WebServer/WebService to replace FTP Server

[astahl]

I need to replace our ftp server with a https secure server.

Our clients IT people do not want any outside software installed
on their network machines, and they want an automated way to
upload mostly text and some binary files to us. They do not want
to open a webpage and attach a file. They want to write a script
to send it automatically. Clients upload and download data has to
be in separate UID and PWD protected folders.

I'm a bit confused with the terminology web server vs. web service.
So looking for some pointers on what I should use and how a client
could access programatically.

Thanks

Ashley
 

[Bruce]

Hi Ashley,

>> I need to replace our ftp server with a https secure server.

pretty easy to do.

>> Our clients IT people do not want any outside software installed on their network machines,

define "outside software" - are you allowed to write programs for them to run, or are they only going to use stuff already on their machines? Are they looking for you to write a client or do they have a client already? Or will they use some standard command-line client (like CURL?)

>> I'm a bit confused with the terminology web server vs. web service.

yes, this can be confusing. But they're sorta the same thing, and sorta different.

a web server is a program listening on a port that responds to incoming requests formatted with the HTTP or HTTPS protocols. So a web server = a HTTP server or a HTTPS server. Noting more or less - it understands incoming HTTP requests.

a web service has a much less of a clear definition. If the web service uses HTTP as the protocol of choice then a Web service is also a web server. (In almost all cases, all that matter anyway, this is the case.) So a web service is a web server - but specifically it's listening for "communication from other programs" as distinct from "communication from humans via a browser".
So it's a web server designed to serve other programs as well as (or perhaps instead of) humans.

A good analogy is a text file. You get text files designed for humans to read, and special text files, say a CSV file, designed for a program to read. You can still read a CSV file in any text editor, but the primary purpose of the file is for another program.

In the same way a Web Service is a web server designed to consume and create SOAP packets, formatted as XML, over HTTP.
(In general terms anyway - in fact you're not limited to SOAP or XML or even HTTP but in almost all cases this is true.)

Now in your case you don't really need to make a "web service" to send and receive files from a web server. Firstly serving files is what web servers do - so the simplest GET command will get a file just fine. And Web servers support the POST method of HTTP which in turn allows for file attachments. So you can upload and download files with "raw" HTTP, there's no need for SOAP or XML on top of that.

If you have to build the web client then that's very easy with netTalk and if that's the case let me know and I'll add some pointers for that.

cheers
Bruce




So looking for some pointers on what I should use and how a client
could access programatically.

[astahl]

Hi Bruce,

>>define "outside software"
The client(s) IT staff will not accept software written by us or anyone not approved as a outside vendor. This process of getting approved could take a year or longer(gov'ts or public traded companies). They will more then likely use something like CURL.

Bruce any suggestions/help would be appreciated. Let me add this question to the conversation. From my understanding is that NetTalk does not really need a website to communicate to the outside world. So question, I would like to have the server on our LAN which is behind a firewall, would I use our outside firewall IP address with a specfic port open for the server to talk back and forth to the outside world? 

Ashley

[Bruce]

>> The client(s) IT staff will not accept software written by us or anyone not approved as a outside vendor. This process of getting approved could take a year or longer(gov'ts or public traded companies). They will more then likely use something like CURL.

ok, so you just have to make the server bit.
That's pretty straight-forward.
Basically using a command line program, like CURL, you can do a GET or a POST.

A GET will fetch a file from your server - that's what the server does, nothing for you to do here.

A POST will upload a file to your server. (If you are using NT7 you will need a small amount of code to save the POST, or maybe just create a small form.)

>> From my understanding is that NetTalk does not really need a website to communicate to the outside world.

your definition of NetTalk is a bit broad here <g>. can you narrow down what you mean? which part of nettalk do you have in mind?

>>  I would like to have the server on our LAN which is behind a firewall, would I use our outside firewall IP address with a specfic port open for the server to talk back and forth to the outside world? 

yes, exactly. If the web server is inside your firewall, then you open a "route" (sometimes called a "pinhole") so that outsiders can burrow through to your server. and they use the IP address of your router, not the IP address of your server.

cheers
Bruce

[astahl]

Bruce,

the last answer about the router is what I meant for my second question which was to broad.

So if that all works I need a user name and password and a file to upload. Would they just call the form using CURL and fill the info needed for the post programattically?

Also I have to return 3 files back. I guess I would have to have another form in the same way for the GET, correct?

Ashley

[Bruce]

Hi Ashley,
>> So if that all works I need a user name and password and a file to upload. Would they just call the form using CURL and fill the info needed for the post programatically?

CURL is a command line utility for doing GET's and POST's to any web server. They would need to form the line to match your server (ie they would need the correct form name, field names and so on) but it's basically a command line web client. First step would be to make sure they're happy with this - it's not part of windows so they'd have to install it.
I'm not aware offhand of any command line WebClient in windows, so that may be a stumbling block all by itself.

But yes, whatever command-line tool they used, they would need to create the command, then call it. And they can do that in a program.

Also, of course, they could use IE - go to a page on your server, login with a username and password, and fetch the file by clicking on a Link you provide. Or upload files on a form you provide.


>> Also I have to return 3 files back. I guess I would have to have another form in the same way for the GET, correct?

no. The web (and hence the HTTP protocol) works on a Request/Response principle. the client asks - you respond. If they want
3 files, they will need to do 3 GET's. If you zip the files together on the server side (no, I don't have tools myself for zipping files together), then obviously they're only fetching 1 file - the zip file.

cheers
Bruce

[astahl]

Hi Bruce,

Thanks for all of your help! If I run across anything I do not understand I will ask...Ha your not getting away that easily.

Seriously, I will look at your examples and getter done.


Ashley

[astahl]

Hi Bruce,

In the LoginForm under the ValidateUpdate embed

  if p_web.GetValue('loc:hash') = p_web.GetSessionValue('loc:hash')

    ! login checking goes here. In this example a simple 'Demo / Demo" login will work. Your app will
    ! probably need a stronger test than that.
    CLEAR(CME:RECORD)
    CME:UserName = CLIP(Loc:Login)
    CME:Password = CLIP(Loc:Password)
    IF NOT Access:cmes.Fetch(CME:k_User) THEN
      p_web.ValidateLogin()                   ! this sets the session to "logged in"
      p_web.SetSessionValue('loc:hash',0)         ! clear the hash, so this login can't get "replayed".

      ! set the session level, and any other session variables based on the logged in user.
      p_web.SetSessionLevel(1)
      p_web.SetSessionValue('SYSID',clip(CME:cmerecnum))
      p_web.SetSessionValue('Folder',clip(CME:InDataFolderName))
      p_web.SetSessionValue('User',clip(CME:UserName))
      p_web.SetSessionValue(PWD',clip(CME:Password))
      p_web.SetSessionValue('Email',clip(CME:SendToEmail))
      p_web.SetSessionValue('SecLevel',clip(CME:Level))  !Set Security Level
      ! this next bit shows how the login & password can be stored in the browser
      ! so that it is "remembered" for next time
      if loc:remember = 1
        p_web.SetCookie('loc__login',loc:login,today()+30)       ! note the expiry date. It's good
        p_web.SetCookie('loc__password',loc:password,today()+30) ! form to make sure your cookies expire sometime.
      else
        ! don't remember, so clear cookies in browser.
        p_web.DeleteCookie('loc__login')
        p_web.DeleteCookie('loc__password')
      End
    Else
      loc:invalid = 'Loc:Login'
      p_web.SetValue('retry',p_web.site.LoginPage)
      loc:Alert = 'Login Failed. Try Again.'
      p_web.DeleteCookie('loc__login')
      p_web.DeleteCookie('loc__password')
    End
  Else
    p_web.DeleteCookie('loc__login')
    p_web.DeleteCookie('loc__password')
  End

I then have in the NetWebBrowse procedure under NetWebBrowse Settings/Security
     "User must be logged in" checked
     "Only Serve IF" this code p_web.GetSessionValue('SecLevel') = 5
But when I log in and then click on the browse menu to open it will not open, any suggestions?

[astahl]

Hi Bruce,

I have a single record configuration file, that I want to update but do not need a browse. So how would you handle a browseless edit form?

Ashley

[Bruce]

http://www.capesoft.com/docs/NetTalk7/NetTalkWebFAQ.htm#W4

Cheers
Bruce

[astahl]

Thanks Bruce. Would you check the code I sent on why when i login it seems not to be validating my info. I can put crap data in the username and password fields and it just returns without thowing an error.


Ashley

[Bruce]

Hi Ashley,

the solution is probably;

Go to the WebServer procedure
NetTalk Extension
to the Security tab
tick OFF "Delete Session on Logout".

For now the reasons behind this are not important for you - and turning this option off is recommended anyway.

cheers
Bruce

[astahl]

Hi Bruce,

That did it!! Thank you very much...i was struggling all weekend to get it to work thinking it was my code. What a relief.


Ashley