At ClicData we love Fiddler… For those that don’t know Fiddler is a windows application that allows you to see what’s going on between your browser and the server. Think of it as the app that keeps an eye on everything that your computer sends and receives to the internet.
Fiddler is one of the few tools that does this job very well and when debugging web services, web sites, security issues, and all types of http and https communication, it offers tremendous power and flexibility.
Nicolas already blogged about ways to debug WCF Services with it in this blog. Today I would like to let you know about one feature that is quite cool.
When using secured web services like we do at ClicData sometimes we need to send “hidden” tokens in the header. So testing the web service using a browser becomes quite difficult since we typically get Access Denied (401) or a validation error.
So with Fliddler you can just access Composer and type your URL and using GET/POST, etc… build your header:
So for example, if we wanted to ensure that the web service returned JSON data as opposed to the default (in our case XML) we could add this “accept: application/json” to the Request Headers text area.
However, my issue was that I wanted to use Microsoft Excel to connect directly to the web service. As it turns out we are currently working on supporting OData so you can connect to your data directly with Excel but our security was not letting Excel connect to it.
So after consulting this entry in Fiddler’s web site it was fairly easy to modify Fiddler to automatically add a header regardless of the application that calls it. In our case we wanted to add oSession.oRequest[“AuthorizationKey”] = “xxxxxxx-xxxxx-xxxxxxxxx-xxxxxx”; to each request.
Access Fiddler’s Rules –> Customize Rules menu
Write a little script to add a header to each request before sending
If you are using Windows Azure, a similar technique is used in this blog post to access storage data using Excel.