|
Well, it is not necessaryly a bad practice. For instance if you are familar with serialization. It is pretty easy to serialize an object (class) and pass that in as a parameter. If you happen to have lots of parameters to pass that would be a good idea. If you know your web method depends on an object being passed back and forth it makes your custom web service pretty custom. Could someone figure out the class you are passing back and forth, maybe, but it might be more work then it is worth. Sometimes that is what you have to do. Make it more work then someone is willing to go through. If you didn't want to pass a serialized class as the parameter you can easily pass a dataset. So you could have one table with one row and the row would have the columns that would match to the parameters for that webmethod call. A little less work, but a little easier for you if you are not as familar with serialization.
Hope that helps.
Ben
|
|
|
|
|
I have a update panel on my page.
There is a asp:button in my panel.
On the click of that button, I want to register a StartupScript for the page. So as when the page renders again, that script gets executed.
But I am not able to execute the startupscript on partial page rendering.
the same works fine if the button is out of update panel.
I think this is because, during partial page rendering Load of body is not being called. and so, the script is not getting executed.
Please suggest the way to register such startupscript for the AJAX enabled page.
Thank you,
|
|
|
|
|
Hi All,
I have developed an FTP client. When I try to download some of the files I get the error "dst_dataconn ended unexpectedly" with error code 550. Does any one know why this error pops.
Sri
|
|
|
|
|
That is the access denied error code. You may have a problem...
Brad
Australian
- Me on "Public interest"
If you actually read this let me know.
|
|
|
|
|
Thank you.
I was able to solve that problem. My socket was time based(timeout) and not databased. I had to make some correction in the code so that it recevies the data till the last byte.
Sri
|
|
|
|
|
Hi.
I have a webservice - and I want to make sure that only MY application is using it.
Is this possible, in a secure way?
Thanks,
Cormac
|
|
|
|
|
It helps if your webservice isn't exposed at all. That means get rid of all disco file on your web server.
In your web.config you can add this code:
<webServices>
<protocols>
<remove name="HttpPost" />
<remove name="HttpGet" />
</protocols>
</webServices>
That causes your webservice to only allow soap protocols. This means if you access your asmx file you would see links you can click.
Finally, you could have your application pass some sort of key into each request. Of course, if you don't use ssl the data could always be read. I think if you webservice isn't exposed through disco files and it rejects http protocol you probably have 90%. To go the whole way you would have to have ssl and some sort of key.
Hope that helps.
Ben
|
|
|
|
|
That's a good idea, I never thought of removing the WSDL!
I am already using a username/password type of authentication, which I made myself, and it will be operating over SSL also.
But, I am worried that there is a possiblity of my users creating their OWN application, and utilising the web service (with their own credentials), which would not implement the logic based in my client application, and therefore wreak havoc.
"To go the whole way you would have to have ssl and some sort of key."
Even then, hard coding a key into a .NET app is really dodgy - too easy to decompile.
Maybe I'm being too cautious?
Regards,
Cormac Redmond
|
|
|
|
|
When I am talking about a key I am talking about using a private key for signing. If you are already planning on using a username and password along with ssl I think all you need to do is remove the ability of non users to see your webservice.
Ben
|
|
|
|
|
Yes, but there is still the risk of a registered user creating their own application.
|
|
|
|
|
If you are really that concerned about this, you could pass a custom xml structure. That way if the correct xml structure is not passed in the webmethod won't work. This adds a level of complexity that you may not want to deal with.
Ben
|
|
|
|
|
What would that do that a tech-savy user couldn't?
|
|
|
|
|
Well, if normally you just have web methods where you pass in things like username, password, orderitem, quantity etc. That is pretty ovious. If you have one parameter called param1 which has to be xml that contains all the parameters for that method. That would be a bit harder to figure out from anything you could get from disco file or anything else.
Ben
|
|
|
|
|
I'm confused. Doesn't SOAP just wrap itself in HTTP? If POST and GET are blocked, how is SOAP not? What is the difference in the headers?
P.s., I just tried it, and it blocked my SOAP requests (which I expected). Can you explain what you meant?
Thanks,
Cormac
-- modified at 22:58 Monday 30th April, 2007
|
|
|
|
|
YOu can try this instead:
To leave WSDL file generation on for Web services within a Web application, but not provide any human readable information regarding the Web services, you can add an <wsdlHelpGenerator> element to the Web.config file for the Web application and set the href attribute to a blank HTML page you have created. The following code example is an excerpt of a Web.config file that sets the service help page to a MyBlank.htm file in the docs folder beneath the folder containing the Web.config file.
<webServices>
<wsdlHelpGenerator href="docs/MyBlank.htm"/>
</webServices>
Ben
|
|
|
|
|
Make it a class?
Brad
Australian
- Me on "Public interest"
If you actually read this let me know.
|
|
|
|
|
|
I think he is saying that you could embed functionality of webservice into application itself, since it is service's only consumer anyway.
"Throughout human history, we have been dependent on machines to survive. Fate, it seems, is not without a sense of irony. " - Morpheus
"Real men use mspaint for writing code and notepad for designing graphics." - Anna-Jayne Metcalfe
|
|
|
|
|
No, the web server is talking to database.
|
|
|
|
|
Hi. I'm a complete noob in this area.
I'm working on a website that I want to view on a Pocket PC. I don't own a Pocket PC, so I thought I would use the emulator in Visual Studio 2005. When I run the emulator and bring up IE, I'm told that I do not have a connection. I'm on a local network at work that has internet access. How do I setup the emulator to give it access to browse the web?
Thanks!
Ian
|
|
|
|
|
Hi Guys,
Do you have any idea if where can I download a richtext server control for asp.net? Because, in AJAX when using a simple textbox it produce an error if that value contains <em>, <h>, <p>, etc.
Or do you have some ideas on how to save the formatted paragraph from a simple textbox into the msssql2000 database?
Thanks in advance Guys
hifiger2004
|
|
|
|
|
It depends if you want to pay for this or not. Here is an article that shows how to create your own (assuming you have the time)
http://aspalliance.com/1092_Rich_Text_Editor_Part_I
|
|
|
|
|
Hi toticow,
I will try this one. But where am I going to stored the hamHtmlEditor.ascx? Under what directory of ASP.Net framework? Does it appear on my Visual Web Developer Toolbox?
hifiger2004
|
|
|
|
|
Hi, well this is a user control, so you would add it to your existing solution - perhaps a subfolder in your application called UserControls.
As you are asking a question like this, I must assume you are fairly new to asp.net - perhaps reading this will help you:
|
|
|
|
|
Hi toticow,
I already solved my problem regarding the html tag. At the very top of my aspx I added the validaterequest="false" inside the directives, and it is working fine now.
Thanks for the support
hifiger2004
|
|
|
|