Developing oAUTH service in OpenEdge WebSpeed - oauth

I'm developing a new website which is going to include web API. What I want to know is how easy (or hard) is it to develop the server side oAUTH service into my new website?
I'm using OE11.0 WebSpeed in combination with Apache. Because I'be been doing Progress/OpenEdge 4GL/ABL development for over 10 years and nothing else I find very hard to translate existing code like, PHP, Python, Java etc.
I've read the RFC related to oAUTH and I find my self get lost in "key-varner".
Has anybody develop a oAUTH server side code in OpenEdge WebSpeed? If so, are you willing to share?

The CLR bridge works in OE 11 onwards now and we use .NET dll's in webspeed sucessfully.

I think your best bet is to do this outside of Webspeed / ABL, otherwise you are stuck re-inventing the wheel. The easiest solution would be to call a .NET library directly from your ABL code but I think that the CLR bridge doesn't work for Webspeed / Appserver apps.
One solution is to have a separate, non-Webspeed app just to handle these oAUTH requests, using a ProxyPass directive on your Apache server to pattern match the URIs and route the requests to the appropriate app.
You could use any non-Webspeed tech. you want, but since I know Ruby best, I will point out the excellent omniauth gem, which supports arbitrary authentication strategies, including oAUTH. You can create a custom gem for your specific provider by working off of any of these strategies (see the "Notes" section and look at any of them that cite "OAuth API" or "OAuth 2 API").
If you want to go whole hog and write the entire app in a different language (yet still using an OpenEdge database), I will toot my own horn and point out the Ruby adapter for OpenEdge databases. This would allow you to use the Ruby on Rails framework for your Web app.

Related

Best API Strategy for nopCommerce 3.x (MVC vs WebAPI vs ServiceStack)

We are trying to determine the best approach for adding a complex API layer to a modified version of nopCommerce. To back up a step, we're building out a custom site for a fashion/apparel manufacturer that has a lot of front-end application requirements and also needs to integrate with their cross platform apps (iOS, Android, Windows) which we're building with Xamarin. We've tentatively decided to start with nopCommerce as the base of our application to which we will add an API layer.
What we are unsure about is what is the best approach for implementing this in nopCommerce (or other similar .NET package)? The options we are considering are MVC vs WebAPI vs ServiceStack. We've been going thru many of the tutorials on PluralSight.com to get up to speed on app dev and API creation best practices, but there seem to be so many options, we're not sure where to start. We seem to be somewhat lost in a sea of implementation options for the API and how each is to be evaluated based on choice of the JS packages/frameworks used on the front-end for the web site and the tools chosen to create the apps.
If it matters, our basic requirements are:
Expand core of basic e-commerce package with some custom ERP style functionality
API layer that can work effectively with both a web front end (possibly as a SPA) and all cross platform apps built using Xamarin
Insure OAuth authentication across all interface types so we can just use social media logins consistently everywhere and can authenticate the user in any environment
Given this...
My question boils down to which of the three API methods (MVC vs WebAPI vs ServiceStack) is best for this?
In my humble opinion you should go with service stack, it´s easier to implement and a lot more flexible than web api, you can add/remove plugins for different functionalities you get a lot of infrastructure code OOB such as mechanisms to handle cache, loggers and other not just related to infrastructure such as validators and IOC container, etc.
you'll get a single mechanism for authentication including custom auth, oauth, oauth2, etc which works for linked in, facebook and google +, in that situation you´ll find yourself reusing a lot of code in across all your apps.
One other thing that I like about SS is that practically is just you and your IOC, nothig else, everything is quite simple to understand and to implement (there could be more than one hidden option or configuration you may miss in the documentation but you get a lot of support from the community in google groups or stackoverflow)
its easier to test (Unit testing) you already have abstractions for httprequest and httpresponse and a lot of more, you won´t find yourself doing wrappers for all the legacy web impl that are shipped with mvc.
SS is better than mvc web api in terms of performance, it got one of the fastest json serializers out there for .net
I´m working on a SPA app for the time beign and I have no regrets about my desition to get into the SS framework.
just my 2 cents.
I would say Web API is best option for the Services Layer
- http://www.asp.net/vnext/overview/aspnet-web-api
There are many advantages
- Web API has been in release cycle as separate component with latest features
- Security
- Versioning
- Attribute based routing
- OData integration

Soap based web services using ruby on rails framework

Is it possible to write soap based web services using ruby on rails framework. If yes, can someone please point to a learning resource
Yes, you can write SOAP web services using Rails, However Rails is moving in favour of a REST web service approach. So my personal opinion is if you are starting a brand new Rails app with SOAP web services, consider some other programming language like JAVA, because that has more tools to easily create SOAP web services.
But nowadays all the webservices going towards REST, because of the simplicity it has. Almost all major sites has a REST API.
Furthermore if you are still planning to go ahead with Rails, savon is an interesting gem that you should probably look at.

How to have iOS app communicate with database server?

I have a database on a database server. No web service in place to be consumed by a web application.
If I want my iOS app to communicate with a database server (send & receive data), I know I can create a web service and then call that service from my iOS app. But what web service is recommended for this? Should I just write a .asmx web service in .NET or should I go for MVC WEB API or may be go for WCF ?? I have spend hours doing research on this. Please help.
A lot will depend on where you expect the service to be hosted, and what technology stack(s) are supported by the host. If you are self-hosting, then do whatever works in the technologies you know and understand. If you want to use a host that targets its services to small-to-midsize independent development teams, many providers like Heroku support things like Rails services. PHP is always an option as well. Microsoft-based solutions and Java-based solutions tend to be more widely used in larger enterprises and data centers, and if that's where you'll host your service then these would also be good options. And of course I'm speaking in broad generalities here: For any general trends I might list here there are lots of exceptions where other approaches make sense.
If you'd rather let the decision be driven by what makes things easiest for your iOS code, I would recommend you start with server-side technologies that support REST-ful interfaces using JSON to represent your service's resources. REST-ful services are very easy to consume from iOS, and JSON-based representations of resources are very easy to parse and produce in Objective-C.
I am personally used this approach to set a direction for my app. For the service side, I am going with a Rails implementation of REST-ful web services. I'm a Java developer by profession, but for a small independent project the options for hosting Java services were more limiting than with Rails so I've picked up rails on the side to make my project work. So far it's suited my project quite well.

Retrieve NTLM Active Directory user data to Rails w/o IIS

I believe that we can allow Firefox to sent NTLM data to SharePoint sites to do automatic authentication, and I think that this is doable with IIS.
I'd like to do the same thing with an internal Rails site.
Does anyone know of way that I could authenticate NTLM type user information through a Apache/mongrel setup (provided of course that it's already running on a Windows box inside of an Active Directory domain)?
I created tutorial on how to install patched mod_ntlm module for Apache on Linux and how to pass NTLM authenticated username to Rails and how create Rails session from that. So as a result you do not need Windows server for running Rails application.
There you can find also how to enable automatic NTLM authentication in Firefox — enter "about:config" in location field and then search for "network.automatic-ntlm-auth.trusted-uris". There you can enter servers for which you would like to use automatic NTLM authentication.
Bit of extra info in case anyone stumbles across this.
I wanted to do something which I thought should be pretty simple - extract the users windows username using NTLM from a Rails app running on Mongrel/Windows (InstantRails actually). Having written the basic code manage the various handshaking operations (using the great NTLMRuby library at http://rubyforge.org/projects/rubyntlm/) and having got it to work wonderfully in Firefox I was somewhat frustrated to find IE not working.
Mongrel doesn't support keep-alives during the type1/2/3 message exchange (at least natively, I believe there's a hack/fix for it), which IE demands and Firefox gets by without.
So authenticating a Rails server running on Windows against a remote NTLM service (e.g. Sharepoint or another web site) is reasonably straight forward, but authenticating an IE browser against a Rails server running on Windows not so much with Mongrel. IIS would be an option, as might be basic Apache with FastCGI. The former feels a bit clunky and the latter won't be as fast as Mongrel.
I'm assuming you've already worked out which HTTP headers you need to send in order to get firefox and IE to send back the NTLM authentication stuff, and are just needing to handle that on the server side?
You could use some of ruby's win32 libraries to access the underlying windows authentication functions which handle the NTLM.
I'd suggest the path of least resistance might be to see if there is a COM component which can do the authentication for you, and if so, to use it using the Win32OLE ruby library.
If there's no COM component, you might be able to find something in one of those other libraries which can invoke the native win32 methods for you.
If you can't find that, you'd have to write a ruby C extension. I've done this on linux, and extending ruby is pretty easy, but you may find the microsoft authentication API's a bit painful.
Hope that gets you started on the right track :-)
You could also use the Apache ntlm module, which should pass a header onwards to your application with the username of the authenticated user. That module looks a bit old, but suggests some other modules that may suit your needs.
Old question I know but I came across this looking for a similar answer.
you could use the methods described here (http://blog.rayapps.com/2008/12/02/ntlm-windows-domain-authentication-for-rails-application/). However mod_ntlm is for windows authentication on a UNIX/linux machine. mod_auth_sspi is what you'll need for winNT authentication from apache under windows.
This particular project looks promising and is looking for contributors:
Rack middleware for transparent authentication with NTLM.
I haven't yet tried this out. For the moment I plan on implementing Raimonds' solution as it appears to have a lot of success.
Check out Waffle. It provides SSO on Windows to Java servers using Win32 API. There're a number of implemented filters (servlet, tomcat valve, spring-security).

Integrating Oulook/Exchange Tasks with Linux-based Rails

Is it possible to integrate MS Outlook/Exchange tasks with Rails? I know how to send emails with Rails, but that isn't using anything "special" about exchange, just pointing it at the server.
What is "special" about an Outlook Task and how I can I create/read/update/delete them from Rails. (Even a subset of CRUD would be great.)
PS. I am on a linux based rails system, so solutions that rely on a windows-only function won't work for me.
If you are running Exchange 2007 you should also look at Exchange web services to manipulate things.
I am in the process of building a MS Exchange client access library in Ruby that uses MS Exchange Web services. The code is GPL'd so have at it. Please let me know what kind of issues you have and what other features you'd like to see. It's pretty heavy in development at this point.
http://github.com/zenchild/Viewpoint
Cheers,
Dan Wanek
WebDAV might be the way to go, if you'd like to do it in Ruby. There is a ruby gem call rexchange that can do the trick. However, MSFT is phasing out WebDAV and replacing it with the Exchange Web Services, which is Zoredache suggested. Unfortunately, MSFT only provides API in C# (technically, it's SOAP stuff that is language-agnostic, some Java developers seem to sucessfully build some stuff using EWS, but I have yet known anyone has done this in Ruby.)
Assuming that the tasks are stored in Exchange, you should be able to access the tasks through WebDAV.

Resources