Values list and filtering out disabled items in webservice/API
We have Archer (I think version 5.5 now ) and we are encountering a strange problem.
There is an external website ( ASP.NET webforms) that uses Archer Value lists in dropdowns. Items in Value lists are pulled through SOAP/XML/asmx web service and the values are used on the external website to populate dropdowns . Everything works fine until moment when one of the items in Value list is marked as disabled in Archer. The disabled items is correctly hidden in Archer but for some reason it is still served via SOAP/XML/asmx web service (and therefore still shows up in dropdown on external website). Unfortunately XML that is returned via webservice (SOAP/XML/asmx) doesn't offer any extra data by which we could filter out disabled items
We tried to use REST/JSON based API that offered extra data [IsActive] by which we could filter out disabled items but we ran into different problem. The folder with services are using Windows Authentication and we are not able to make it work it. We are able to pass in credentials to SOAP/XML/asmx webservice and it works fine but for some reason REST/JSON doesn't work when Windows Authentication is set to true.
Would any of you know if
1. there is a way to modify/configure SOAP/XML/asmx webservice so it either doesn't serve disabled Archer Value list items
OR if there is a way so it adds extra info about items being disabled (so we can filter by it in external app)?
2. This post is not really about it but would any of you know what we do incorrectly that our REST/JSON service doesn't work when the folder has Windows Authentication set to true? What to check, where to look?
Thank you very much for any help!
- Community Thread
- Forum Thread
- RSA Archer
- RSA Archer Suite
It is my understanding that the REST API folder needs to be set to anonymous auth to work. Reason for this is that the first request you make to the REST API is for a session token, thereby authenticating yourself to the platform, and then this token is present in the header of every subsequent request to continue authenticating you. By this method, the security on the API folder can by anonymous, but auth is still being enforced to the platform.
If you can't make this folder anonymous auth, then the next step that I would take is in your custom webform, after you use SOAP to return the values list values, make a secondary SQL call to your database to retrieve the is_active column for the values the SOAP call returned, by querying against tblSelectValue.
Thanks a lot Scott! I really appreciate your answer!
We were able to make it work with SOAP/XML/asmx web services but for some reason it doesn't work with REST/JSON API.
Originally SOAP/XML/asmx web services worked also only when folder was set to allow anonymous but we were able to solve it by adding these 2 lines of code below (2 last highlighted lines) and then it works even when the folderis set to use Windows Authentication
HttpWebRequest req = (HttpWebRequest)WebRequest.Create(serverURL + "/ws/general.asmx");
req.ContentType = "text/xml;charset=\"utf-8\"";
req.Accept = "text/xml";
req.Method = "POST";
req.PreAuthenticate = true;
req.Credentials = CredentialCache.DefaultCredentials;
But it doesn't work for REST/JSON.
When you mention to use SQL call to table do you mean it from the external ASP.NET app or from within Archer and then expose it to external app?
Also would you know why the disabled items are still showing up in SOAP/XML/asmx webs service?
Thanks a lot!
Right, as I said I wouldn't expect it to work with the REST API. This API requires a valid session token in order to work, so there shouldn't be any harm/risk in setting the folder that contains the API to anonymous auth, as any call to the API has to contain a session token or be the request to get a session. You are trying to introduce double authentication.
As for the SQL call, that's exactly what I mean. I have built multiple, custom ASP .NET forms that are hosted on systems entirely separate from Archer, but within these forms, in the C# code, I generate SQL Connections and calls to the Archer Instance database to retrieve it's information.
The disabled items are showing up because while they may be disabled, they are still items in the list. I would hope that some combination of API calls (either WSAPI or REST API or both) would be able to tell you the value's status. If they cannot, this is where I would turn to a direct SQL call to the DB to pull the information.