I am starting to develop EDM service.
To start with How can I create Enrollment Discovery.svc service?
Are there any tutorials/articles available which can guide me for development of complete Enterprise Management Service?
These days I am going through WP8 Enterprise Device Management Protocol document.
That document is the only one available on this topic. Ensure that you have the latest one as it fixes some typos in older ones.
The Discovery.svc should support both HTTP GET and POST. GET should give 200K which is an indication for the Wp8 device that the server is active and then tries to do POST on the Discovery service with SOAP request.
I would suggest you to develop a sample server (not necessarily in .NET but on any convenient platform). Note that its not mandatory for you to have only a .Net server. You could create a dummy server that listens on a port and ip adress and makes decision based on the URL path value. Once you fix the dicovery receipt on the server side, rest of the links to be posted in POST response i.e., certificate policies request and Enrollment request are completely in your hands.
Related
I'd like to have a page or a section of information that only is relevant to a specific API. Is that possible in the new portal?
In this case it has to do with information about event data that is sent out (to webhooks) when new items are created and that are then available in operations for the API. If it's not possible to have i an "API-specific" page, where would you put something like this?
I believe in this case you are trying to add some sort of static page or documentation to explain the functionality about a specific API. You may refer to this. As mentioned in the thread, you can try with swagger but in APIM portal it might not work immediately. Microsoft product team has confirmed that they working on improving support for OpenAPIv3. The ETA is about end of September.
However, you may also check the self-hosted gateway feature
The self-hosted gateway feature expands API Management support for hybrid and multi-cloud environments and enables organizations to efficiently and securely manage APIs hosted on-premises and across clouds from a single API Management service in Azure.
Official Documentation
I know CAS and I understand how it works in web applications contexts; now my customer would like to have a SSO system able in managing several applications (both stand alone and web applications)
I saw the RESTful APIs provided by CAS; I'ld like to use these APIs in my scenario but I'm missing how to use them.
Now...let's suppose I have the following applications:
java swing application
visual basic application
web application (Java based)
What I would like to do is to use the CAS APIs in order to do a SSO so that an user logged on one of the previous applications must no more log in on the other. Is this possible? If so...how may I do it?
I guess that the first thing to do is to do the request for a CAS ticket but then....how can I share this ticket between applications? Is there any good way and/or best practice to follow?
Thank you
Angelo
I already replied on the CAS mailing list: https://groups.google.com/forum/?fromgroups#!topic/jasig-cas-user/yhTwvj6-Sko...
I am working on a project where I am building a server that can receive SMS from any mobile phone via a longcode (Phone Number) given to the user to send the SMS
This SMS is received by my server via a Modem with a SIM card inside the modem and can be used to process other kinds of operations
For example for updating Facebook status, for posting Tweets, obtaining Latest New Information and much more
Now i started this project in 2011 but the challenge I hard was that, i used a .NET dll library from logixmobile.com called mCore Library. I could receive only a single SMS at a time and process them but could not receive more.
Please how can i build this kind of server. Also would it be ok for me to use Windows for the system or linux
Also if a code can be written for me to handle as many SMS as possible i would be glad to have it.
I work for Twilio, which allows you to add Voice and SMS into you applications using the cloud. So instead of an SMS modem (I've had 'fun' with those myself!) you set use a web server. You can buy a telephone number from Twilio in over 40 countries, and simply configure that number to send the SMS messages to your server - a simple .Net web application is a great way to go. You can host it yourself, or use Azure.
There is a nice tutorial on how to get started here.
I am currently working on a REST/JSON API that has to provide some services through remote websites. I do not know the end-customers of these websites and they would/should not have an account on the API server. The only accounts existent on the API server would be the accounts identifying the websites. Since this is all RESTful and therefore all communication would be between end-user browser (through javascript/JSON) and my REST API service, how can I make sure that the system won't be abused by 3rd parties interested in increasing the middleman's bill? (where the middleman is the owner of the website reselling my services). What authentication methods would you recommend that would work and would prevent users from just taking the js code from the website and call it 1000000 times just to bankrupt the website owner? I was thinking of using the HTTP_REFERER , and translate that to IP address (to find out which server is hosting the code, and authenticate based on this IP), but I presume the HTTP_REFERER can easily be spoofed. I'm not looking for my customer's end customers to register on the API server, this would defeat the purpose of this API.
Some ideas please?
Thanks,
Dan
This might not be an option for you, but what I've done before in this case is to make a proxy on top of the REST calls. The website calls its own internal service and then that service calls your REST calls. The advantage is that, like you said, no one can hit your REST calls directly or try to spoof calls.
Failing that, you could implement an authentication scheme like HMAC (http://en.wikipedia.org/wiki/Hash-based_message_authentication_code). I've seen a lot of APIs use this.
Using HMAC-SHA1 for API authentication - how to store the client password securely?
Here is what Java code might look like to authenticate: http://support.ooyala.com/developers/documentation/api/signature_java.html
Either way I think you'll have to do some work server side. Otherwise people might be able to reverse engineer the API if everything is purely client side.
I've had a very brief look at Windows Identity Foundation (WIF) and it looks to me like I could say that my site is going to accept logins from other sites. e.g. anyone with a gmail or LiveID account will be able to post comments on a thread in my application. When the post comment button is clicked the user is redirected to a provider and they log in there, after which they are authorized on my site to post.
How can I find out who offers the STS mechanism and what the URL is to feed into WIF?
I've found the LiveID through a bit of googling but if I wanted to find the Facebook service, or Yahoo etc how do I go about it? Searching for STS providers and its various incantations isn't turning up too much.
Many thanks
The beta has been released fairly recently which includes a few STS providers for things like google and facebook for anyone that views this later
If you're looking for a hosted STS, your options are few. You have Live, as you know, Ping Identity, and eventually the Azure ACS. If you want to host an STS product somewhere, you have quite a few vendor options:
Novell Access Manager
Ping Identity PingFederate
Symlabs Federated Identity Suite
OpenSSO
Vordel
Shibboleth
Redhat JBoss Identity (alpha)
Oracle Identity Federation (I'm unclear on whether or not this product support WS-Trust, but I would be surprised if it didn't.)
Safewhere*Identify
HTH!