Was trying to access some ports on ours development website which someone mapped it to 6000.
Port 6000 is used for X11 protocol ( and 79 is used for finger).
Internet Explorer works fine but Google Chrome and Firefox don´t.
For Firefox exists one solution

Solution:Unblocking/allowing ports in Firefox

Launch Firefox

Go to the address bar and type about:config. Firefox will complain about some warranty just click ok or “I’ll be careful, i promise” button

You will see the list of configuration.
Anywhere inside the list of configurations, right click and say New –> String

In the string value, enter network.security.ports.banned.override then click OK

It will now ask you what port, say 6000 (in my case) or whatever port you need to have firefox access. Click OK.

And try again to the website you want to access. These settings should remain forever.

For Chrome, we’ve got some bad news, it is not possible to access certain ports.

See Chrome banned ports here: http://src.chromium.org/viewvc/chrome/trunk/src/net/base/net_util.cc
(look under the kRestrictedPorts directive.)

Original post from http://highsecurity.blogspot.com/2009/07/google-chrome-and-mozilla-firefox-non.html
(my post is a copy with a few changes only, all rigths for the author)

Sempre que estamos a falar de webservices surge uma questão.

E a segurança?

Como vou autenticar os utilizadores?

Â
 

Uma das formas de fazer isso é com Soap Headers.

Â
 

Vamos por passos.

1º Crie a seguinte classe( com o nome que quiser )

 

using System;

using System.Data;

using System.Configuration;

using System.Web;

using System.Web.Security;

using System.Web.UI;

using System.Web.UI.WebControls;

using System.Web.UI.WebControls.WebParts;

using System.Web.UI.HtmlControls;

using System.Web.Services.Protocols;

using System.Security.Cryptography;

 

///
<summary>

/// Summary description for AuthHeader

///
</summary>

public
class
AuthHeader:SoapHeader

{

   Â

        public
string Username;

public
string Password;

 

public
string decrypt(string data)

{

System.IO.MemoryStream msDecrypt = null;

CryptoStream csDecrypt = null;

System.IO.StreamReader srDecrypt = null;

 

System.Security.Cryptography.RijndaelManaged aesAlg = null;

 

string plaintext = null;

try

{

// Create a RijndaelManaged object

// with the specified key (IV parameter is obmitted because of ECB CipherMode).

aesAlg = new System.Security.Cryptography.RijndaelManaged();

aesAlg.Key = System.Text.Encoding.UTF8.GetBytes(“01030123012390129012901A”);

aesAlg.Mode = CipherMode.ECB;

// set PaddingMode.Zeros in order to use the same padding mode as in flash actionscript class

aesAlg.Padding = PaddingMode.Zeros;

 

// Create a decrytor to perform the stream transform.

ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);

 

// Create the streams used for decryption.

msDecrypt = new System.IO.MemoryStream(Convert.FromBase64String(data));

csDecrypt = new
CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read);

srDecrypt = new System.IO.StreamReader(csDecrypt);

 

// Read the decrypted bytes from the decrypting stream

// and place them in a string.

plaintext = srDecrypt.ReadToEnd();

return plaintext.Replace(“\0″, “”);

}

finally

{

// Clean things up.

// Close the streams.

if (srDecrypt != null)

srDecrypt.Close();

if (csDecrypt != null)

csDecrypt.Close();

if (msDecrypt != null)

msDecrypt.Close();

 

// Clear the RijndaelManaged object.

if (aesAlg != null)

aesAlg.Clear();

}

 

}

 

 

 

 

 

}

 

2º No seu webservice adicione as seguintes linhas

public
class
SeuWebsercice : System.Web.Services.WebService

{

public
AuthHeader Authentication;

….

E em cada método
adicionar

[SoapHeader("Authentication", Required = true)]

Exemplo:

[SoapHeader("Authentication", Required = true)]

[WebMethod]

public
bool xptoMethod()

{

 

 

//validateUser é apenas exemplo.. podera ser um login
if(!System.Web.Security.Membership.ValidateUser(Authentication.decrypt(Authentication.Username),

Authentication.decrypt(Authentication.Password)))

 

{

return
false;

}

 

NOTA: neste exemplo é necessário efectuar a validação em cada metodo, no entando o melhor (dependendo do que se pretende) será guardar em sessão se o user ta autenticado

 

No lado do cliente:

Criar a classe de encriptação

private
static
string Encrypt(string input)

{

 

System.Security.Cryptography.RijndaelManaged aesAlg = null;

 

// Create a RijndaelManaged object

// with the specified key (IV parameter is obmitted because of ECB CipherMode).

aesAlg = new System.Security.Cryptography.RijndaelManaged();

 

//IMPORTANTE: esta chave ter que ser a mesma

aesAlg.Key = System.Text.Encoding.UTF8.GetBytes(“01030123012390129012901A”);

aesAlg.Mode = CipherMode.ECB;

// set PaddingMode.Zeros in order to use the same padding mode as in flash actionscript class

aesAlg.Padding = PaddingMode.Zeros;

 

// Create a decrytor to perform the stream transform.

ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);

byte[] toEncrypt = System.Text.Encoding.UTF8.GetBytes(input);

System.IO.MemoryStream msEncrypt = new System.IO.MemoryStream();

CryptoStream csEncrypt = new
CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);

 

// toEncrypt = textConverter.GetBytes(input);

 

csEncrypt.Write(toEncrypt, 0, toEncrypt.Length);

csEncrypt.FlushFinalBlock();

 

// return msEncrypt.ToArray();

return
Convert.ToBase64String(msEncrypt.ToArray());

}

 

Na classe onde ira ser chamado o webservice:

static WebSync.Sync websync = new WebSync.Sync();

static WebSync.AuthHeader aut = new WebSync.AuthHeader();

aut.Username = Encrypt(config.AppSettings.Settings["username"].Value);

aut.Password = Encrypt(config.AppSettings.Settings["password"].Value);

websync.AuthHeaderValue = aut;

 

O resto ( a chamada ao metodo) não é preciso alterar nada..
ex: webSync.xpto();