I'm looking for a little top/level guidance. I don't expect a solution to the problems at hand. My goal is to create a native mobile application (not web) for iOS and Android. I want the content to be served from an in-house Microsoft Server, not a cloud based service like Azure. The mobile clients need to be able to login and make authorized read and write requests to the server. I figure I will return data as plain text and/or JSON. I'm debating using SQL Server or a NoSQL solution. I am also considering using something like ElasticSearch if I can't get speedy text searching working. The Microsoft topic has been somewhat confusing because I have never developed a Microsoft Web Application and most of the resources seem to assume a web based application or Azure hosting. So I was hoping for a little assurance I'm on the right track and hoping for a point in the direction to some resources that will help me on my way.
Microsoft Server. Not sure if I should be looking into ASP.NET MVC or ASP.NET WEB API, or something else entirely. If I use these frameworks, I can perform other async tasks on the machine right? For example, making additional calls to other web services to process requests.
Login: SSL for all connections. User sends username/password and system authentication. Server sends back token. With every request, client sends back token and server verifies token before processing request. Is this valid as long on a HTTPS connection? Just store the tokens in the server database and verify?
This application is not going to generate profit so an MBAAS is not really an option. It also is expected to handle roughly 2000 users and may need to scale to 10,000. Traffic would likely be concentrated as well. I know this is super broad, I just want a little direction to resources and big picture regarding Microsoft in this context.
If you're building an app that will communicate with a server, you probably want a Windows Service (SOAP) or a Web Service (REST) that it can communicate with.
You don't need ASP.NET MVC or WebAPI unless you're planning on creating a website (ASP.NET MVC) and communicating from said website using HTTP requests from the client side (WebAPI).
A Microsoft server hosting a Windows Service or Web Service should be fine. Yes, you can perform other requests from the server, even if you're hosting websites, a web service or Windows service on the same machine. Each HTTP request is a separate request that will be processed independently of one another.
Yes, you can secure the communications of between your web service and application quite easily using HTTPS/SSL. I'm not sure about just sending an identifier back and forth and that's it, this probably wouldn't be that secure. Maybe you can employ oAuth or a method that already exists. I believe that if you're creating you're own security system that you're probably doing it wrong - Leave it to people that specialise in those things.
Related
I am new to Android and taking the risk of doing a final year project of building an Android app. I would like to know whether I can create Client-server architecture application in Android. I'd like the front end to be the mobile app. Also, where do you store data (I don't know where to store data exactly) at back end.
Use Restful web Services with json(Ex: WCF in the backend with Sql Server)
For Mobile App, These are useful tutorials http://developer.android.com/training/index.html,
http://www.vogella.com/tutorials/android.html.
Very many, if not most, existing Android apps retrieve data over the Internet and display it (e.g. the StackExchange, Yelp, or Facebook apps). They are clients requesting data from servers and therefore fit into the definition of being “client/server”. I'm hard-pressed to think of an app on my phone that isn't a client to some kind of web service.
If, as your question suggests, you are using HTTP for client/server communication, there is no reason why the client platform (Android) should have any impact whatsoever on the server-side implementation. In the wild, Android clients are served by servers implemented with every conceivable combination of OS, language, and database. Therefore “where do you store data?” is an unanswerable question, as the answer depends entirely on implementation choices that you make on the server side.
I am new to mobile applications. I am basically from a web development platform. I am just playing around mobile frameworks like App Framework, LungoJS, Jquery Mobile, kendo etc to gain some knowledge in this vertical.
The app I am developing is still in UI level. All I need is to fetch data from the server and populate in my app.
I need some ideas to establish server communication between the smart device and the server. My questions are
What kind of server needed for mobile applications ? A cloud or a
regular web server is enough ?
What are the ways to connect the app with the server ? ( on cross
platform mobile development )
What is the secure way to communication with the server ?
What kind of server needed for mobile applications ? A cloud or a regular web server is enough ?
Because you are creating a hybrid mobile application you can use any type of server side technology, it doesn't matter is it a classic web server technology (using Java, PHP or .NET) or some kind of cloud technology like Parse.com.
You also don't need to create anything from scratch. Best course of action would be to use some kind of micro RESTFul framework(like PHP Falcon or Java Play Framework). Read more about them here.
But, there's always a but. You can't use server side technology for classic content generation, you only need to use it to send data to your hybrid application. I will explain this later.
There's also an alternative to RESTFul services, you can create a webservice, again using Java, PHP or .NET.
What are the ways to connect the app with the server ? ( on cross platform mobile development )
You would use AJAX as a technology (in case of RESTFul), rest depends on you. You would probably do it in JSON format (or JSONP if you are doing cross-domain calls, but you don't need to think about JSONP when creating a hybrid application).
If you intend to use a web service then you would use a SOAP connection and communicate via XML format.
No matter which server side technology you use you will always use AJAX on a client side.
Now let me tell you why you should not generate your content on server side. Basically nothing can prevent you from doing that, you can generate your complete page on web server and just show it in PhoneGap app, it would still be a hybrid app. But, if you try to put this app in Apple store you will get yourself rejected.
What is the secure way to communication with the server ?
Security of course depends on server side technology. Every framework has its own kind of security handling, but all of them relay on HTTPS so you should not worry too much.
From the client side you can always encrypt JSON/XML data and send them using POST.
Examples:
If you want to use jQuery Mobile then take a look at this tutorial. It will show you basics of client - server side communication.
Since you are new to mobile application, ill try to give short answers
1) What kind of server needed for mobile applications ? A cloud or a regular web server is enough ?
A regular web server is good.
2) What are the ways to connect the app with the server ?
via web-services
3) What is the secure way to communication with the server ?
Use HTTPS webservices (SOAP, REST), HTTPS secures the transmission.
Above is a basic explanation for your quick help, I would recommend you to go through the documentation, and review some sample codes
This will really help you Sample
Please go through this link it will surely help you
http://www.androidhive.info/2012/01/android-login-and-registration-with-php-mysql-and-sqlite/
Webserver,cloud anything is good for restful service
for security purpose you can use POST parameter to send and recieve data or if you want more security then you can encrypt and decrypt data through secure algorithm
I am building an android app which consumes a soap web service that I have hosted on my server. I will have client apps for other mobile OS also in the near future. There are a few concerns with the web service security which I have posted below.
How to secure the username/password used for wsse authentication on the mobile device app ? I do not want to use something specific to android as I may have apps out for iPhone/Blackberry in the near future
If someone de-compiles the apk file and get the wsdl url, how to prevent the DOS - denial of service attacks ?
is HTPPS really worth it ? if a hacker gets the wsdl url from the app, he can trigger faulty requests which can end up in DOS.
Does using oAuth with REST have an advantage over SOAP with wsse ?
I feel that if the hacker ultimately gets the wsdl url, he can trigger hundreds of faulty unauthenticated requests itself which can overload my server.Please help me in figuring out the best solution for my scenario.
I intend to write a multi platform smartphone app (currently only I-phone and android).
Which has to send and recieve information from a web server I intend to create.
The web server will do all the algorithms, and handles also DB connection.
My question, is how is this best accomplished, which kind of web-server technology fit best the scenario, and supports connections from various devices.
Basically, I thought about implementing a simple TCP/IP protocol, making the app (on the phone) the client, and server on the web on the other side. however, I want to deploy the application to an application server (maybe google app, JBOSS, etc.) and I don't want to be stopped by various firewalls.
does anyone has an idea ?
edit: few things are certain, the application server will be written in java, and db will be mysql.
This is a very broad question and any suggestion about which backend technology to use will depend on your language preferences, your other requirements, etc.
For starters, I'd suggest JSON over HTTP as a transport mechanism: it's easy to parse on both client and server-side, and it's directly usable in Javascript should the need arise. XML is another choice, but it can be annoying to parse.
JSON-over-HTTP (or XML) will be completely device agnostic and won't have the firewall/proxy problems you'll run into trying to do a custom-implemented TCP-based protocol.
For the backend, may folks use MySQL or Postgres for their database, and connect to it from Java, C#, Ruby, PHP, or other server-side languages. Use what you're comfortable with or what you want to learn next.
Why not write the server-side as a regular web application - in whatever technology you like (php, asp.net, java)? This way you can deploy the app on any web server and your client apps on the phones would simply establish a connection to an HTTP server. Normally, firewalls would not be a problem in such situation.
I have used this setup for my apps (both android and iphone) - connecting to a web server app written in php with postgres back-end.
I am trying to develop a system that involves a:
server with a database that will handle the system's logic and manipulate data
an android app that will interact with that server (pull and push data into the server)
a website that will do the same as the android app, but from a website with slightly different data.
What I thought of is to use SQLite with Apache Tomcat installed on the server and deploy a Grails war file on it. That will take care of the 'website' side of the system. But what about the android app? Can it communicate with Tomcat as well?
Tomcat will suit your needs. I would look at hosting options though. Are you hosting your own server, or do you have a hosting provider? Do you have experience hosting a tomcat server etc. Do you have experience with java web applications, or other web frameworks? All of the above, and probably more should lead you to your decision on what type of framework/language to use on the server. This in turn will lead you to your options for hosting, and web-container to use.
Once that is determined all major web frameworks will allow you to publish web-services Rest, Soap, etc. that can be consumed by an android application.
Also, if you are planning on providing a web interface and service at the server level, my guess is you are going to be storing a fair amount of data, I would look into a more robust and scalable database such as mysql or postgres. This post contains some insights into this.
If you have an API that is web accessible, an Android can access it.
Android shouldn't have any problems communicating with Tomcat.
Look at http://grails.org/doc/latest/guide/13.%20Web%20Services.html for more information.
A RESTful web service is most likely what you'll need. Android can consume SOAP web services but it requires more work for less overall functionality.