Search Results

Search found 2 results on 1 pages for 'webwires'.

Page 1/1 | 1 

  • Passing Certificate to Svcutil to generate proxy for OSB Service

    - by webwires
    We are wanting to implement Two-Way SSL security from WCF to OSB Services. We have successfully deployed the certificates so that when you browse to the service with IE you get the appropriate prompt for certificate and then it takes you immediately to the WSDL. But, when you attempt to generate a proxy using svcutil as defined in steps 8 and 9 in this MSDN article. http://msdn.microsoft.com/en-us/library/cc949005.aspx I get the error: A reply message was received for operation 'Get' with action 'http://schemas.xmlsoap.org/ws/2004/09/transfer/Get'. However, your client code requires action 'http://schemas.xmlsoap.org/ws/2004/09/transfer/GetResponse'. The OSB services are set to use Soap 1.2 and the svcutil.exe.config we use is identicle to the article except for the findValue and x509FindType. Instead we used the FindByThumbprint pointing to the "My" store name and "CurrentUser" store location. The cert is there and is the same cert we select from the IE prompt.

    Read the article

  • Best Pattern for AllowUnsafeUpdates

    - by webwires
    So far, in my research I have seen that it is unwise to set AllowUnsafeUpdates on GET request operation to avoid cross site scripting. But, if it is required to allow this, what is the proper way to handle the situation to mitigate any exposure? Here is my best first guess on a reliable pattern if you absolutely need to allow web or site updates on a GET request. Best Practice? protected override void OnLoad(System.EventArgs e) { if(Request.HttpMethod == "POST") { SPUtility.ValidateFormDigest(); // will automatically set AllowSafeUpdates to true } // If not a POST then AllowUnsafeUpdates should be used only // at the point of update and reset immediately after finished // NOTE: Is this true? How is cross-site scripting used on GET // and what mitigates the vulnerability? } // Point of item update SPSecurity.RunWithElevatedPrivledges(delegate() { using(SPSite site = new SPSite(SPContext.Current.Site.Url)) { using (SPWeb web = site.RootWeb) { bool allowUpdates = web.AllowUnsafeUpdates; //store original value web.AllowUnsafeUpdates = true; //... Do something and call Update() ... web.AllowUnsafeUpdates = allowUpdates; //restore original value } } }); Feedback on the best pattern is appreciated.

    Read the article

1