webservice call using MSXML2.HTTP

RE: webservice call using MSXML2.HTTP

Hi Patrick,

ServerXMLHTTP and XMLHTTP objects provide two types of calling mode:
asynchronous and synchronous. The mode is controlled by the third input
parameter to the open call; by default, it is synchronous mode. In
asynchronous mode, the MSXML parser fires an event when the readyState
property changes. You may check for the "ReadyState " property of the object
before destroying the object. For example:


=============== =============== ====

var XmlHttp;

XmlHttp = new ActiveXObject(" Msxml2.XMLHTTP" );

XmlHttp.onready statechange = doHttpReadyStat eChange;

XmlHttp.open("G ET", "http://localhost/sample.xml", true);

XmlHttp.send();

function doHttpReadyStat eChange()

{ if (XmlHttp.readyS tate == 4)

{ alert("Done");

}

}



Luke

Re: webservice call using MSXML2.HTTP

Rather than using MSXML.HTTP to make a WebService Call, I wonder if I could
use something like what is described at the following (in a VBScript ASP
Environment):



I had done it before in a DHTML/JavaScript client environment, but wonder if
there would be any issues if used in a server ASP/VBScript environment.



"[MSFT]" <lukezhan@onlin e.microsoft.com > wrote in message
news:kfetGGulEH A.2516@cpmsftng xa10.phx.gbl...[color=blue]
> Hi Patrick,
>
> ServerXMLHTTP and XMLHTTP objects provide two types of calling mode:
> asynchronous and synchronous. The mode is controlled by the third input
> parameter to the open call; by default, it is synchronous mode. In
> asynchronous mode, the MSXML parser fires an event when the readyState
> property changes. You may check for the "ReadyState " property of the[/color]
object[color=blue]
> before destroying the object. For example:
>
>
> =============== =============== ====
>
> var XmlHttp;
>
> XmlHttp = new ActiveXObject(" Msxml2.XMLHTTP" );
>
> XmlHttp.onready statechange = doHttpReadyStat eChange;
>
> XmlHttp.open("G ET", "http://localhost/sample.xml", true);
>
> XmlHttp.send();
>
> function doHttpReadyStat eChange()
>
> { if (XmlHttp.readyS tate == 4)
>
> { alert("Done");
>
> }
>
> }
>
>
>
> Luke
>[/color]

Re: webservice call using MSXML2.HTTP

It doesn't work!

I tried..., but how could I reference the document object from an ASP
*Server* environment?

<%@ Language = "VBScript" %>
<% Response.Buffer = True %>

<html>
<head>

<title>Web service test</title>

<body topmargin="3" leftmargin="3" marginheight="0 " marginwidth="0"
bgcolor="#FFFFF F"
link="#000066" vlink="#000000" alink="#0000FF" text="#000000">
<div id="divService " class="webservi ce"
style="behavior :url(webservice .htc)"></div>
test
<%
document.all("d ivService").use Service
"http://localhost/webservice/test.asmx","Hel loWorld"
%>
</body>
</html>

Calling a X.509 Auth web-service with MSXML2.HTTP from ASP Application

And also, is it possible to use X.509 Authentication with remote
web-services from an ASP application (NOT ASP.NET) application, using either
the MSXML2.HTTP or
webserivce div tag: useService, callService

If so, how could I do that?

With MSXML2.HTTP, just pass in
--------------------start of SOAP Msg with Security--------------------
Content-Type: text/xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<wsse:Securit y
xmlns:wsse="htt p://schemas.xmlsoap .org/ws/2002/12/secext">
<wsse:BinarySec urityToken
ValueType="wsse :X509v3"
EncodingType="w sse:Base64Binar y">
Ea4AHjbs1 ...
</wsse:BinarySecu rityToken>
</wsse:Security>
<soap:Envelop e xmlns:xsi="http ://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http ://www.w3.org/2001/XMLSchema"
xmlns:soap="htt p://schemas.xmlsoap .org/soap/envelope/">
<soap:Body>
<HelloWorldResp onse xmlns="http://tempuri.org/WebService/Service1">
<HelloWorldResu lt>string</HelloWorldResul t>
</HelloWorldRespo nse>
</soap:Body>
</soap:Envelope>
--------------------end of SOAP Msg with Security--------------------

instead of
--------------------start of SOAP Msg with NO Security--------------------
Content-Type: text/xml; charset=utf-8
Content-Length: length

<?xml version="1.0" encoding="utf-8"?>
<soap:Envelop e xmlns:xsi="http ://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http ://www.w3.org/2001/XMLSchema"
xmlns:soap="htt p://schemas.xmlsoap .org/soap/envelope/">
<soap:Body>
<HelloWorldResp onse xmlns="http://tempuri.org/WebService/Service1">
<HelloWorldResu lt>string</HelloWorldResul t>
</HelloWorldRespo nse>
</soap:Body>
</soap:Envelope>
--------------------end of SOAP Msg with NO Security--------------------

but with the web service div tag approach, no idea of how a X509 client cert
could be passed from the client to the webservice.

"Patrick" <patl@reply.new sgroup.msn.com> wrote in message
news:uAx%23TOzl EHA.2612@TK2MSF TNGP15.phx.gbl. ..[color=blue]
> It doesn't work!
>
> I tried..., but how could I reference the document object from an ASP
> *Server* environment?
>
> <%@ Language = "VBScript" %>
> <% Response.Buffer = True %>
>
> <html>
> <head>
>
> <title>Web service test</title>
>
> <body topmargin="3" leftmargin="3" marginheight="0 " marginwidth="0"
> bgcolor="#FFFFF F"
> link="#000066" vlink="#000000" alink="#0000FF" text="#000000">
> <div id="divService " class="webservi ce"
> style="behavior :url(webservice .htc)"></div>
> test
> <%
> document.all("d ivService").use Service
> "http://localhost/webservice/test.asmx","Hel loWorld"
> %>
> </body>
> </html>
>
>[/color]

Re: Calling a X.509 Auth web-service with MSXML2.HTTP from ASP Application

Also, if I were to use MSXML2.HTTP, how could I generate a SOAP request (as
opposed to an HTTP POST Request)?, or does it not matter, and I simply call
objXmlHttp.setR equestHeader and objXmlHttp.send with different arguments
where objXmlHttp=MSXM L2.ServerXMLHTT P


"Patrick" <patl@reply.new sgroup.msn.com> wrote in message
news:OVbkLc0lEH A.1008@tk2msftn gp13.phx.gbl...[color=blue]
> And also, is it possible to use X.509 Authentication with remote
> web-services from an ASP application (NOT ASP.NET) application, using[/color]
either[color=blue]
> the MSXML2.HTTP or
> webserivce div tag: useService, callService
>
> If so, how could I do that?
>
> With MSXML2.HTTP, just pass in
> --------------------start of SOAP Msg with Security--------------------
> Content-Type: text/xml; charset=utf-8
> Content-Length: length
>
> <?xml version="1.0" encoding="utf-8"?>
> <wsse:Securit y
> xmlns:wsse="htt p://schemas.xmlsoap .org/ws/2002/12/secext">
> <wsse:BinarySec urityToken
> ValueType="wsse :X509v3"
> EncodingType="w sse:Base64Binar y">
> Ea4AHjbs1 ...
> </wsse:BinarySecu rityToken>
> </wsse:Security>
> <soap:Envelop e xmlns:xsi="http ://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http ://www.w3.org/2001/XMLSchema"
> xmlns:soap="htt p://schemas.xmlsoap .org/soap/envelope/">
> <soap:Body>
> <HelloWorldResp onse xmlns="http://tempuri.org/WebService/Service1">
> <HelloWorldResu lt>string</HelloWorldResul t>
> </HelloWorldRespo nse>
> </soap:Body>
> </soap:Envelope>
> --------------------end of SOAP Msg with Security--------------------
>
> instead of
> --------------------start of SOAP Msg with NO Security--------------------
> Content-Type: text/xml; charset=utf-8
> Content-Length: length
>
> <?xml version="1.0" encoding="utf-8"?>
> <soap:Envelop e xmlns:xsi="http ://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http ://www.w3.org/2001/XMLSchema"
> xmlns:soap="htt p://schemas.xmlsoap .org/soap/envelope/">
> <soap:Body>
> <HelloWorldResp onse xmlns="http://tempuri.org/WebService/Service1">
> <HelloWorldResu lt>string</HelloWorldResul t>
> </HelloWorldRespo nse>
> </soap:Body>
> </soap:Envelope>
> --------------------end of SOAP Msg with NO Security--------------------
>
> but with the web service div tag approach, no idea of how a X509 client[/color]
cert[color=blue]
> could be passed from the client to the webservice.
>
> "Patrick" <patl@reply.new sgroup.msn.com> wrote in message
> news:uAx%23TOzl EHA.2612@TK2MSF TNGP15.phx.gbl. ..[color=green]
> > It doesn't work!
> >
> > I tried..., but how could I reference the document object from an ASP
> > *Server* environment?
> >
> > <%@ Language = "VBScript" %>
> > <% Response.Buffer = True %>
> >
> > <html>
> > <head>
> >
> > <title>Web service test</title>
> >
> > <body topmargin="3" leftmargin="3" marginheight="0 " marginwidth="0"
> > bgcolor="#FFFFF F"
> > link="#000066" vlink="#000000" alink="#0000FF" text="#000000">
> > <div id="divService " class="webservi ce"
> > style="behavior :url(webservice .htc)"></div>
> > test
> > <%
> > document.all("d ivService").use Service
> > "http://localhost/webservice/test.asmx","Hel loWorld"
> > %>
> > </body>
> > </html>
> >
> >[/color]
>
>[/color]

Re: webservice call using MSXML2.HTTP

Thanks Luke, but how could I get the web-service to invoke a
Callback-function, which could read in results returned from the
web-service? (NOTE, I want to invoke the webservice from a VBScript based
ASP Page).

I figured out I could use the following to call a web-service with callback
function even with JavaScript, by referencing a <div/> tag that references
webservice.htc (see
http://msdn.microsoft.com/archive/de...ce/default.asp)



unfortunately, I don't think I can (correct me if I am wrong) use this from
an ASP (Server side) application because:
- how could I reference a client side element (e.g. a <div> tag that
references webserivce.htc) from a server side ASP page?! (I can't even
reference document object from Server side code)!
- webservice.htc does not appear to support X.509 client certificate
authentication.


"[MSFT]" <lukezhan@onlin e.microsoft.com > wrote in message
news:kfetGGulEH A.2516@cpmsftng xa10.phx.gbl...[color=blue]
> Hi Patrick,
>
> ServerXMLHTTP and XMLHTTP objects provide two types of calling mode:
> asynchronous and synchronous. The mode is controlled by the third input
> parameter to the open call; by default, it is synchronous mode. In
> asynchronous mode, the MSXML parser fires an event when the readyState
> property changes. You may check for the "ReadyState " property of the[/color]
object[color=blue]
> before destroying the object. For example:
>
>
> =============== =============== ====
>
> var XmlHttp;
>
> XmlHttp = new ActiveXObject(" Msxml2.XMLHTTP" );
>
> XmlHttp.onready statechange = doHttpReadyStat eChange;
>
> XmlHttp.open("G ET", "http://localhost/sample.xml", true);
>
> XmlHttp.send();
>
> function doHttpReadyStat eChange()
>
> { if (XmlHttp.readyS tate == 4)
>
> { alert("Done");
>
> }
>
> }
>
>
>
> Luke
>[/color]

Re: Calling a X.509 Auth web-service with MSXML2.HTTP from ASP Application

Hi Patrick,

MSXML doesn't support X.509 certificates. And with MSXML2.HTTP request, we
need to compose the SOAP body manually. If your client application cannot
be .NET based, I suggest you may consider SOAP toolkit to call a web
service. For more information, you can refer to:



Luke

Re: webservice call using MSXML2.HTTP

Hi Patrick,

An HTC is an HTML file that contains script and a set of HTC-specific
elements that define the component. It provides a mechanism to implement
components in script as Dynamic HTML (DHTML) behaviors.It is a client
technology and cannot be used in server side script.

Additionally, Web service cannot call a client function. We have to
implement the call back with XMLHttp's event.

And, you may consider soap toolkit as I suggested in another message.

Luke

Re: Calling a X.509 Auth web-service with MSXML2.HTTP from ASP Application

I have downloaded the SOAP Toolkit 3.0. You said MSXML does not support
WS-Security's authentication using X.509 certificates.

Presumably, using SOAP Client dll, I would just have to set
objSoapClient.C onnectorPropert y.SSLClientCert ificateName and
objSoapClient.C onnectorPropert yUseSSL to use X.509 Authentication.

Am I right or not in thinking that to implement X.509 certificate
authentication with Web Services, the client simply need to send in
something like the following, and as such, coulding MSXML2.HTTP do the same
thing?
--------------Start of X.509 Client authentication? ???--------------
<wsse:Securit y
xmlns:wsse="htt p://schemas.xmlsoap .org/ws/2002/12/secext">
<wsse:BinarySec urityToken
ValueType="wsse :X509v3"
EncodingType="w sse:Base64Binar y">
Ea4AHjbs1 ...
</wsse:BinarySecu rityToken>
</wsse:Security>
--------------End of X.509 Client authentication? ???--------------

Additionally, the examples from the SOAP Toolkit 3.0 (some of which are at
http://msdn.microsoft.com/library/de...tml/xpsoap.asp)
seems to indicate calling webservice in a "Synchronou s" mode, as opposed to
an asynchronous mode with a Callback function? Could this be done with the
SOAP Client? If so, how?

"[MSFT]" <lukezhan@onlin e.microsoft.com > wrote in message
news:Ddof4AWmEH A.2516@cpmsftng xa10.phx.gbl...[color=blue]
> Hi Patrick,
>
> MSXML doesn't support X.509 certificates. And with MSXML2.HTTP request, we
> need to compose the SOAP body manually. If your client application cannot
> be .NET based, I suggest you may consider SOAP toolkit to call a web
> service. For more information, you can refer to:
>
> http://msdn.microsoft.com/webservices/building/soaptk/
>
> Luke
>[/color]

Re: Calling a X.509 Auth web-service with MSXML2.HTTP from ASP Application

Hi Patrick,

XMLHttp can send similar content but it cannot actually sign your soap
message. For more detail, you may refer to following article:

Defending Your XML Web Service against Hackers, Part I

/library/en-us/dnservice/html/service09052001 .asp

Web Services Security (WS-Security)

html/ws-security.asp

For fully support X.509 and asynchronous call, I would like suggest .NET
framework instead. The .NET component also can be called in ASP via interop
yet.

Luke

Re: Calling a X.509 Auth web-service with MSXML2.HTTP from ASP Application

What is wrong with using the SOAP Toolkit Version 3 (SOAPClient class) to
call a WS-Security based XML Web Service with X.509 client certificate
authentication? The toolkit support X.509 client authentication doesn't it?
(not sure if it supports function callback though?)

"[MSFT]" <lukezhan@onlin e.microsoft.com > wrote in message
news:V0slu3imEH A.2932@cpmsftng xa06.phx.gbl...[color=blue]
> Hi Patrick,
>
> XMLHttp can send similar content but it cannot actually sign your soap
> message. For more detail, you may refer to following article:
>
> Defending Your XML Web Service against Hackers, Part I
>[/color]
http://msdn.microsoft.com/security/s...ult.aspx?pull=[color=blue]
> /library/en-us/dnservice/html/service09052001 .asp
>
> Web Services Security (WS-Security)
>[/color]
http://msdn.microsoft.com/library/de...us/dnglobspec/[color=blue]
> html/ws-security.asp
>
> For fully support X.509 and asynchronous call, I would like suggest .NET
> framework instead. The .NET component also can be called in ASP via[/color]
interop[color=blue]
> yet.
>
> Luke
>[/color]

Re: Calling a X.509 Auth web-service with MSXML2.HTTP from ASP Application

I have concluded that I probably need to make the webservice call from
ASP.NET, do you mean The .NET component also can NOT be called in ASP via
interop yet?

What options are available for calling from ASP a web service via an ASP.NET
page or a .NET assembly? Any other ways other than making a HTTP(s) Post
from to an ASP.NET page?


"[MSFT]" <lukezhan@onlin e.microsoft.com > wrote in message
news:V0slu3imEH A.2932@cpmsftng xa06.phx.gbl...[color=blue]
> Hi Patrick,
>
> XMLHttp can send similar content but it cannot actually sign your soap
> message. For more detail, you may refer to following article:
>
> Defending Your XML Web Service against Hackers, Part I
>[/color]
http://msdn.microsoft.com/security/s...ult.aspx?pull=[color=blue]
> /library/en-us/dnservice/html/service09052001 .asp
>
> Web Services Security (WS-Security)
>[/color]
http://msdn.microsoft.com/library/de...us/dnglobspec/[color=blue]
> html/ws-security.asp
>
> For fully support X.509 and asynchronous call, I would like suggest .NET
> framework instead. The .NET component also can be called in ASP via[/color]
interop[color=blue]
> yet.
>
> Luke
>[/color]

Re: Calling a X.509 Auth web-service with MSXML2.HTTP from ASP Application

Cross poseting to microsoft.publi c.dotnet.framew ork.aspnet for options of
transferring details hold on the server-side from upon submission of an ASP
Page to an ASP.NET page to call a remote web service? In particular, I am
just wondering if I have say any text-boxes, text-areas, etc. for accepting
intput from the ASP Page (which could post to the ASP.NET using MSXML2.HTTP)
on the ASP.NET Page, would viewstate on the ASP.NET page refuses input from
native HTTP Post from the ASP Page?

"Patrick" <patl@reply.new sgroup.msn.com> wrote in message
news:exyKu$kmEH A.1904@TK2MSFTN GP09.phx.gbl...[color=blue]
> I have concluded that I probably need to make the webservice call from
> ASP.NET, do you mean The .NET component also can NOT be called in ASP via
> interop yet?
>
> What options are available for calling from ASP a web service via an[/color]
ASP.NET[color=blue]
> page or a .NET assembly? Any other ways other than making a HTTP(s) Post
> from to an ASP.NET page?
>
>
> "[MSFT]" <lukezhan@onlin e.microsoft.com > wrote in message
> news:V0slu3imEH A.2932@cpmsftng xa06.phx.gbl...[color=green]
> > Hi Patrick,
> >
> > XMLHttp can send similar content but it cannot actually sign your soap
> > message. For more detail, you may refer to following article:
> >
> > Defending Your XML Web Service against Hackers, Part I
> >[/color]
>[/color]
http://msdn.microsoft.com/security/s...ult.aspx?pull=[color=blue][color=green]
> > /library/en-us/dnservice/html/service09052001 .asp
> >
> > Web Services Security (WS-Security)
> >[/color]
>[/color]
http://msdn.microsoft.com/library/de...us/dnglobspec/[color=blue][color=green]
> > html/ws-security.asp
> >
> > For fully support X.509 and asynchronous call, I would like suggest .NET
> > framework instead. The .NET component also can be called in ASP via[/color]
> interop[color=green]
> > yet.
> >
> > Luke
> >[/color]
>
>[/color]

Re: Calling a X.509 Auth web-service with MSXML2.HTTP from ASP Application

Hi Patrick,

Soap toolkit support X.509 but it doesn't support asynchronous call
directly. For .NET solution, I think you have some options here:

1. Update your application completely to ASP.NET, fully rely on .NET
technology. From long term view, this may be a good solution.
2. Submit ASP page to a ASPX (ASP.NET) page. In the ASPX page, you can
access all values submited in the Form on the ASP page.
3. In ASP, call a .NET component with interop. You can create a .NET class
library and enable COM interop for it.

If there is any thing unclear, please feel free to let me know.

Luke