i want to set session variables from web api controller and access it into App.js method is there any way to access like that ?
i'd already tried using :-
HttpContext.Current.Session
but i'm not able to set and access session variables globally and access it on second page ...
There is no session mechanisim on web api beacuse it is against restfull idea.
If you need to store data like session you may consider to use
Http Cookies
http://www.asp.net/web-api/overview/advanced/http-cookies
Encrypted tokens which has the information you want to store.
Use an MVC application like web api (playing with routes)
Don't store sensitive data and use HTTPS
Related
I'm building an app using Vue and Rails.
I have both the frontend and the backend separate (in separate folders)
The frontend is generated with vue-cli.
I have a situation where, I want to send some data to the backend via websockets, I want to set that data in something like a session object, and then access that data again on subsequent websocket interactions. Is that possible?
Would I need to set some kind of token in the browser, some kind of identifying token?
This seems like it would be a common problem but I can't find any information on it.
If you are utilizing session in rails websocket/connection.rb you won't be able to access it directly, but you can access it through the cookies object. The rails docs say this is labeled ['_session'] but for me on my browser it was ['_session_id'] then whatever data you set within session like a user id ['user_id']
cookies.encrypted['_session_id']['YOUR_DATA']
How do you work with Angular.js to reuse a session at a webserver (rails) after browser refresh/restart? I'm using RestAngular but I don't know how to store the session? The angular.js app is in my Rails app as a View (with the assets of course) and I have csrf protection fixed.
I want it to work like a regular webpage, where you don't have to log in each time.
I believe you need to reuse the session objects which is already available in the webserver.
What I would suggest is that, You could use the browser cookie to retrieve the session objects or else you could store a key in the browser DB which you can send to the server via RestAngular and check whether the session is already available.
If the session is already there then you can send the relevant data through RestAngular to the browser.
Hope this might help.
So I have been happily building my ASP.Net MVC 4 application for a month now. I have the security model in place, users can log in and secure information is being stored in the users session for subsequent page requests. This all works great. I then implement some ajax calls to get additional data into the page. I do this by making a call to a Web API interface. In the Web API call I try access Session and low and behold Session is null. Now I get that Web API is supposed to be "stateless". All the parameters for a web api call should be passed in. But what if some of those parameters are sensitive and can not be passed up from the client when making the ajax call?
I've read about the hacks to get access to session in WebAPI. I would prefer not to do this and violate the tenants of web api. ?
So do you store this information in the database and pull it out in the web api call? Seem like a PITA to do that.
So how would could keep certain parameters secure when making the web api ajax call?
Or do you break down and just get access to session?
Each service call could accept a user id.
The WebAPI controller method uses the user id to do further data look ups, such as looking up sensitive order details.
The way I do it is inheriting from a Base Class, and this base class has the following:
public string UserName
{
get
{
return User.Identity.Name;
}
}
The WebAPI can see this UserName and each UserName is unique, so you can do a user lookup based on this variable.
If you're wanting to send any further data to the WebAPI then you're going to have to send, say, an ID to the Controller and validate it against the UserName to see if they have access to it.
Psuedo...
I want a Policy!
Client side
Sends Policy ID (1234 to WebAPI, meaningless to a hacker if they can't get info from it)
This ID is validated against
User.Identity.Name to see if information can be retrieved
I need to store the user ID, his company ID and name, in a way I won't have to query the database on every postback.
I know I have options like: ViewData, TempData or auth cookie, but, are there any better solution?
Best regards,
Juliano Nunes
This sounds like a classic use of Session.
ASP.NET session state enables you to store and retrieve values for a user as the user navigates ASP.NET pages in a Web application. HTTP is a stateless protocol. This means that a Web server treats each HTTP request for a page as an independent request. The server retains no knowledge of variable values that were used during previous requests. ASP.NET session state identifies requests from the same browser during a limited time window as a session, and provides a way to persist variable values for the duration of that session. By default, ASP.NET session state is enabled for all ASP.NET applications.
ASP.NET Profile Providers mechanism looks like a thing you're looking for - especially if you're already using Membership/Role providers.
More generic article on Profile properties: MSDN
I'm building an iOS application which fetches all of it's data from an online API.
The API requires that the user is validated before other resources may be accessed and each subsequent request must send a valid session ID.
What's the best way to persist the session ID from controller to controller?
Set it as a global somewhere? Save it as an entity? Or pass it as an attribute from controller to controller at each segue?
Advice appreciated
Store the token in NSUserDefaults rather than injecting as a property or ivar on every controller. I'd also extract it from defaults in the object or shared instance that handles your web service/ API interactions (rather than have every controller look it up).
PS: If you want secure storage, use the Keychain.