 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / December 2004Getting Web Service Properties
Is it possible within a web service to get its properties as a string. For instance public class wscommon <System.Web.Services.WebService(Namespace:="test")> _ <webmethod(EnableSession:=true, MessageName:="MyService", Description:="Example Service Description")> _ public function MyService() Dim serviceNamespace as string = ? Dim serviceMessageName as string = ? end function end class I am creating a db model that reflects my service architecture and I wish to tie it into my ACL db model as a further security level so I need to get the namespace and messagename. If I can I can simply hard code into each service when it does a call to check if the caller is allowed. I would prefer to reference the actual namespace and service method though. Cheers Keith Hi Keith, No, this isn't going to work. Remember, this is not a remote object (a la CORBA). It's an object facade placed over top of a message oriented communications protocol. The notion of the service as an instance, you need to start unlearning as a way of thinking. It's not an object (data and logic encapsulated together). Instead, think of each method as a stateless, autonomous operation that takes all of the data it needs as its input, and returns everthing the caller will need to know about the result of the operation as the return type. One thing you can do if you need to return more than one thing (which may be what you are asking here) from a single method is to declare a class - just a data class, and have that class be the return types. That class can have properties or fields (depending on your preference/requirements), and thus allow the service to create an instance of the compound data object, populate it's fields, and then return that fully populated instance as it's sole return type. Later calls to the same service typically would have no knowledge of prior requests - although you may use a mechanism such as a database or a data-bag passed back and forth, to simulate stateful server side objects. I hope this helps Dan Rogers Microsoft Corporation -------------------- >From: "Keith Chadwick" <webmaster-nospam@allianceevents.com> >Subject: Getting Web Service Properties [quoted text clipped - 9 lines] >NNTP-Posting-Host: ottawa-hs-64-26-156-220.s-ip.magma.ca 64.26.156.220 >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12 phx.gbl >Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet.webservices:27021 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices > [quoted text clipped - 22 lines] >Cheers >Keith Actually think you misunderstood. Since my application will be 100% web service based I want to be able to control who calls what with what method. So when a user requests to become a consumer of the web services I get some information from them, such as IP and this information is stored in my database. The dfd in the db for this is very simply Consumer to service_methods. This information is snapshoted into the consumers session as xml. When a request is made to my web servers I check with my userSession custom class and ask it if they user is allowed to called this web service from a) userHostaddress b) method POST/GET and delivery mechanism SOAP or no SOAP, etc. So my code looks like this in my web services: dim director as new aeDirector ' Guarentee sesssion for user if not director.user.checkSession(guid) then if not director.user.loginbyGuid(guid) then ... "get the hell out of dodge" end if end if ' check if user allowed to call this service if not director.user.checkWSCall("wsclassname","wsmethodname") then ... "get the hell out of dodge" end if .. now do what the web service is supposed to do as we have cleared our checking aeDirector is my custom class that manages session. User is a another class within director which provides me a interface into the xml data that is stored in session. Any way, the line 'checkWSCall("wsclassname","wsmethodname")' is what I am asking. Think of a form where I can use me.something. When you define a web method can you say something like me.MessageName which is the name of the web method you defined in the <webmethod> call. Its no big deal just wondering if that information is available, that is all. Your gonna tell me its in the WDSL arn't ya :-) Cheers Keith > Hi Keith, > [quoted text clipped - 72 lines] >>Cheers >>Keith Hi Keith, Ahhh. I see. An aside is this sure doesn't seem very secure to me, but if this is how you want to do it, that's yours to deal with. As for being able to see the methods name, you can get things like the soap action value, etc. You can also reflect on the class you are in to see a list of your methods etc... For instance, Me.Context.Current.Request.Headers lets you see the HTTP headers for the current request. Lots of really interesting things to discover in the base classes members. Have you thought about using web service security (WS-Security) for this kind of thing? Look at the security samples in the WSE 2.0 SP1 toolkit. These seem to be pretty similar to what you are trying to invent, and are already well tested to work across platform, etc. Hope this helps Dan -------------------- >From: "Keith Chadwick" <webmaster-nospam@allianceevents.com> >References: <eAw2n6V2EHA.3376@TK2MSFTNGP12.phx.gbl> <T#rQ8NY2EHA.3152@cpmsftngxa10.phx.gbl> >Subject: Re: Getting Web Service Properties >Date: Fri, 3 Dec 2004 17:38:27 -0500 [quoted text clipped - 8 lines] >NNTP-Posting-Host: ottawa-hs-64-26-156-220.s-ip.magma.ca 64.26.156.220 >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09 phx.gbl >Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet.webservices:27029 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices > [quoted text clipped - 89 lines] >>>NNTP-Posting-Host: ottawa-hs-64-26-156-220.s-ip.magma.ca 64.26.156.220 >>>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12 >> phx.gbl >>>Xref: cpmsftngxa10.phx.gbl [quoted text clipped - 28 lines] >>>Cheers >>>Keith Ahhh another SDK to digest for the weekend. Ok will have a look. Perhaps try and integrate them. Cheers Keith > Hi Keith, > [quoted text clipped - 181 lines] >>>>Cheers >>>>Keith You know it is somewhat gratifying to find a limitation and 'begin' a design to cover the limitation only to discover you folks thought it was a good idea to do as well :-) This is why developers who never ask never learn! Cheers and thanks Keith > Hi Keith, > [quoted text clipped - 181 lines] >>>>Cheers >>>>Keith Hmm, not very secure you say. The information that is returned from my web services all runs under SSL so does this not mean it is encrypted? Also to do a simply request like fetch a contact via HTTP Get would be something like this: fetchcontact?uid=C55CBD32-E664-4BC6-9D88-2E53AAA08562&clientkey=3AA3FBF0-2762-4B11-838D-6DDB799E251D&address=AQEAAAAAAGnzAQAAAAAA0CoAAAAA Where uid is the callers 'current' login key and clienkey is the private key of the client record in the db. The db design also must allow that uid key access to the client via the database relationships . This private key is routinely changed within the database as well. Is this not secure enough considering it is over SSL? I am sending data over the wire but never anything like credit card information even though that is stored in the database. Been reading the WSE and it seems to me that all of my messages would have start using soap if I wish to embed certificates and the like and I do not wish to do this. Cheers Keith > Hi Keith, > [quoted text clipped - 181 lines] >>>>Cheers >>>>Keith Hi Keith, As I said, it is ultimately your choice. You can get pretty far going in the direction you are, and if your only need is for wire privacy, then I cannot fault your approach. My concerns stem from experience - rolling your own security approach is almost never secure, and places you in the infrastructure business. Heck to convert over or get converts as/when you choose to open it up to broader # of consumers. Dan -------------------- >From: "Keith Chadwick" <webmaster-nospam@allianceevents.com> >References: <eAw2n6V2EHA.3376@TK2MSFTNGP12.phx.gbl> <T#rQ8NY2EHA.3152@cpmsftngxa10.phx.gbl> <uIfOjmY2EHA.1564@TK2MSFTNGP09.phx.gbl> <qj5elEZ2EHA.2732@cpmsftngxa10.phx.gbl> >Subject: Re: Getting Web Service Properties >Date: Sat, 4 Dec 2004 09:17:57 -0500 [quoted text clipped - 8 lines] >NNTP-Posting-Host: ottawa-hs-64-26-156-220.s-ip.magma.ca 64.26.156.220 >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12 .phx.gbl >Xref: cpmsftngxa10.phx.gbl microsoft.public.dotnet.framework.aspnet.webservices:27035 >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices > [quoted text clipped - 61 lines] >>>NNTP-Posting-Host: ottawa-hs-64-26-156-220.s-ip.magma.ca 64.26.156.220 >>>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09 >> phx.gbl >>>Xref: cpmsftngxa10.phx.gbl [quoted text clipped - 106 lines] >>>>>NNTP-Posting-Host: ottawa-hs-64-26-156-220.s-ip.magma.ca 64.26.156.220 >>>>>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12 >>>> phx.gbl >>>>>Xref: cpmsftngxa10.phx.gbl [quoted text clipped - 29 lines] >>>>>Cheers >>>>>Keith Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.