We have developed an application for iPad which consumes data from WCF service.
iPad application sends request in JSON data format to WCF service and receives response in JSON data format from WCF service.
We found during penetration test that users can manipulate request JSON data like changing role of logged in user to get higher privileged user data in the application.
JSON request data is not encrypted. It is plain text data. Same is the case with response.
How to secure request and response JSON data?
We can encrypt request at iPad and decrypt at WCF side and do similarly for response JSON data. This will add overhead.
Another option is to compute hash for request JSON data at iPad and send it as input to WCF. At WCF side, compute hash again for actual request JSON data and compare. This will help to identify whether request is manipulated or not.
Any suggestions???
Can we use ProtectionLevel Property on Operation Contract???
As per MSDN (http://msdn.microsoft.com/en-us/library/aa347692(v=vs.90).aspx) article we can encrypt and sign operation contract. In this case, what changes should be made at iPad application side???
Related
I am attempting to replicate a HTTP Request to a Google Analytics endpoint -
https://analytics.google.com/analytics/app/data/admin/annotations?dataset=XXXXXX&hl=en_US&state=app.admin.annotation.table
The endpoint itself returns a JSON string that i want to use and in this case it is returning the Annotations used in GA itself.
I've been able to capture the HTTP request using Postman and i then used Fiddler to work out why postman wasnt working. It ended up being the cookie needing to be set.
As i want to automate the extraction of this JSON string, i can't provide a cookie each time. Is there any way around this?
I have an incoming stream of data from a message broker. The data is in JSON format. I also have RESTful API I built using Flask where I can get certain information. How can I run the server for the API and store the incoming data in a dictionary at the same time?
you can try to using Redis to caching data from message broker follow key-value format.
Scenario: My angular page should be receiving a POST request with JSON data from SpringBoot API.
Consider this as a work example: When client clicks on login on an angular webpage, the login info would be sent through JSON to SpringBoot where it will validate the user,if it returns true, the same JSON would then be forwarded back to webpage as POST, where it will be captured and then worked on(displayed for example).
Now, as per this link, it is said that POST requests cannot be received on Angular but need Express for the same. Is it true? or is there any other way to receive POST requests from API using Angular? I'm googling on this from many days and haven't found anything relevant that confirms this and needed a closure.
Angular is a library for providing a user interface in a browser (which is a type of HTTP client).
To listen for an HTTP request you need an HTTP server (such as Apache HTTPD, Lighttpd, NGINX, something built with Node.js+Express, etc, etc, etc).
is there any other way to receive POST requests from API using Angular?
No
should be receiving a POST request with JSON data from SpringBoot API.
Spring is a Java framework for running a webservice.
Typically it receives HTTP requests and makes HTTP responses.
While you could make HTTP requests from it (i.e. when a client makes an HTTP request to a Spring API, the Spring API then makes an HTTP request to another web service and uses the data in the response to construct its own response to the original request)…
… it sounds like you have the wrong end of the stick and really need to make an HTTP POST request from Angular to Spring and then read the HTTP response in Angular.
i.e. Ajax.
I have a URL to rest web service (made in WCF with JSON endpoint) that I call by passing JSON with all parameters.
But I don't know some parameters names.
Is there some tool where I can enter service URL and method name to get JSON example that I must pass to this method?
I know that tools like this exist for SOAP services but I need for REST.
I just tried to use wcf test client but I can't load the JSON endpoint it's only for SOAP.
...svc/json
There are various addons for rest and soap services. you can try as per your requirement.
Is it possible to send an API call in the format of "application/json" to a SOAP endpoint?
When working with JSON, I know we typically work with REST services. But due to limitations on the customer's side, they cannot send a typical SOAP envelope (XML, name/value pairs), instead, they can only send JSON data to a WSDL service.
I do not know of the customer's development environment yet (I have an email out to them) which this API call is being made from.