In my blazor web assembly project, I have to connect to a Web API that doesn't implement OIDC.
I read on the aspnetcore github thet they made the choice to implement only OIDC connections...
I think I have to write a custom implementation of RemoteAuthenticationService and add it via the builder.Services.AddRemoteAuthentication method, but can't understand how to do this.
Reading the current implementation of RemoteAuthenticationService doesn't help.
The only thing I have to do to connect the Web API is to call this URI :
https://<webapi>/oauth/Authorize?client_id=<MyClientId>&state=<State>&scope=read&response_type=token&redirect_uri=<RedirectUri>
The user fill in the form and get redirected in my blazor app via the RedirectUri, having the accessToken in url parameters.
Then I have to add the accessToken in the headers of all Web API Requests, but I found how to do it via AuthorizationMessageHandler.
How can I implement this flow with Blazor Web Assembly ? Do I search in wrong direction ?
Related
i'm new to asp.net web api, owin, and everything related to it.
I'm trying to find the best way to do this scenario:
1 - Web api to have all the connections and rest service
2 - Web site to show data to user on a browser using the restful service
3 - An mobile app that have some functionalities like the web site and access the restful service to get all the information
My doubt is: what's the best practice related to the login? I'll use owin/oath2 with Identity to login, but since it's going to be implemented on the web api, the login/register/forgot password should be on the web api directly (like the project template does) or should i move most of the functionality to the web site? Of course its easier to leave in the web api, but if i do it, i must duplicate my razor templates just to call the login part. Can someone give me a path to follow?
Thanks!
the answer is not, your web api should not have any html or js or css file, only the services that your need, the web api exposes the functions to register the user, next when you have to do request, you must Send a token, you can obtain the token using the URL that you have configure in owin, the URL is like /token and Send the username and pass.
Regards,
the below process which i have followed while implementing single sign on
Decoupled Authorization server & Resource server
Got access-token using client_credentials from Authorization server
Problem:
i have used mvc 4 application for resource server and can't able to access views(resource) from resource server using mvc controllers with Authorize Attribute
used access-token generated by authorization server
also read the below question:
"I have an un-secured MVC 5/Web API 2 application. It accesses resources using a combination of MVC controllers, and ajax calls to the Web API endpoints.
Eventually I would like to move all resource access into a separate Resource Server. However, for the time being, I would like to get the application into production as a proof of concept for a line of business applications secured using the OAuth 2 framework.
I have configured users in IdentityServer, and added the application to AuthorizationServer using a code flow client. Based on the sample provided with the AS code, I am able to retrieve an access token in the application, add it to the request headers for Web API endpoint calls secured with the Scope attribute.
My questions is how can I utilize this same flow to secure the MVC controllers? I imagine it would entail setting up an OWIN middleware component which will set the authorization headers for each request based on a cookie which contains the token. Am I on the right path, or should I go in a different direction with this?"
please let me know how to access the mvc resource using owin middleware instead of web api.
I have an ASP.NET MVC website in which I have added a "Web API 2 OData Controller with Actions, using Entity Framework".
This is the 1st set of code that is auto-generated.
I am calling this web API from a native client. I have added a reference to the Web API service through, Right Click, Add References.
This is the 2nd bit that is auto-generated.
I've configured Azure AD authentication at the client side. This is working.
What I want to do now is: setup authentication for each Web API call based on the user who logged in from the client. So the client's access token needs to be passed from the client to the Web API, and this token should be used to authenticate further.
Note that a lot of the code is auto-generated. So the additions to code should have minimal effect on regeneration of the code, if possible.
Later on the Web API will use the user information to filter data based on his identity, and use role based identity as well.
Any pointers on how to start with this? I feel that all the various pieces are available, but how to gather them into a single solution is just out of grasp.
The container that is part of the auto-generated solution is where we need to pass the token.
Here's the code:
autogenContainer.BuildingRequest += (sender, args) =>
{
args.Headers.Add("Authorization", "Bearer " + access token retrieved from Azure);
};
I have two servers - web and app. The web server (IIS) serves only static files - HTML/CSS/JS. On executing the JS, the client gets the data from the app server (HTTP service using Web API, self hosted with OWIN). I need to bring in authentication so that my data as well as the content is restricted.
I can use SSL, I can pass username / password to the web api, have it authenticated and get back a token. I can pass this token for future web api requests. In my client app javascript (done using AngularJS), I can also maintain info whether the user is authenticated, what roles she has etc. (for user experience). But for security, I need to be able to ensure the html content requested (in the web server) is also having authentication and authorization done. How can I achieve this?
Should I change my app to make the web server call the app server internally rather than from the client? I can use MVC controllers or ASP.NET, but since I was using AngularJS, I thought it is not required, and is kind of a duplicate. Should I ditch pure .html files and move to .cshtml?
How is this done in the Angular + .NET world, when you data comes from a different server than your htmls?
We've been using JSONP with REST type api to do cross domain AJAX calls, but our Angular client code is within .cshtml files in a .NET project. Sounds like the simplest solution is to use the app server internally- I would go with that
I want to consume secured web service in asp.net mvc, I need to create proxy class to this service
I tried to use wsdl.exe tool but it gave me the following errors
There was an error downloading
The request failed with HTTP status 401: Unauthorized.
is there another way to create proxy class
or there is another technique to call this secured web service in my application
It looks like the WSDL requires authentication in order to be downloaded. I suppose the Web Service also. The WSDL.exe utility allows you to specify the username and password to be used when downloading the WSDL. So go ahead, talk to the author of the web service to understand what account you need to use in order to access it and then try the /username and /password parameters:
wsdl.exe /username:john /password:secret http://example.com/foo.asmx?WSDL