Thanks a lot Raman. One more clarification I believe the transaction between orkut server and my application server is not over SSL.
Thanks, -Akash On Sep 22, 10:34 am, Raman <[EMAIL PROTECTED]> wrote: > Hi Akash > > Things work as per the usual public key - private key model. > When you call some web service using makeRequest, the request first goes to > orkut server.. the orkut server signs the request using its private key. At > your end, you can ensure if the request is from orkut by decrypting the > received request with its public key (which is publically available). So, if > you are able to decrypt it, that means orkut have sent the request.. > otherwise, its an invalid request. > > Plus, when you send a signed request from your opensocial app, orkut > attaches a 'opensocial_owner_id' and a 'opensocial_viewer_id' (only if > viewer has added the app) as get parameters, through which you can confirm > who actually is the cureent viewer and the owner of the application. > > Raman > > On Sun, Sep 21, 2008 at 9:25 AM, Akash <[EMAIL PROTECTED]> wrote: > > > Hi Jason, > > Thanks for the response. I don't think not encoding the post data > > is the issue because things are working with I was not signing the > > request:-(. I anyways tried your suggestion. I am still getting same > > response. > > > <HTML> > > <HEAD> > > <TITLE>invalid parameter name <?xml version</TITLE> > > </HEAD> > > <BODY BGCOLOR="#FFFFFF" TEXT="#000000"> > > <H1>invalid parameter name <?xml version</H1> > > <H2>Error 400</H2> > > </BODY> > > </HTML> > > > Jason, > > I am still not able to appreciate the authorization model of orkut. > > My current understanding is that when I make a web service call from > > an orkut application the web service call first goes to a proxy on > > orkut server. The proxy in turn makes a call to application server on > > internet on behalf of application. Later response traverse in reverse > > direction. > > Now how things change with > > signing(params[gadgets.io.RequestParameters.AUTHORIZATION] = > > gadgets.io.AuthorizationType.SIGNED;) coming into picture. The > > question I looking to get answered are following:- > > > 1. Whether web service request is encrypted from browser to proxy > > server on orkut. > > 2. Does the request from orkut server to application server is > > encrypted? > > 3. In security world what exactly the communication between orkut > > proxy server and application server is called? > > 4. What requirements does web server that is running application > > server should fulfill? For e.g. I am using IIS7 and .NET framework 3.5 > > provided bywww.discountasp.net. My question is what should be my > > requirements for them? > > > Another related question:- > > On application server side how do I ensure that the request I am > > getting from an application an user X? > > > I would love to help the community once I understand the > > authentication model? > > > Thanks, > > -Akash > > > On Sep 16, 3:06 am, Jason <[EMAIL PROTECTED]> wrote: > > > Thanks for sharing your code snippet. :) Most of the time, I see > > > requests for assistance without any code, which obviously makes it > > > much harder to determine the problem. > > > > As far as your issue, try using gadgets.io.encodeValues(soapRequest) > > > instead of passing soapRequest directly. See POST Requests in this > > > wiki article, which uses this convenience function to encode POST > > > data: > > > >http://code.google.com/p/opensocial-resources/wiki/GadgetsMakeRequest > > > > Unfortunately, I don't have any ASP signature validation code handy, > > > but hopefully another member of the community has a snippet to share. > > > If you find one, we'll be more than happy to make it available on the > > > opensocial-resources wiki. > > > > Cheers! > > > - Jason > > > > On Sep 13, 11:38 am, Akash <[EMAIL PROTECTED]> wrote: > > > > > Hi, > > > > I have written an orkut application that is making a web service > > > > call. The web service is using ASP .NET 3.5. The application was > > > > working fine without any issue however when I added following in my > > > > web service call > > > > > params[gadgets.io.RequestParameters.AUTHORIZATION] = > > > > gadgets.io.AuthorizationType.SIGNED; > > > > > I started getting following response. > > > > > <HTML> > > > > <HEAD> > > > > <TITLE>invalid parameter name <?xml version</TITLE> > > > > </HEAD> > > > > <BODY BGCOLOR="#FFFFFF" TEXT="#000000"> > > > > <H1>invalid parameter name <?xml version</H1> > > > > <H2>Error 400</H2> > > > > </BODY> > > > > </HTML> > > > > > Any clue why I am facing this problem. > > > > > BTW, I am also looking for some sample code where an authenticated Web > > > > Service call is made to a web service running on .NET framework 3.5. > > > > > Thanks, > > > > -Akash > > > > > Following is detailed code. > > > > > var map = { "Content-Type" : "application/soap+xml; charset=utf-8"}; > > > > var params = {}; > > > > soapRequest = > > > > "<?xml version=\"1.0\" > > encoding=\"utf-8\"?>" + > > > > "<soap12:Envelope " + > > > > "xmlns:xsi=\" > >http://www.w3.org/2001/XMLSchema-instance\<http://www.w3.org/2001/XMLSchema-instance%5C>" > > " + > > > > "xmlns:xsd=\" > >http://www.w3.org/2001/XMLSchema\<http://www.w3.org/2001/XMLSchema%5C>" " > > + > > > > "xmlns:soap12=\" > >http://www.w3.org/2003/05/soap-envelope\<http://www.w3.org/2003/05/soap-envelope%5C>">" > > + > > > > "<soap12:Body>" + > > > > "<" + method + " xmlns=\"" + ns + "\">" > > + > > > > parameters.toXml() + > > > > "</" + method + > > "></soap12:Body></soap12:Envelope>"; > > > > params[gadgets.io.RequestParameters.METHOD] = > > > > gadgets.io.MethodType.POST; > > > > params[gadgets.io.RequestParameters.CONTENT_TYPE] = > > > > gadgets.io.ContentType.DOM; > > > > params[gadgets.io.RequestParameters.HEADERS] = map; > > > > params[gadgets.io.RequestParameters.AUTHORIZATION] = > > > > gadgets.io.AuthorizationType.SIGNED; > > > > params[gadgets.io.RequestParameters.POST_DATA] = soapRequest; > > > > var req; > > > > > gadgets.io.makeRequest(url, function(req){ > > > > SOAPClient._onSendSoapRequest(method, > > async, callback, context, > > > > wsdl, req); > > > > }, params); > > > > > [WebMethod] > > > > public bool isAppInstalledByUser(string id, string siteTye) > > > > { > > > > return false; > > > > } --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Orkut Developer Forum" group. To post to this group, send email to opensocial-orkut@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/opensocial-orkut?hl=en -~----------~----~----~----~------~----~------~--~---