Hi, After reading and trying and reading, I hope somebody might help. I want to make an application that runs in an console (Click and it starts without complicated configuration) . Then an android client connects to the WCF service on the console, enters his username and password, and has access to the service. (only intranet)
It sounds simple, but when I start digging the web, there so much to understand! Now I get it working in a REST service with JSON, but in fiddler you can see username and password in clear text.
They say : just make a certificate? Have I got to copy this certificate to the clients?
makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=localhostCA -sky exchange -pe
I just can copy-paste this but what then? What has to be done on the android phones for reading those cetificate? Isn't there a simple way for transport/message security? (in .NET framework 3.5, if possible)
The code so far:
For Android: (I just start learning android for 4 hours, so I'm really a noob)
DefaultHttpClient httpclient = new DefaultHttpClient();
httpclient.getCredentialsProvider().setCredentials(new AuthScope(serviceAddress, servicePort), new UsernamePasswordCredentials(username, password));
HttpGet httpget = new HttpGet(serviceAddress+":"+servicePort+"/Game" + method); HttpResponse response;
try
{ response = httpclient.execute(httpget);
HttpEntity entity = response.getEntity();
if(entity != null)
{
InputStream instream = entity.getContent();
String result =
ServiceHelper.ConvertStreamToString(instream);
JSONObject json = new JSONObject(result);
JSONArray nameArray = json.names();
JSONArray valArray = json.toJSONArray(nameArray);
activityStatusResponse = new BaseResponse(valArray.getBoolean(0), valArray.getString(1));
instream.close();
}
}
catch(Exception e)
{
activityStatusResponse = new BaseResponse();
String sDummy = e.toString();
}
ServiceHost
try
{
var baseAddress = "http://" + System.Net.Dns.GetHostName() + ":8050/Game"; WebHttpBinding binding = new WebHttpBinding();
RESTServiceHost = new ServiceHost(typeof(GameRestServer), new Uri(baseAddress));
RESTServiceHost.Open();
Console.WriteLine("Started...");
}
catch (Exception ex)
{
string sDummy = ex.ToString();
Console.WriteLine("Error:" + ex.Message);
}
App.config
<bindings>
<webHttpBinding>
<binding name="DefaultBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="RESTFriendly2">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="RESTFriendly1">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="UserPWCheck, GameRestServer"/>
<serviceCertificate findValue="THENAME??" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="GameRestServer" behaviorConfiguration="RESTFriendly1">
<endpoint
behaviorConfiguration="RESTFriendly2"
bindingConfiguration="DefaultBinding"
binding="webHttpBinding"
contract="IGameRestServer">
</endpoint>
<endpoint
address="mex"
binding="mexHttpBinding"
contract="IGameRestServer" />
</service>
</services>
Ok, i've got a certificate file,and now? Do I really need to install this certificate? isn't it possible just to read it from the file? So no installation is required, just open Firewall port and go... (My dream)
If somebody perhaps knows a good example of such a scenario... Thanks Manu