Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Need options for custom Windows web service that can receive requests from PHP on Linux

Posted on 2014-02-21
5
394 Views
Last Modified: 2016-02-26
I typically work on Windows development using Visual Studio and Microsoft Dynamics GP.

I have a client that would like to integrate their operational system (order taking and CC capture) with Dynamics GP.

However, their operational system is a custom web site that uses PHP on Linux.  My understanding is that PHP on Linux cannot call COM, so I'm now thinking that we will need to have a Windows web service that will accept requests from the PHP / Linux web site.

The Windows web service will initially only need to support two different calls from the Linux machine, but they may add a few more over time.  I'm thinking that the Windows web service will simply be a wrapper for the underlying Dynamics GP APIs that need to be called.

While I've done development to make calls to and integrate with an existing web services, I have not developed custom web services from scratch.  I can spell REST and SOAP, but that's about it.  

While I'm assuming it's not too hard to open Visual Studio and develop a basic web service to support the two or three integration calls we need, because this involves credit card data, the solution will need to have strong authentication and security between the Linux and Windows environments, preferably using a standards based implementation / protocols, etc.  And I'm concerned about possible compatibility issues between PHP on Linux and the Windows web service.

I'm basically looking for any initial guidance as to development tools, product offerings, approach, etc.
0
Comment
Question by:Steve Endow
  • 3
  • 2
5 Comments
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 500 total points
ID: 39877786
There isn't a compatibility problem when you use standard 'http' and 'https' protocols.  They are the same everywhere.  The simplest version is to create an 'aspx' page that receives POST form data over 'https'.  You can test it with a standard HTML form page and when it works the way you want, you can create a POST to it in PHP using the 'curl' functions in PHP.  That is a PHP implementation of the cURL program ( http://curl.haxx.se/ ).

http://us1.php.net/manual/en/book.curl.php
0
 
LVL 18

Author Comment

by:Steve Endow
ID: 39877829
Thanks.  So it sounds like it could fundamentally be pretty simple on the Windows side.

What about authentication?  I see some discussion of OAuth.

Since the communication will be between two internal corporate servers, some type of key would be okay vs. a password.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39877895
I don't know anything about OAuth.  I do know that payment gateways like Paypal and Authorize.Net use API and identity keys that are passed as part of the POST data.  If you are using 'https', I think that is just as secure as username and password.  Paypal is a pain because they turned it into a multi-step process to complete a transaction.  That's for the Express checkout for a shopping cart.  Makes it more difficult to break in to but you probably won't need that on an internal network.
0
 
LVL 18

Author Comment

by:Steve Endow
ID: 39878095
"If you are using 'https', I think that is just as secure as username and password."

Sorry, I completely disagree with that statement.  HTTPS has nothing to do with authentication.
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39878201
You're right, "HTTPS has nothing to do with authentication."  'https' is normally used on login pages to make it more difficult to steal the usernames and passwords from the network.

I was referring to using API keys in place of username and password.  They are effectively the same thing as long as they are unique for each account.  At least Paypal and Authorize.net think so.  And passing the keys in the POST data means you don't have to make a separate request to 'login'.  Your 'authentication' is sent with the data.

And you can take it a step further and only accept requests from a single IP address and/or referrer.

PS: On another question, I was reminded that you can also use a non-standard port to make it even less likely that someone else will connect to your 'web service'.  You would want to pick a port above 1024 and make sure it is not being used for something else on your network.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Bing mapping API from SQL Server 4 84
web services wcf 2 121
Dynamic compression in IIS 10/ IIS 7.5 4 124
Interview question Javascript, database 12 82
Online collaboration is quickly becoming embedded in the workplace, and its benefits are tangible. See what the current landscape looks like and what the future holds for collaboration tools and the future of work.
In order to have all security and back ups taken care of, WordPress users can sign up for services with WP Engine.
This tutorial will introduce the viewer to VisualVM for the Java platform application. This video explains an example program and covers the Overview, Monitor, and Heap Dump tabs.
This tutorial explains how to use the VisualVM tool for the Java platform application. This video goes into detail on the Threads, Sampler, and Profiler tabs.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question