I'm building a PhoneGap mobile application and I need to make a SOAP request over HTTPS to a WebService and receive the SOAP response in JavaScript. I can choose to get a Java Application Key Store file (.JKS) or a Windows .NET Application file (.PFX) as the SSL certificate from the WebService to install on the client mobile application.
Can you please help me where to start to do such a task? How to make the SOAP request in JavaScript using SSL and how to use the certificate file? Can I use either one of these two file types as the certificate to connect to the WebService directly or do I need to have a middle WebService of my own (written in JAVA or .NET) that facilitates this functionality?(I'd rather to talk to the WebService directly with my mobile application of course).
Any help would be appreciated.
Thanks
You can use AJAX (XMLHttpRequest) with cordova, there are a jQuery Soap module.
For allow requests you need add the URL on config.xml:
<access origin="https://webserviceurl.com"/>
For the certificate, you can generate a CA key for sign your owns certificates, and install the CA PEM.
From android configuration menu -> security -> credential storage -> Install from SD Card
Related
I've been trying to make a cordova app get information from a python server. I am relatively new to JavaScript but I've been trying to connect using sockets, but I couldn't get them to communicate and I can't use API since cordova blocks cross domain APIs.
How can I get them to communicate?
First, run two servers in the same domain. And use proxy server.
Here's an example case.
If your major app is one of Python, set proxy as:
yourdomain.com/ -> Python server
yourdomain.com/elsewhere/ -> Cordova server
Or you could set cordova app as the major app.
Second, communicate between them via HTTP or socket. It also can be done sharing a temp file or database.
The issue is that your API Server does not respond using CORS. If you can setup your python server to respond using CORS (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS). There would be no issues. If it will work with the chrome developer Console then it works with cordova.
If it you can not make that, I would suggest writing a Firebase Functions that becomes a man in the middle to the story.
I am new to web services so please help me to sort out my issue. I have a requirement to create a web service in C#. This web service will return the soap response.
my webservice should send response as a soap message, Is there any exmple of client and server which send an receive soap message , it is a non wcf webservice i tried with msdn but cant grab it.
thanks for any help....
You can try Fiddler or SOAPUI tool.
Using Fiddler, You can issue requests and get response from your Webservices locally.
Very efficient for testing your webservices locally on your m/c.
You can create a web service as an "ASP.Net Website" project in visual studio. Then you can add .asmx (web service code behind file) to your project. You can define your web methods in asmx file which may return xml as response. Then you have to publish and host the web service in IIS.
In client side project, you can add the reference to the webservice by using "Add Service reference" option in visual studio that will generate classes through which you can access your web service. Then you can call your web methods through those classes.
when you are adding service reference in client side, you have to give the url of the wsdl file of your web service to locate it.
I am creating a mobile application with cordova(phone gap). I would like my app to talk with an azure service bus to post messages to a topic and read messages from a subscription.
I have found all kinds of details on how to do this with c#, java, python, node.js. However I haven't found any details on how to do this with pure javascript.
Is this possible? or must I use Azure mobile services and configure it to communicate with the service bus?
CORS - Cross-Origin Resource Sharing is now supported in windows azure for storage ,table and queues. So you access the REST api of these from javascript. Topics and Subscriptions are not mentioned here though. http://msdn.microsoft.com/en-us/library/windowsazure/dn535601.aspx
Also if you have not already check out Azure notification hubs which may help in your requirement. But mostly for notifications to cross platform devices.
You can use REST API to enqueue messages to a topic: http://msdn.microsoft.com/en-us/library/windowsazure/hh780786.aspx
Microsoft provides Service Bus REST API
https://msdn.microsoft.com/en-us/library/azure/hh780717.aspx
Microsoft provides two ways to authenticate
1. Azure Active Directory (Cordova project sample that uses AD)
2. Using certificates
If you want to do it using certificates, you need to generate the .cer and .pem files and upload the .cer file to your Azure portal -> Settings -> Management Certificate
You can then trigger a http request by passing your .pem file to authenticate your application
I know that there are many similar questions posted, but none of them refers to an HTML/javascript app where the user can access the code.
I have a private REST API written in nodejs. It is private because its only purpose is to server my HTML5 clients apps (Chrome app and Adobe Air app). So an API key is not a good solution since any user can see the javascript code.
I want to avoid bots creating accounts on my server and consuming my resources.
Is there any way to acomplish this?
An API key is a decent solution especially if you require constraints on the API key's request origin; consider that you should only accept an API key if the originating web request comes from an authorized source, such as your private domain. If a web request comes from an unauthorized domain, you could simply deny processing the request.
You can improve the security of this mechanism by utilizing a specialized encoding scheme, such as a hash-based message authentication code (HMAC). The following resource explains this mechanism clearly:
http://cloud.dzone.com/news/using-api-keys-effectively
What you want to do is employ mutually-authenticated SSL, so that your server will only accept incoming connections from your app and your app will only communicate with your server.
Here's the high-level approach. Create a self-signed server SSL certificate and deploy on your web server. If you're using Android, you can use the keytool included with the Android SDK for this purpose; if you're using another app platform, similar tools exist for them as well. Then create a self-signed client and deploy that within your application in a custom keystore included in your application as a resource (keytool will generate this as well). Configure the server to require client-side SSL authentication and to only accept the client certificate you generated. Configure the client to use that client-side certificate to identify itself and only accept the one server-side certificate you installed on your server for that part of it.
If someone/something other than your app attempts to connect to your server, the SSL connection will not be created, as the server will reject incoming SSL connections that do not present the client certificate that you have included in your app.
A step-by-step for this is a much longer answer than is warranted here. I would suggest doing this in stages as there are resources on the web about how to deal with self-signed SSL certificate in Android (I'm not as familiar with how to do this on other mobile platforms), both server and client side. There is also a complete walk-through in my book, Application Security for the Android Platform, published by O'Reilly.
I want to connect to a Java Restful webservice that uses SSL from a Javascript client.
I could write standalone Java client that connects to the keystore and imports the certificates and could connect successfully.
How can I achieve the same thing using Javascript, XMLHttpRequest.
Thanks in advance for any pointers.
I'm not entirely sure I understand your question. But, to make a SSL asynchronous request against a server with JavaScript, the only change you need to make is to use https in your RESTful target URL instead of http.