WebService for GBPVR

[jtalvio]

First of all, thanks for a great piece of software. I've struggled with VDR and MVP until I finally found GBPVR.

I think there has been some kind of discussion on webservices -as in SOAP and XML- before, but nobody really got interested in it(?). I think having a webservice interface offering similar functionalities than the -very nice- web admin would be great.

What I am aiming for is enabling developers to implement language independent client apps for controlling GBPVR. Mainly I am interested in client apps for mobile devices, such as smart phones which quite widely support J2ME -and webservices.

Smart phones commonly have browsers in them, but using those really suck. I don't know if I am the only one but to me a client running in my Series 60 phone for controlling GBPVR would really be a killer application.

I havent' done sw with C# before but am looking into it. I'd appreciate any comments regarding to this idea and of course some pointers how to get started. Also if anyone thinks there's a better away for approaching this that'd be nice to hear too.

br,
-jTalvio

[sub]

It should be reasonably easy for you to do. The web admin code can be used as an example of how to use the API to do this stuff, and then you just need to create yourself a set of webservice wrappers.

[jtalvio]

Yep, it looks like so to me too. I might need some pointers on how to deploy the webservice in to the GBPVR web server though. I'll be back with some questions if I run into problems.

thanks,
-jTalvio

[KingArgyle]

I had thought about doing something similiar a long time ago, but there wasn't much interest. Personally, I'd prefer a REST implementation over a SOAP/WSDL implementation, but again that's just my preference.

[jtalvio]

It looks like doing atleast the basic stuff -like getting the channel list and programs- is really easy to do with C#. I use the web admin as a basis and Visual Studio pretty much does everything else (builds WSDLs, etc). Nice.

How do you think I should go with the authentication? Should I add a authentication token to every function or is there a better way to do it? I thought something like adding MD5(salt+credentials+timestamp) and timestamp to the call parameters, how does that sound?

BTW, how do I disable current form based authentication for webservice files (which I'm planning to put in a 'webservice' folder under 'web' folder)?

[KingArgyle]

Personally, I wouldn't include authentication for GBPVR web services. Mainly because I think it adds an extra layer of complication that doesn't need to be there.

If however, you want to add authentication, here is an article that describes the basics.

http://www.codeproject.com/cs/webser...entication.asp

Code project has several different articles with sample code that explains various aspects of SOAP webservices with .Net.

[jtalvio]

I agree that the interface should be as simple as possible. I think I still want to add authentication just to prevent people scheduling recordings for me. ;-)

I had a similar approach in mind that is described in the link you sent. A function based authentication should keep it fairly simple.

I'll send the function signatures here for commenting once I have something to show.

[jtalvio]

I now have some basic stuff working. Probably not the optimal solutions but atleast I am getting something working. Currently following SOAP functions have some kind of working implementations:
public string authenticate(string hash, string GUID);
public ChannelWrapper[] getChannels(string token);
public ProgrammeWrapper[] getProgramList(int channelOID, DateTime startTime, DateTime endTime, string token)

What I still need is:
public ScheduleRecordingWrapper getSchedule(int recoid, string token);
public int updateRecording(...);
public int createRecording(...);

And those shouldn't be much work either. I can shortly start to implement a simple J2ME client. I've currently tested the functions with browser and Flash and they seem to work ok.

Authentication is now done so that the client needs to give MD5(GUID/salt+login+password) and gets a token including timestamp and other stuff which can be later used to validate a token. Same password and login are used as in web admin. Token needs to be given with all function calls. I think a single token could be valid from a few minutes to an hour or so. Haven't really done any checking to it yet.

Wrapper classes are -as you could probably guess- just wrappers for related info. Makes SOAP implementations easier. I decided to fetch the programs one channel at a time because of the idea I have for the client. Let's see how it ends up being and change that if necessary.

Figured out how to disable that Form authentication. Comments are welcome.

[normanr]

To disable the forms auth: create a webservice folder, and copy the web.config from public to webservice

I would rather see session based authentication - i.e. call the authenticate method once, which will set a session based variable to let the other calls know the user is allowed. You have to mark the webservice as having session data in the WebService attribute. This way you don't need to pass the token around, but you do need a client that supports cookies. (in .net just add a cookiejar to the soap proxy object)

If you want to keep going with the token based approach, I would rather see the token always passed as the first parameter. A good reson to stick with the token method: change the token to 'ref string token' - and make the webservice update it during each call. Keep a request counter in the token - this way you can reduce reply attacks by keeping track of which request number is expected, and cancel the call if the token is duplicated.

[tsandstr]

jTalvio: Your idea sounds great! Webservices is just the way to go and the J2ME app sounds very interesting indeed. Let us know when you have something working. Is there already perhaps a plugin available?