31 Articles match "Restful"
See all articles with "Restful"

• Token based Authentication for WCF HTTP/REST Services: Authorization
  
  In the previous post I showed how token based authentication can be implemented for WCF HTTP based services. Authentication is the process of finding out who the user is – this includes anonymous users. Then it is up to the service to decide under which circumstances the client has access to the service as a whole or individual operations. This is called authorization. By default – my framework does not allow anonymous users and will deny access right in the service authorization manager. You can flip that switch in the configuration class that you can pass into the service host/factory.
  www.leastprivilege.com - Wednesday, November 16, 2011
  READ MORE
• Token based Authentication for WCF HTTP/REST Services: The Client
  
  If you wondered how a client would have to look like to work with the authentication framework, it is pretty straightfoward: Request a token. Put that token on the authorization header (along with a registered scheme) and make the service call. e.g.: var oauth2 = new OAuth2Client (_oauth2Address); var swt = oauth2.RequestAccessToken(. username" , "password" , _baseAddress.AbsoluteUri); var client = new HttpClient { BaseAddress = _baseAddress }; client.DefaultRequestHeaders.Authorization =. IdentityModel IdentityServer
  www.leastprivilege.com - Tuesday, November 15, 2011
  READ MORE
• Using Silverlight to Access WIF secured WCF Services
  
  You could add a simple REST or SOAP head that returns tokens. BasicSecurityProfile10 " > The rest works as normal. This topic comes up quite often recently – so I hope the title is search engine friendly. Disclaimer: At the time of this writing, the current version of Silverlight is v3 and WIF is in beta 2. Hopefully this will be a non-issue soon. talk a lot about claims, tokens and WIF/ADFS 2 to customers. All is good and fine and they like it. Another technology that comes up very often is Silverlight – and especially the “story” of Silverlight and WCF/WIF. Passive. Active.
  www.leastprivilege.com - Wednesday, October 28, 2009
  READ MORE
• Securing WCF Data Services using WIF
  
  That said, depending on your scenario you might have to be a little more creative for REST-style services. This questions comes up every once in a while. Since WCF Data Services is just a normal WCF service (using the web programming model), all the typical security APIs and extensibility points apply. Here’s a quick walkthrough: Enabling WIF in the Data Service. The easiest way to get WIF wired up is by writing a custom service host factory. For accepting and converting more advanced token types like SWT or SAML, you need to plugin your own token handling. public Expression.
  www.leastprivilege.com - Monday, February 15, 2010
  READ MORE
• ASP.NET WebAPI Security 3: Extensible Authentication Framework
  
  In the rest of the post I am outlining some of the bits and pieces, So you know what you are dealing with, in case you want to try the code. In my last post, I described the identity architecture of ASP.NET Web API. The short version was, that Web API (beta 1) does not really have an authentication system on its own, but inherits the client security context from its host. This is fine in many situations (e.g. AJAX style callbacks with an already established logon session). desktop clients / mobile). My design goals were: Easy to use. Extensible. At the very heart…. Both SAML 1.1 and 2.0
  www.leastprivilege.com - Tuesday, March 13, 2012
  READ MORE
• Replacing ASP.NET Forms Authentication with WIF Session Authentication (for the better)
  
  The rest of your application code should not be affected. ASP.NET Forms Authentication and WIF Session Authentication (which has *nothing* to do with ASP.NET sessions) are very similar. Both inspect incoming requests for a special cookie that contains identity information, if that cookie is present it gets validated and if that is successful, the identity information is made available to the application via HttpContext.User/Thread.CurrentPrincipal. The main difference between the two is the identity to cookie serialization engine that sits below. But that’s easy to add ;). IdentityMode
  www.leastprivilege.com - Thursday, February 9, 2012
  READ MORE
• Using Silverlight to Access WIF secured WCF Services (Part 2)
  
  In my old post I had to use a custom REST endpoint in StarterSTS to request a bearer token. This was one of my most popular blog post in the recent time (please read it first to get the necessary background information). thought I give this another shot with the new SL/WIF integration. There are other ways to accomplish the below things, e.g. using the SL application service or passive identity providers. am focusing here purely on the SL initiated active STS/RP communication scenario and the raw APIs. Requesting Tokens from within Silverlight. var client = new WSTrustClient (.
  www.leastprivilege.com - Sunday, March 21, 2010
  READ MORE

193 Articles match "Restful"
See all articles with "Restful"

• The Best from DevelopMentor

  MORE

• Secure WCF REST Services with a Custom UserNamePasswordValidator
  
  < serviceBehaviors > < behavior > < serviceCredentials > < userNameAuthentication userNamePasswordValidationMode = " Custom " customUserNamePasswordValidatorType = " Security.PasswordValidator, Security " /> </ serviceCredentials > </ behavior > </ serviceBehaviors > This is all fine and dandy, but it assumes that clients will only be talking Soap – what about REST-ful clients who don’t know a thing about Soap? Technical REST Security WCFDownload the code for this blog post here. netsh http add sslcert ipport=0.0.0.0:2345
  DevelopMentor Courses - Monday, May 28, 2012
  READ MORE
• Using HTTP status codes in a REST service
  
  When we are building REST service we embrace HTTP and as a result we also embrace all the HTTP status codes, not just 200 and 500. www.dotnetevents.nl.NET WCF REST dotnetmagWhen we build services, or write any code for that matter, error can occur and we have to cater for those. With SOAP service we gibe a calling application information about the error by returning a SOAP fault. This SOAP fault is just another piece of XML informing the calling application about whatever was wrong. But there are far more status codes we can use. For example a database connection failed. else. {.
  The Problem Solver - Wednesday, July 20, 2011
  READ MORE
• Building rich HTML 5 clients using REST services
  
  You can download the slide from my session on Building rich HTML 5 clients using REST services here and the sample application using the WCF Web API here. www.dotnetevents.nl.NET WCF webcast ASP.NET REST dotnetmag HTML5The slides are also available on SlideShare. Enjoy! www.TheProblemSolver.nl
  The Problem Solver - Wednesday, October 26, 2011
  READ MORE
• Building rich HTML 5 clients using REST services recording
  
  For those who missed the online event about building JavaScript and HTML 5 client for a REST service build using the new WCF Web API the recordings are up. www.dotnetevents.nl.NET WCF webcast ASP.NET REST HTML5You can download the hi res recording here or download one of the other formats from the main page here. And remember there a bunch of other useful recording from other DevelopMentor instructors on the same page. Enjoy! www.TheProblemSolver.nl
  The Problem Solver - Thursday, November 3, 2011
  READ MORE
• On building Restful services
  
  lot of people will be familiar with writing SOAP style services but not everyone is quite as familiar with the REST approach so I guess that takes a bit of explanation. This subject is a bit long for a single blog post so I am going to do a number explaining what REST is, the difference with SOAP and how to build these Restful services using the WCF Web API. Of course the WCF Web API is still in a preview state so some of the technical things are subject to change over time but the general principal of building Restful services isn’t going to change a lot. Enjoy!
  The Problem Solver - Tuesday, June 21, 2011
  READ MORE