[orkut-developer] Re: Authentication Web Service.NET framework 3.5

Akash Tue, 23 Sep 2008 06:21:57 -0700

Thanks a lot Raman.

One more clarification I believe the transaction between orkut server
and my application server is not over SSL.


Thanks,
-Akash

On Sep 22, 10:34 am, Raman <[EMAIL PROTECTED]> wrote:
> Hi Akash
>
> Things work as per the usual public key - private key model.
> When you call some web service using makeRequest, the request first goes to
> orkut server.. the orkut server signs the request using its private key. At
> your end, you can ensure if the request is from orkut by decrypting the
> received request with its public key (which is publically available). So, if
> you are able to decrypt it, that means orkut have sent the request..
> otherwise, its an invalid request.
>
> Plus, when you send a signed request from your opensocial app, orkut
> attaches a 'opensocial_owner_id' and a 'opensocial_viewer_id' (only if
> viewer has added the app) as get parameters, through which you can confirm
> who actually is the cureent viewer and the owner of the application.
>
> Raman
>
> On Sun, Sep 21, 2008 at 9:25 AM, Akash <[EMAIL PROTECTED]> wrote:
>
> > Hi Jason,
> >   Thanks for the response. I don't think not encoding the post data
> > is the issue because things are working with I was not signing the
> > request:-(. I anyways tried your suggestion. I am still getting same
> > response.
>
> > <HTML>
> > <HEAD>
> > <TITLE>invalid parameter name &lt;?xml version</TITLE>
> > </HEAD>
> > <BODY BGCOLOR="#FFFFFF" TEXT="#000000">
> > <H1>invalid parameter name &lt;?xml version</H1>
> > <H2>Error 400</H2>
> > </BODY>
> > </HTML>
>
> > Jason,
> >   I am still not able to appreciate the authorization model of orkut.
> > My current understanding is that when I make a web service call from
> > an orkut application the web service call first goes to a proxy on
> > orkut server. The proxy in turn makes a call to application server on
> > internet on behalf of application. Later response traverse in reverse
> > direction.
> > Now how things change with
> > signing(params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > gadgets.io.AuthorizationType.SIGNED;) coming into picture. The
> > question I looking to get answered are following:-
>
> > 1.   Whether web service request is encrypted from browser to proxy
> > server on orkut.
> > 2.   Does the request from orkut server to application server is
> > encrypted?
> > 3.   In security world what exactly the communication between orkut
> > proxy server and application server is called?
> > 4.   What requirements does web server that is running application
> > server should fulfill? For e.g. I am using IIS7 and .NET framework 3.5
> > provided bywww.discountasp.net. My question is what should be my
> > requirements for them?
>
> > Another related question:-
> > On application server side how do I ensure that the request I am
> > getting from an application an user X?
>
> > I would love to help the community once I understand the
> > authentication model?
>
> > Thanks,
> > -Akash
>
> > On Sep 16, 3:06 am, Jason <[EMAIL PROTECTED]> wrote:
> > > Thanks for sharing your code snippet. :) Most of the time, I see
> > > requests for assistance without any code, which obviously makes it
> > > much harder to determine the problem.
>
> > > As far as your issue, try using gadgets.io.encodeValues(soapRequest)
> > > instead of passing soapRequest directly. See POST Requests in this
> > > wiki article, which uses this convenience function to encode POST
> > > data:
>
> > >http://code.google.com/p/opensocial-resources/wiki/GadgetsMakeRequest
>
> > > Unfortunately, I don't have any ASP signature validation code handy,
> > > but hopefully another member of the community has a snippet to share.
> > > If you find one, we'll be more than happy to make it available on the
> > > opensocial-resources wiki.
>
> > > Cheers!
> > > - Jason
>
> > > On Sep 13, 11:38 am, Akash <[EMAIL PROTECTED]> wrote:
>
> > > > Hi,
> > > >     I have written an orkut application that is making a web service
> > > > call. The web service is using ASP .NET 3.5. The application was
> > > > working fine without any issue however when I added following in my
> > > > web service call
>
> > > > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > > > gadgets.io.AuthorizationType.SIGNED;
>
> > > > I started getting following response.
>
> > > > <HTML>
> > > > <HEAD>
> > > > <TITLE>invalid parameter name &lt;?xml version</TITLE>
> > > > </HEAD>
> > > > <BODY BGCOLOR="#FFFFFF" TEXT="#000000">
> > > > <H1>invalid parameter name &lt;?xml version</H1>
> > > > <H2>Error 400</H2>
> > > > </BODY>
> > > > </HTML>
>
> > > > Any clue why I am facing this problem.
>
> > > > BTW, I am also looking for some sample code where an authenticated Web
> > > > Service call is made to a web service running on .NET framework 3.5.
>
> > > > Thanks,
> > > > -Akash
>
> > > > Following is detailed code.
>
> > > >  var map = { "Content-Type" : "application/soap+xml; charset=utf-8"};
> > > >          var params = {};
> > > >          soapRequest =
> > > >                                 "<?xml version=\"1.0\"
> > encoding=\"utf-8\"?>" +
> > > >                                 "<soap12:Envelope " +
> > > >                                 "xmlns:xsi=\"
> >http://www.w3.org/2001/XMLSchema-instance\<http://www.w3.org/2001/XMLSchema-instance%5C>"
> > " +
> > > >                                 "xmlns:xsd=\"
> >http://www.w3.org/2001/XMLSchema\<http://www.w3.org/2001/XMLSchema%5C>" "
> > +
> > > >                                 "xmlns:soap12=\"
> >http://www.w3.org/2003/05/soap-envelope\<http://www.w3.org/2003/05/soap-envelope%5C>">"
> > +
> > > >                                 "<soap12:Body>" +
> > > >                                 "<" + method + " xmlns=\"" + ns + "\">"
> > +
> > > >                                 parameters.toXml() +
> > > >                                 "</" + method +
> > "></soap12:Body></soap12:Envelope>";
> > > >                  params[gadgets.io.RequestParameters.METHOD] =
> > > > gadgets.io.MethodType.POST;
> > > >          params[gadgets.io.RequestParameters.CONTENT_TYPE] =
> > > > gadgets.io.ContentType.DOM;
> > > >          params[gadgets.io.RequestParameters.HEADERS] = map;
> > > >          params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > > > gadgets.io.AuthorizationType.SIGNED;
> > > >          params[gadgets.io.RequestParameters.POST_DATA] = soapRequest;
> > > >          var req;
>
> > > >          gadgets.io.makeRequest(url, function(req){
> > > >                             SOAPClient._onSendSoapRequest(method,
> > async, callback, context,
> > > > wsdl, req);
> > > >                 }, params);
>
> > > > [WebMethod]
> > > >     public bool isAppInstalledByUser(string id, string siteTye)
> > > >     {
> > > >         return false;
> > > >     }
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Orkut Developer Forum" group.
To post to this group, send email to opensocial-orkut@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---

[orkut-developer] Re: Authentication Web Service.NET framework 3.5

Reply via email to