Please help.
On Sep 24, 12:02 am, Akash <[EMAIL PROTECTED]> wrote:
> Since I dont have debugging capabilities on the hosting site on which
> I am planning to host my application, I wrote one simple asp .net that
> just reflects the post request that it receives.
>
> public partial class _Default : System.Web.UI.Page
> {
> protected void Page_Load(object sender, EventArgs e)
> {
>
> XmlDocument doc = new XmlDocument();
> doc.Load(Request.InputStream);
> Response.Write(doc.InnerXml);
> }
>
> }
>
> I wanted to compare the difference between signed and unsigned post
> request received on the server. My assumption is that signed request
> is encrypted form of unsigned request hence for unsigned request, my
> response should be same as request however for signed request, my
> response should be encrypted form of request. Please confirm whether
> my assumption is correct.
>
> Unfortunately dont see any difference between request and response.
> Though when I sniffed the post request I signed request has following
> parameter extra.
> ***
> authz=signed&st=AFinprRrOo9jbTnGz6GfSLTAFaD31b-
> BdtDUoRKmB6fAmal76q1ay6NmliAxmxqei_HU7alG69OMw2caaKLYGuJsXp2CQX9oBA7fQj5dfZQO7iKjBJ6b0I
> ***
>
> I will appreciate any help in this regard.
>
> Thanks,
> -Akash
>
> On Sep 23, 6:21 pm,Akash<[EMAIL PROTECTED]> wrote:
>
>
>
> > Thanks a lot Raman.
>
> > One more clarification I believe the transaction between orkut server
> > and my application server is not over SSL.
>
> > Thanks,
> > -Akash
>
> > On Sep 22, 10:34 am, Raman <[EMAIL PROTECTED]> wrote:
>
> > > HiAkash
>
> > > Things work as per the usual public key - private key model.
> > > When you call some web service using makeRequest, the request first goes
> > > to
> > > orkut server.. the orkut server signs the request using its private key.
> > > At
> > > your end, you can ensure if the request is from orkut by decrypting the
> > > received request with its public key (which is publically available). So,
> > > if
> > > you are able to decrypt it, that means orkut have sent the request..
> > > otherwise, its an invalid request.
>
> > > Plus, when you send a signed request from your opensocial app, orkut
> > > attaches a 'opensocial_owner_id' and a 'opensocial_viewer_id' (only if
> > > viewer has added the app) as get parameters, through which you can confirm
> > > who actually is the cureent viewer and the owner of the application.
>
> > > Raman
>
> > > On Sun, Sep 21, 2008 at 9:25 AM,Akash<[EMAIL PROTECTED]> wrote:
>
> > > > Hi Jason,
> > > > Thanks for the response. I don't think not encoding the post data
> > > > is the issue because things are working with I was not signing the
> > > > request:-(. I anyways tried your suggestion. I am still getting same
> > > > response.
>
> > > > <HTML>
> > > > <HEAD>
> > > > <TITLE>invalid parameter name <?xml version</TITLE>
> > > > </HEAD>
> > > > <BODY BGCOLOR="#FFFFFF" TEXT="#000000">
> > > > <H1>invalid parameter name <?xml version</H1>
> > > > <H2>Error 400</H2>
> > > > </BODY>
> > > > </HTML>
>
> > > > Jason,
> > > > I am still not able to appreciate the authorization model of orkut.
> > > > My current understanding is that when I make a web service call from
> > > > an orkut application the web service call first goes to a proxy on
> > > > orkut server. The proxy in turn makes a call to application server on
> > > > internet on behalf of application. Later response traverse in reverse
> > > > direction.
> > > > Now how things change with
> > > > signing(params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > > > gadgets.io.AuthorizationType.SIGNED;) coming into picture. The
> > > > question I looking to get answered are following:-
>
> > > > 1. Whether web service request is encrypted from browser to proxy
> > > > server on orkut.
> > > > 2. Does the request from orkut server to application server is
> > > > encrypted?
> > > > 3. In security world what exactly the communication between orkut
> > > > proxy server and application server is called?
> > > > 4. What requirements does web server that is running application
> > > > server should fulfill? For e.g. I am using IIS7 and .NET framework 3.5
> > > > provided bywww.discountasp.net. My question is what should be my
> > > > requirements for them?
>
> > > > Another related question:-
> > > > On application server side how do I ensure that the request I am
> > > > getting from an application an user X?
>
> > > > I would love to help the community once I understand the
> > > > authentication model?
>
> > > > Thanks,
> > > > -Akash
>
> > > > On Sep 16, 3:06 am, Jason <[EMAIL PROTECTED]> wrote:
> > > > > Thanks for sharing your code snippet. :) Most of the time, I see
> > > > > requests for assistance without any code, which obviously makes it
> > > > > much harder to determine the problem.
>
> > > > > As far as your issue, try using gadgets.io.encodeValues(soapRequest)
> > > > > instead of passing soapRequest directly. See POST Requests in this
> > > > > wiki article, which uses this convenience function to encode POST
> > > > > data:
>
> > > > >http://code.google.com/p/opensocial-resources/wiki/GadgetsMakeRequest
>
> > > > > Unfortunately, I don't have any ASP signature validation code handy,
> > > > > but hopefully another member of the community has a snippet to share.
> > > > > If you find one, we'll be more than happy to make it available on the
> > > > > opensocial-resources wiki.
>
> > > > > Cheers!
> > > > > - Jason
>
> > > > > On Sep 13, 11:38 am,Akash<[EMAIL PROTECTED]> wrote:
>
> > > > > > Hi,
> > > > > > I have written an orkut application that is making a web service
> > > > > > call. The web service is using ASP .NET 3.5. The application was
> > > > > > working fine without any issue however when I added following in my
> > > > > > web service call
>
> > > > > > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > > > > > gadgets.io.AuthorizationType.SIGNED;
>
> > > > > > I started getting following response.
>
> > > > > > <HTML>
> > > > > > <HEAD>
> > > > > > <TITLE>invalid parameter name <?xml version</TITLE>
> > > > > > </HEAD>
> > > > > > <BODY BGCOLOR="#FFFFFF" TEXT="#000000">
> > > > > > <H1>invalid parameter name <?xml version</H1>
> > > > > > <H2>Error 400</H2>
> > > > > > </BODY>
> > > > > > </HTML>
>
> > > > > > Any clue why I am facing this problem.
>
> > > > > > BTW, I am also looking for some sample code where an authenticated
> > > > > > Web
> > > > > > Service call is made to a web service running on .NET framework 3.5.
>
> > > > > > Thanks,
> > > > > > -Akash
>
> > > > > > Following is detailed code.
>
> > > > > > var map = { "Content-Type" : "application/soap+xml;
> > > > > > charset=utf-8"};
> > > > > > var params = {};
> > > > > > soapRequest =
> > > > > > "<?xml version=\"1.0\"
> > > > encoding=\"utf-8\"?>" +
> > > > > > "<soap12:Envelope " +
> > > > > > "xmlns:xsi=\"
> > > >http://www.w3.org/2001/XMLSchema-instance\<http://www.w3.org/2001/XMLSchema-instance%5C>"
> > > > " +
> > > > > > "xmlns:xsd=\"
> > > >http://www.w3.org/2001/XMLSchema\<http://www.w3.org/2001/XMLSchema%5C>" "
> > > > +
> > > > > > "xmlns:soap12=\"
> > > >http://www.w3.org/2003/05/soap-envelope\<http://www.w3.org/2003/05/soap-envelope%5C>">"
> > > > +
> > > > > > "<soap12:Body>" +
> > > > > > "<" + method + " xmlns=\"" + ns +
> > > > > > "\">"
> > > > +
> > > > > > parameters.toXml() +
> > > > > > "</" + method +
> > > > "></soap12:Body></soap12:Envelope>";
> > > > > > params[gadgets.io.RequestParameters.METHOD] =
> > > > > > gadgets.io.MethodType.POST;
> > > > > > params[gadgets.io.RequestParameters.CONTENT_TYPE] =
> > > > > > gadgets.io.ContentType.DOM;
> > > > > > params[gadgets.io.RequestParameters.HEADERS] = map;
> > > > > > params[gadgets.io.RequestParameters.AUTHORIZATION] =
> > > > > > gadgets.io.AuthorizationType.SIGNED;
> > > > > > params[gadgets.io.RequestParameters.POST_DATA] =
> > > > > > soapRequest;
> > > > > > var req;
>
> > > > > > gadgets.io.makeRequest(url, function(req){
> > > > > > SOAPClient._onSendSoapRequest(method,
> > > > async, callback, context,
> > > > > > wsdl, req);
> > > > > > }, params);
>
> > > > > > [WebMethod]
> > > > > > public bool isAppInstalledByUser(string id, string siteTye)
> > > > > > {
> > > > > > return false;
> > > > > > }- Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Orkut Developer Forum" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-orkut?hl=en
-~----------~----~----~----~------~----~------~--~---
