webservice call using MSXML2.HTTP

[Patrick]

I am almost certain that I could use HTTP Post/Get to submit XML Web Service
call (over SSL as well, if using Version 3 of MSXML2) from an ASP
Application?

However, would I only be able to call web-service in a an asynchronous mode
(with a callback function)? If so, how?

 

[[MSFT]]

Hi Patrick,

ServerXMLHTTP and XMLHTTP objects provide two types of calling mode:
asynchronous and synchronous. The mode is controlled by the third input
parameter to the open call; by default, it is synchronous mode. In
asynchronous mode, the MSXML parser fires an event when the readyState
property changes. You may check for the "ReadyState" property of the object
before destroying the object. For example:


==================================

var XmlHttp;

XmlHttp = new ActiveXObject("Msxml2.XMLHTTP");

XmlHttp.onreadystatechange = doHttpReadyStateChange;

XmlHttp.open("GET", "http://localhost/sample.xml", true);

XmlHttp.send();

function doHttpReadyStateChange()

{ if (XmlHttp.readyState == 4)

{ alert("Done");

}

}



Luke

 

[Patrick]

Rather than using MSXML.HTTP to make a WebService Call, I wonder if I could
use something like what is described at the following (in a VBScript ASP
Environment):
http://msdn.microsoft.com/workshop/author/webservice/reference/methods/useservice.asp
http://msdn.microsoft.com/workshop/author/webservice/reference/methods/callservice.asp

I had done it before in a DHTML/JavaScript client environment, but wonder if
there would be any issues if used in a server ASP/VBScript environment.

 

[Patrick]

It doesn't work!

I tried..., but how could I reference the document object from an ASP
*Server* environment?

<%@ Language = "VBScript" %>
<% Response.Buffer = True %>

<html>
<head>

<title>Web service test</title>

<body topmargin="3" leftmargin="3" marginheight="0" marginwidth="0"
bgcolor="#FFFFFF"
link="#000066" vlink="#000000" alink="#0000FF" text="#000000">
<div id="divService" class="webservice"
style="behavior:url(webservice.htc)"></div>
test
<%
document.all("divService").useService
"http://localhost/webservice/test.asmx","HelloWorld"
%>
</body>
</html>

 

[Patrick]

And also, is it possible to use X.509 Authentication with remote
web-services from an ASP application (NOT ASP.NET) application, using either
the MSXML2.HTTP or
webserivce div tag: useService, callService

If so, how could I do that?

With MSXML2.HTTP, just pass in
--------------------start of SOAP Msg with Security--------------------
Content-Type: text/xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<wsse:Security
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:BinarySecurityToken
ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary">
Ea4AHjbs1 ...
</wsse:BinarySecurityToken>
</wsse:Security>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<HelloWorldResponse xmlns="http://tempuri.org/WebService/Service1">
<HelloWorldResult>string</HelloWorldResult>
</HelloWorldResponse>
</soap:Body>
</soap:Envelope>
--------------------end of SOAP Msg with Security--------------------

instead of
--------------------start of SOAP Msg with NO Security--------------------
Content-Type: text/xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<HelloWorldResponse xmlns="http://tempuri.org/WebService/Service1">
<HelloWorldResult>string</HelloWorldResult>
</HelloWorldResponse>
</soap:Body>
</soap:Envelope>
--------------------end of SOAP Msg with NO Security--------------------

but with the web service div tag approach, no idea of how a X509 client cert
could be passed from the client to the webservice.

 

[Patrick]

Also, if I were to use MSXML2.HTTP, how could I generate a SOAP request (as
opposed to an HTTP POST Request)?, or does it not matter, and I simply call
objXmlHttp.setRequestHeader and objXmlHttp.send with different arguments
where objXmlHttp=MSXML2.ServerXMLHTTP

 

[Patrick]

Thanks Luke, but how could I get the web-service to invoke a
Callback-function, which could read in results returned from the
web-service? (NOTE, I want to invoke the webservice from a VBScript based
ASP Page).

I figured out I could use the following to call a web-service with callback
function even with JavaScript, by referencing a <div/> tag that references
webservice.htc (see
http://msdn.microsoft.com/archive/d...rnet/behaviors/library/webservice/default.asp)
http://msdn.microsoft.com/workshop/author/webservice/reference/methods/useservice.asp
http://msdn.microsoft.com/workshop/author/webservice/reference/methods/callservice.asp

unfortunately, I don't think I can (correct me if I am wrong) use this from
an ASP (Server side) application because:
- how could I reference a client side element (e.g. a <div> tag that
references webserivce.htc) from a server side ASP page?! (I can't even
reference document object from Server side code)!
- webservice.htc does not appear to support X.509 client certificate
authentication.

 

[[MSFT]]

Hi Patrick,

MSXML doesn't support X.509 certificates. And with MSXML2.HTTP request, we
need to compose the SOAP body manually. If your client application cannot
be .NET based, I suggest you may consider SOAP toolkit to call a web
service. For more information, you can refer to:

http://msdn.microsoft.com/webservices/building/soaptk/

Luke

 

[[MSFT]]

Hi Patrick,

An HTC is an HTML file that contains script and a set of HTC-specific
elements that define the component. It provides a mechanism to implement
components in script as Dynamic HTML (DHTML) behaviors.It is a client
technology and cannot be used in server side script.

Additionally, Web service cannot call a client function. We have to
implement the call back with XMLHttp's event.

And, you may consider soap toolkit as I suggested in another message.

Luke

 

[Patrick]

I have downloaded the SOAP Toolkit 3.0. You said MSXML does not support
WS-Security's authentication using X.509 certificates.

Presumably, using SOAP Client dll, I would just have to set
objSoapClient.ConnectorProperty.SSLClientCertificateName and
objSoapClient.ConnectorPropertyUseSSL to use X.509 Authentication.

Am I right or not in thinking that to implement X.509 certificate
authentication with Web Services, the client simply need to send in
something like the following, and as such, coulding MSXML2.HTTP do the same
thing?
--------------Start of X.509 Client authentication????--------------
<wsse:Security
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:BinarySecurityToken
ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary">
Ea4AHjbs1 ...
</wsse:BinarySecurityToken>
</wsse:Security>
--------------End of X.509 Client authentication????--------------

Additionally, the examples from the SOAP Toolkit 3.0 (some of which are at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwxp/html/xpsoap.asp)
seems to indicate calling webservice in a "Synchronous" mode, as opposed to
an asynchronous mode with a Callback function? Could this be done with the
SOAP Client? If so, how?

 

[[MSFT]]

Hi Patrick,

XMLHttp can send similar content but it cannot actually sign your soap
message. For more detail, you may refer to following article:

Defending Your XML Web Service against Hackers, Part I
http://msdn.microsoft.com/security/securecode/webservices/default.aspx?pull=
/library/en-us/dnservice/html/service09052001.asp

Web Services Security (WS-Security)
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/
html/ws-security.asp

For fully support X.509 and asynchronous call, I would like suggest .NET
framework instead. The .NET component also can be called in ASP via interop
yet.

Luke

 

[Patrick]

What is wrong with using the SOAP Toolkit Version 3 (SOAPClient class) to
call a WS-Security based XML Web Service with X.509 client certificate
authentication? The toolkit support X.509 client authentication doesn't it?
(not sure if it supports function callback though?)

 

[Patrick]

I have concluded that I probably need to make the webservice call from
ASP.NET, do you mean The .NET component also can NOT be called in ASP via
interop yet?

What options are available for calling from ASP a web service via an ASP.NET
page or a .NET assembly? Any other ways other than making a HTTP(s) Post
from to an ASP.NET page?

 

[Patrick]

Cross poseting to microsoft.public.dotnet.framework.aspnet for options of
transferring details hold on the server-side from upon submission of an ASP
Page to an ASP.NET page to call a remote web service? In particular, I am
just wondering if I have say any text-boxes, text-areas, etc. for accepting
intput from the ASP Page (which could post to the ASP.NET using MSXML2.HTTP)
on the ASP.NET Page, would viewstate on the ASP.NET page refuses input from
native HTTP Post from the ASP Page?

 

[[MSFT]]

Hi Patrick,

Soap toolkit support X.509 but it doesn't support asynchronous call
directly. For .NET solution, I think you have some options here:

1. Update your application completely to ASP.NET, fully rely on .NET
technology. From long term view, this may be a good solution.
2. Submit ASP page to a ASPX (ASP.NET) page. In the ASPX page, you can
access all values submited in the Form on the ASP page.
3. In ASP, call a .NET component with interop. You can create a .NET class
library and enable COM interop for it.

If there is any thing unclear, please feel free to let me know.

Luke

 

[Patrick]

I suppose using the Interop approach to get ASP page to call a .NET Class
(via interop) to make the web-service call (as indicated at
http://support.microsoft.com/default.aspx?scid=kb;EN-US;817248#6 is going to
be a bit "better" than posting from the ASP Page on the server side using
XMLHTTP to an ASP.NET page, isn't it?

(Please also refer to the reponse I have from Steven Cheng [MSFT] at
entitled "Re: Calling a X.509
Auth web-service with MSXML2.HTTP from ASP Application" dated 15 Sep 2004
02:32:39 GMT in regards to the ViewState issue when posting from ASP to
ASP.NET on a serverside, in order to get the ASP.NET page to make a
web-service call).

There shouldn't be any issues with calling a web-service from a .NET Class
library (as opposed to an ASP.NET or Forms application), should it?

(Please forgive me for cross-posting, as I thought this subject spans
multiple technologies and may be of interest to people as well in these
newsgroups)

 

[[MSFT]]

Hi Patrick,

I think it should be a better solution to call a class library via interop.
It will be same to call a web service in a class library project or in an
ASP.NET project. If you encounter any issues when you implement this,
please feel free to post here.

Luke

 

[[MSFT]]

Hello Patrick,

Do you have further questions on this issue? If so, please feel free to let
me know.

Luke