Developer forum

Forum » Development » Call webservice

Call webservice

E-mail notifications
Per Ljung
Reply
Posted on 12/10/2011 14:54:14
Hi!

If I want use a webservice on the DW server to trigger an import of orders to the erp system, e.g use curl.exe  to call http://site.net.dynamicweb.dk/myservice.asmx?action=getorders (a webform could work to, I just want to use parameters to the functions), how can I make that call in a secure way to prevent unathorized calls? I guess there are much better ways to pass credentials than in the query string.

As a said I only want to trigger an import, the real import is done on the server on the erp system, the webservice is used to call another webservice (on the erp server).

Best regards,
Per

Replies

 
Morten Snedker
Posted on 12/10/2011 15:07:34
Reply
 Hi Per,

You have previously received answer to that question on this thread: http://developer.dynamicweb-cms.com/forum/development/secure-webservice.aspx. Please let us know why these suggestions do not work for you (Nicolai posted a link on how to apply security to webservices in general).

But basically I'd just key-encrypt part of the query string and decrypt on the webservice.

Regards
Morten Snedker
 
Per Ljung
Posted on 12/10/2011 15:25:30
Reply


Okay, thanks!

I just wondered how you should do to call it from curl.exe in a secure way, instead of connecting to it through Visual Studio.
 

Regards,
Per

 
Nicolai Høeg Pedersen
Posted on 12/10/2011 15:31:17
Reply
Curl can be configured to do whatever - including, GET and POST operations and modifying headers etc.

So try Google search for "calling webservice with curl".

 
Morten Bengtson
Posted on 12/10/2011 15:55:49
Reply
Hi,

In IIS you can disable anonymous access to the web service (.asmx) and then use curl with NTLM to access it with a user profile created on the server that has sufficient permissions on the server.

Your curl command would look something like this:
curl.exe -d --ntlm --user username:password "http://www.mydomain.com/service.asmx"

You might need to add other parameters, e.g. headers and get/post data, depending on the web service.
Use curl.exe --help to see available curl options.

More info here: http://curl.haxx.se/docs/httpscripting.html
 
Per Ljung
Posted on 12/10/2011 16:22:31
Reply

Yes, but the service I'm calling will be placed on the dw server so I have no option to enable/disable anynomous access. The curl.exe will be placed on the erp server.

But thanks, now I think I understand.

/Per

 

You must be logged in to post in the forum