seems perfectly suited for doing it with a RESTful webservice.
I have seen that WCF has the ability to build RESTful webservices. My question is, if it is reasonable and efficient to write RESTful webservices with WCF or if there are better suited alternatives for writing such services in the Microsoft programing environment.
(As additional information, I already have experience in using WCF, but more in using it in a RPC-way. But I don't think that this is important for my question anyway).
WCF supports RESTful services via the webHttpBinding. This works but doesn't give you alot of control for working with the HTTP protocol itself (although some things got better in 4.0)
The next version is going to have a lot more support for RESTful services. The team are being very open about the new Web API so if you are not about to put something into production then I'd start with the new API
WCF is perfectly valid and very capable of handling REST services - you won't go wrong with that!
And there are a couple of alternatives out there, too - check them out and see which one suits your needs best:
RestSharp
OpenRasta
RestDotNet (clients only)
and probably quite a few more....
We currently have a half a dozen of project which originally have been built using .NET Framework 1.1 and WSE 2.0. But Microsoft's support for WSE is lacking and the latest version of it (3.0) only targets .NET Framework 2.0. Our new projects will use .NET Framework 3.5 and instead of hacking our self a WSE-support, we are currently looking for alternative approaches.
Our current projects use WSE to digitally sign the SOAP-messages with a X.509 certificate. This is what we require also for our future projects.
It seems that going with the WCF-route seems to be the smart choice but is there any alternatives? WCF seems to support X.509 certifications but we are little worried of its support for other platforms than .NET. Our clients need to be able to use Java-based software to connect to out services. And they've stated that it should be as easy as it has been before (when we were using Web Services). So WCF must be configured to use HTTP and SOAP.
Given the requirements of X.509, cross-platform interoperability and ease of use (HTTP & SOAP), is Windows Communication Foundation the right solution?
Yes WCF is the solution - it is API for building Web services and it is interoperable if you don't use MS/.NET specific features. But you should be aware that sometimes there are some problems with porting WSE services to WCF. I recommend to build very simple service in WSE (like Hello World) and secure it with certificates in the same way as real services. Then create Jave client to consume the service. After that replace WSE service with WCF. It will be your proof of concept. In a case of problems you can easily share this solution here or on MSDN to get some help.