In my previous post where i discussed webservices i forgot to mention something very very important! Calling webservices by “PROXY”!
Ultimately the application we are building consists of a rendered HTML page sitting on the client’s end which contains SilverLight controls, standard HTML controls and Ajax controls. The rendered page came from web server “X”, which can be considered the domain of the website the page came from eg. in my “iTunes sample” wireframe the server “X” is www.ripthispage.com . The diagram below shows this :
Now when the iTunes application (from the client side web page) needs to communicate with a webservice we have the following options available to us:
i ) from the clients end make a direct call to the third party webservice. This is considered a “Cross-Domain” call.
ii ) from the clients end make a call to the same domain webserver (to an exposed webservice in light red below) then proxy a call to the third party webservice. This is considered a “Proxied” call.
The diagram below hopefully explains both options better
My previous post used “proxied” calls because that is the most flexible method acceptable from a security perspective. SilverLight and Ajax.asp.net have issues with “cross domain” calls. That is “cross domain” calls have been locked down by browsers due to abuse by hackers in the past. So the safest bet to ensure that your application works across the latest browsers is to use “proxied” webservice calls (ii).
Anyway this was my interpretation of webservice methods and im sure that there are other methods out there, feel free to send comments to me and i’m more than happy to correct mistakes and/or add extra useful information if requested.