Server Command Service SOAP Endpoint Support in 2022 R3+

0053X00000EAOb9QAH · February 5, 2025, 8:52pm

Which of the following SOAP endpoints are available in 2022 R3 and higher versions? I had thought that only one of the following was available based upon the XProtect release but I no longer believe that is the case. I am seeing that one or the other is working depending upon the instance of 2022 R3.

1. /ServerAPI/ServerCommandService.asmx

2. /ManagementServer/ServerCommandService.svc

Peter_Posselt_Vergmann · February 7, 2025, 6:58am

Both are still supported on all versions, but as is also stated here the .asmx one should be considered deprecated and will eventually be removed on future versions:

https://doc.developer.milestonesys.com/html/index.html?base=gettingstarted/intro_soap_protocols.html&tree=tree_3.html

0053X00000EAOb9QAH · February 7, 2025, 1:56pm

Thank you for the response. The linked document indicates that the /ServerAPI/ServerCommandService.asmx endpoint only supports Windows authentication and port 80. This is different from my experience in that I find that port 443 is supported. Can you confirm that TLS on port 443 is supported?

Also, we have many XProtect installations and the version differs across them. Can you provide what versions of XProtect support each endpoint? This information would help determine when /ServerAPI/ServerCommandService.asmx can be fully removed on our side.

Bo_Ellegard_Andersen · February 10, 2025, 11:10am

Yes, I can confirm, it is supported in all supported versions. It has truly been marked deprecated for a long time but has neither been removed nor changed.

0053X00000EAOb9QAH · February 10, 2025, 3:01pm

Could it be that the /ServerAPI/ServerCommandService.asmx endpoint has not been removed because it supports Windows authentication over TLS even though the documentation would disagree with this while /ManagementServer/ServerCommandService.svc does not? Thus leaving a gap.

Bo_Ellegard_Andersen · February 10, 2025, 3:28pm

I know that this is the one we should recommend.. /ManagementServer/ServerCommandServiceOAuth.svc

It was introduced in 2021R1, so this too will now support all supported versions.

0053X00000EAOb9QAH · February 10, 2025, 3:46pm

Should /ManagementServer/ServerCommandServiceOAuth.svc support Windows authentication over TLS?

Bo_Ellegard_Andersen · February 11, 2025, 8:43am

You should login on the IDP and use the token towards ServerCommandServiceOAuth. See the notes on OpenID Connect and OAuth2 here - https://doc.developer.milestonesys.com/html/index.html?base=gettingstarted/intro_soap_protocols.html&tree=tree_3.html

Bo_Ellegard_Andersen · February 11, 2025, 2:41pm

I asked an expert developer colleague, he said that my answer about using OAuth is the best possible answer. However he could explain the services and their differences like this:

ServerCommandService.svc har to end-points:

a wsHttpBinding
- uses message based security
- can only e consumed by .net WCF clients
- only windows authenticcation
a basicHttpBinding
- uses TLS
- can be consumed by non-wcf clients
- only basic authentication

ServerCommandService.asmx

old soap service
can be consumed by non-wcf clients
supports communication both with and without TLS
uses Windows authentication (authenticated by IIS)

ServerCommandServiceOAuth (preferred)

uses basicAuthentication
can be consumed by non-wcf clients
supports TLS
requires token from IDP