Restful/WCF/Android 可唔可以maintain一個secure session

想pass 個sessionId token
現用緊Ksoap但發覺SOAP好重
想轉用Restful但找不到有關在Android用Restful
又maintain到sessionId的info
我個wcf web service在wcf test client已知可以pass到sessionId
但唔知Android client 點consume?
Any ideas?
Thanks

puzzle and dragon 就係用ssl+http json

TOP

本帖最後由 luckiejacky 於 2015-3-17 15:20 編輯

Hello
I can't deliver json output to the web browser under this config
I don't know, in wcf test client, it works
But no json is delivered, I know that webHttpBinding has no support
for sessions, but wsHttpBinding has no output?????
Is it safe to deliver sessionId on json anyways?

Update:
Wait, seems like i need a certificate...

Update2:
I need a certificate anyways, but which security is best for me (message or transport)
On my android side, I can use Apache HttpGet to get the JSON...
I don't want to (at least not desirable) to parse the JSON myself or decrypt it myself
so message or transport?

0)
  1. namespace _1_00
  2. {     
  3.     [ServiceContract(SessionMode = SessionMode.Required)]         
  4.     public interface IEmpService
  5.     {
  6.         //OperationContract to validate user
  7.         [OperationContract]
  8.         [WebInvoke(Method = "GET", BodyStyle = WebMessageBodyStyle.Bare,
  9.         ResponseFormat = WebMessageFormat.Json,
  10.         UriTemplate = "UserLogin")]
  11.         //String UserLogin(string username, string password);
  12.         String UserLogin();
  13.     }
複製代碼


1)
  1. namespace _1_00
  2. {
  3.     //Implementing service as PerSession instance
  4.     [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession)]
  5.     public class EmpService : IEmpService
  6.     {
  7.         //To hold user token returned from WCF service after validating user
  8.         string UserToken = string.Empty;
  9.         string userId;
  10.         string userName;
  11.         string password;                  

  12.         //Method to get employee data
  13.         public String GetUserInfo()
  14.         {
  15.             //Validating user token
  16.             if (IsValidateUser())
  17.             {
  18.                 return userId;
  19.             }
  20.             else
  21.             {
  22.                 throw new FaultException("Invalid User token to access data.");
  23.             }
  24.         }

  25.         //Method to validate user
  26.         //public String UserLogin(string username, string password)
  27.         public String UserLogin()
  28.         {
  29.             if (loginCheck("test", "pass"))
  30.             {
  31.                 //If user is validated then returning current session id as user token                                 
  32.                 UserToken = OperationContext.Current.SessionId;                  
  33.             }
  34.             else
  35.             {
  36.                 UserToken = "";               

  37.             }
  38.             return UserToken;            
  39.         }
複製代碼

2)
  1. <?xml version="1.0"?>
  2. <configuration>
  3.   <system.serviceModel>
  4.     <bindings>
  5.       <wsHttpBinding>
  6.         <binding name="SampleServiceBinding">
  7.           <security mode="Message">
  8.             <message clientCredentialType="UserName"/>
  9.           </security>
  10.         </binding>
  11.       </wsHttpBinding>
  12.     </bindings>
  13.     <services>
  14.       <service name="_1_00.EmpService">  
  15.         <endpoint address="" binding="wsHttpBinding" contract="_1_00.IEmpService"/>
  16.       </service>
  17.       <service name="_1_00.ApprovalService">
  18.         <endpoint address="mex" contract="_1_00.IApprovalService" binding="mexHttpBinding"/>
  19.         <endpoint address="" binding="webHttpBinding" behaviorConfiguration="restfulBehavior" contract="_1_00.IApprovalService"/>
  20.       </service>
  21.     </services>
  22.     <behaviors>
  23.       <serviceBehaviors>
  24.         <behavior>  
  25.           <serviceMetadata httpGetEnabled="true"/>
  26.           <serviceDebug includeExceptionDetailInFaults="true"/>
  27.         </behavior>
  28.       </serviceBehaviors>
  29.       <endpointBehaviors>
  30.         <behavior name="restfulBehavior">
  31.           <webHttp automaticFormatSelectionEnabled="false"/>
  32.         </behavior>
  33.       </endpointBehaviors>
  34.     </behaviors>
  35.   </system.serviceModel>
  36.   
  37.   
  38.   <system.webServer>
  39.     <modules runAllManagedModulesForAllRequests="true"/>
  40.     <directoryBrowse enabled="true"/>
  41.   </system.webServer>


  42.   <connectionStrings>
  43.     <add name="ApplicationServices" connectionString="data source=.\SQLEXPRESS;Initial Catalog=aspnetdb;Integrated Security=True"
  44.       providerName="System.Data.SqlClient" />
  45.     <add name="RCS_2_02ConnectionString" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=RCS_2_02;Integrated Security=True"
  46.       providerName="System.Data.SqlClient" />
  47.   </connectionStrings>

  48.   <system.web>
  49.     <roleManager enabled="true" />
  50.     <membership>
  51.       <providers>
  52.         <clear/>
  53.         <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices"
  54.              enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false"
  55.              maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10"
  56.              applicationName="/" />
  57.       </providers>
  58.     </membership>

  59.     <profile>
  60.       <providers>
  61.         <clear/>
  62.         <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
  63.       </providers>
  64.     </profile>
  65.      
  66.     <compilation debug="true"/>
  67.   </system.web>
  68. </configuration>
複製代碼

TOP

本帖最後由 杜龍 於 2015-3-17 16:54 編輯

$15K, 想要答案請PM.

TOP

14.9k

其實呢d 野有難?傳送+內容加密,破左咪由得佢囉

TOP

本帖最後由 reXxx 於 2015-3-17 23:30 編輯
Hello
I can't deliver json output to the web browser under this config
I don't know, in wcf test cli ...
luckiejacky 發表於 2015-3-17 15:07



Do you think use SSL is just enough for you ? if so just do it on server side, nothing is needed on android side.
or you want to generate something like signature to protect your message/data ?
What is "I don't want to (at least not desirable) to parse the JSON myself" ? JSON parser is build-in in java

TOP