Nice HTML5 demos with SAP stock quantity and customer data using ERPConnect

A couple of weeks ago I have implemeted two HTML5 demos in C# using ASP.NET MVC, Web API and jQuery. The demos are displaying SAP customer and stock quantity data. The SAP/.NET connectivity is handled by the ERPConnect library from Theobald Software. The primary goal was to show how easily you can integrate good looking visual effects with jQuery.

ImageImage

The customer demo (CIS) adds hidden table rows with a horizontal silder showing an order quantity diagram. The stock quantity demo (SIS) displays mutliple table rows once the user clicks on the top row. In addition it will add an extra row showing a chart.

YouTube video of the stock quantity demo
YouTube video of the customer information demo

jQuery / CSS libraries or tools used in demos:
– Bootstrap (twitter)
– jQuery.Shadow
– jqBarGraph
– pagePeel
– progressbutton.jQuery
– liteAccordion

The samples are part of the ERPConnect library. You can download a trail version from Theobald Software. ERPConnect is a lean .NET assembly that lets you develop robust SAP interfaces without a great degree of effort and most of all, without an elaborate infrastructure or any additional middleware.

ERPConnect

Advertisements

Fiddler and the 401 (Unauthorized) error with ASP.NET Web API using Integrated Windows Authentication (WIA)

A few days ago I had a real strange problem while using HttpClient in combination with ASP.NET Web API and integrated windows authentication (IIS Express). To keep it simple, I always got a 401 (Unauthorized) error returned from the localhost website, even though I was setting up the HttpClient correctly (see screenshots) and the HttpClient was sending the authorization header (negotiate).

In my code is was using the URI http://localhost.fiddler:51275/api/values to access the REST API. The .fiddler part in the URI allows Fiddler to monitor the HTTP traffic between the website and the console application. For more details about this setting take a look at Fiddler’s homepage: http://www.fiddler2.com/fiddler/help/hookup.asp.

After researching a while I found out, that exactly the .fiddler URI addition is part of the problem for the 401 error I always received. Microsoft changed the logic of the NTLM authentication for some of the security classes in .NET version 3.5 SP1 (see link below) in order to avoid relefection attacks. A reflection attack is a method of attacking a challenge-response authentication system. The HttpClient uses those changed classes internally to connect to the website.

So, the solution is quite simple. We just need to add the registry key BackConnectionHostNames (important: Multi-Value String) to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Lsa\MSV1_0 section in the registry with the value localhost.fiddler. A full explanation about the security concepts in WIA you will find at Microsoft’s site: Changes to NTLM authentication for HTTPWebRequest in Version 3.5 SP1

You can easily reproduce this error by creating a standard MVC4 web application with a Web API controller using windows authentication (see screenshot for settings). Then you add a console application to the project from which access the REST API (ValuesController).

401-Fiddler
401-Registry
401-VisualStudio2012-WIA
401-HttpClientSample