I have a new big project with ASP MVC 4 and I will need to build in the future a lots of tiny web application that contains:
A Banner ( like Google banner in black , for authentication, notifications , search …… etc. )
A body that must access the banner info and knows if the user is authenticated or not.
Let me explain, if we look at :
Google play (subdomain )
Google Map (subdomain )
Google Translate (subdomain )
Google Gmail (subdomain )
Youtube ( different domain )
We will notice that it’s exactly the same banner for all its subdomains and even different domain (youtube ), and they have just the content that changes, and if I’m already authenticated in google play I do not need to authenticate again in Gmail or YouTube .
I want to do the same thing with my websites :
here a link to explain in images: http://www.use.com/ba3e6c12424c7696be7f
My Questions or just need for confirmation:
1- It is possible to host a banner and websites in different domains and still not authenticate again in every websites? I ‘am thinking about YouTube domain and google domain which is possible. How can I get the same experience?
2 -I assume it’s very easy with subdomains without the need of OAuth 2 for authentication just the normal ASP MVC 4 simple membership will do the job, am ‘I right?
3- Assuming I choose ASP MVC 4 simple membership with subdomains , how can I organize my projects so I don’t have duplicated code for my banner in every project if i want the same experience as google banner ?
a) First idea is to build the banner, put it in an assembly and Render It with an HTML helper, is that a good option? )
b) Do I still have the same experience if I host every subdomain in a different server?
c) Can I choose to host the banner in subdomain1 and load It in a website in subdomain 2 with JavaScript? (do I still have the same experience)
4- Assuming I have to give every website in different domains (not subdomains), how can I manage the architecture? I just need some clues.
5- If I’m wrong on everything, can you guide me to have the exact same experience with complete different domains, or different subdomains with an elegant solution ?
Thank you in advance, and sorry for my bad English (third language).
You really have two separate questions here. First, how to include a bit of HTML in multiple projects. There's really a myriad of possibilities here. If all of your sites are in the same solution in Visual Studio, the easiest method is to simply pick one project to hold the partial view for the banner and then link to it in your other projects. You do this by right-clicking somewhere in your project in the Solution Explorer and choosing Add -> Existing Item..., find the file in the other solution, but instead of "Add" to confirm, click the arrow next to it, to expand the dropdown and choose "Add As Link".
Alternately, or if one or more of your sites is not in the same solution or is in another language altogether, then your best bet is probably just to save the snippet of HTML as a flat file, somewhere each site will have access to. Then, you just read in from this file and display it.
Your second question is more complicated: how to share authentication. If all of the sites are on the same domain (subdomains), then you can just simply set the cookie on the domain itself, and all subdomains will receive the cookie and have access to the authentication status. If you have sites on different domains, though, it gets exponentially more complex. You either have to implement something like OAuth, which is awkward if all the sites belong together (i.e. OAuth is only really used to authenticate with third-parties, no one really uses this to share auth between related but different domains.) Or, you basically create a server that provides authentication for the other sites.
It's a kind of complex setup, but you've seen it in action on places like Google-owned properties. When you go to login, it takes you to accounts.google.com, and then you're redirected to the originating site after logging in. Essentially, what's happening is that technically the only place you're "logged in" at is accounts.google.com. If one of the sites in the family needs authentication, it redirects you to accounts.google.com. At which point, if you have a auth cookie already, it's sent and accounts.google.com restores your authenticated session, it then redirects back to the original site, with some token that identifies that you are logged in. Going into all the details and how to actually set this up is far beyond the scope of what can reasonably be done here on StackOverflow, but this is a really good reference and starting point. Part 1 describes the theory. The next installment details how to set it up.
Related
The question is fairly simple, but I've yet to find an answer to it. Is it possible to use Google+ API in an asp.net-mvc web app that requires multiple tiers of users?
For example, this app basically needs three sets of users and permissions associated with each: Admins, Members, Guests. Mind you, I've never handled user authentication of any type before, so I'm happy to hear suggestions for other frameworks if you think those would be better.
I think its going to be very hard for you to get three sets of user credentials in a single app.
For you to be able to authenticate as user one your going to need user one to authenticate your application then you will have access to that users data. If you need access to user twos data your going to have to have that user authenticate your application. If you need access to both users the same time its going to be very hard for you to get this access unless they are both using the same computer together.
While it is possible to get a refresh token for user one returned which you could store on your server some place and then use that to access user ones data when user two is on their machine. This becomes a gray area as you are responsible of holding user ones data private especially from user two.
as for your different leaves of users thats just part of your system it should just be a matter of strong the users ids associated with their role within the system.
None of this has anything to do with doing this in .net. You could probably work it all out using the .net client library. Web applications (ASP.NET MVC)
Context/Background: I have an iOS app with a Firebase backend. Each user on the app has a couple of public stories or journals. I am working on the v2 of the app and one of the main features of v2 is to give users the ability to publish their stories as static webpages by a click of a button. The goal is to have a journal for a user with a username "johnhouse", for example, be available at www.the-app-domain.com/johnhouse.
Question: How do can I create web pages on the fly from an iOS app? Im not sure where to start. Which online services should I look at?
I thought of spinning up a server and hosting www.the-app-domain.com on it, getting the app to ssh into the server and creating a directory called "johnhouse" (from the example above) inside the website's root directory and then pasting an index.html file inside it, But this doesn't only sound like a bad idea, it also sounds complicated as hell If I were to generate the html files on the app, how would I get them to the server? how would I get them into the right location?
There are a great many ways you might implement this behavior but I'll suggest one.
Consider what this product might look like if the app had no knowledge of how these static pages were published. All the app needs to be able to do is allow users to set which of their stories are published or not and to inform those users of the url at which their published stories will be available.
There may be real advantages to removing the app from your page-creation process.
If you find that you need to make change to the formatting of your pages you can do so without requiring an app update and you can choose if you want to rebuild every page or just have changes apply to new pages. This might be important if you discover that your pages don't render well on some devices or are not indexed the way you would like by search engines.
If you need to change where your pages are hosted you can do so (and provide redirects from the old location) without needing everyone to update to a new app version.
If you need to add moderation or curation of the content you publish you can do so more easily than if clients (your app) have direct control of your site content. This may be important when someone starts publishing SEO spam links to your site, or registers the username admin or login, or publishes a story containing malicious javascript, or publishes content which gets you a copyright infringement notice.
You don't need to give clients direct access to your web server which could allow them to edit each other's content or overwrite your site with their own malicious content.
Since you're already using Firebase take a look at how you might run your own web server as another client of this backend. One which looks for "published" stories (however you identify those in your data model) and generates appropriate pages for them. Depending on the tools you elect to use these could be dynamically generated pages (client side js or a web app) or static pages build by some backend process periodically or whenever stories change and added to a web server. Without any idea what server side tools would be most appropriate for you it's hard to know what specifically to suggest here.
I am being asked if I can setup a way to - on the fly - dynamically do a URL rewrite.
My experience with URL rewriting has been primarily using essentially static web.config files where I knew ahead of time what the conditions were I was supporting. But in this case, I'm working with a partner who is sending me data about their clients and when a user of my site gets sent to one of those pages, they'd like me to rewrite the URL so that it looks like their client's URL and not mine.
Example: the search my site for Jim's auto shop, when I display my (their) content about Jim's auto shop, the URL wouldn't appear to be on my site, it would show "www.JimsAutoShop.com" when it's really on "wwww.mysite.com/JimsAutoShop"
I suppose every time our partner pushes we data where this is needed, I could rewrite the web.config file adding a section for that case, but I really don't know that that's a good idea. is there a way to essentially do this dynamically via code, where when I query my db from a search and see I need to mask the URL, I could do that?
Tech wise, i do not have access to IIS, I'm on a shared server running IIS and my primary application stack is Coldfusion10. Thanks
I don't believe this is possible. By the time your server side language gets the code, everything has been processed on the web server. There is nothing to rewrite. You could technically do this with Javascript but it would just be visually, it wouldn't actually be changing the URL. (Not sure you could visually change the domain, but I don't see why not. I've done it before with other parts of the URL). Here is how you would do that essentially: https://developer.mozilla.org/en-US/docs/Web/API/History_API
If this needs to be done though, the web.config route is the way to go. I had an application where when data was updated using certain forms in the app, I would grab the web.config and edit one of the rewrite maps.
But I'm not so sure that is what you need. If you want the domain www.JimsAutoShop.com to just pull files form your server, just edit the DNS to point to your server. Rewriting/Redirecting isn't needed. That is how sites are supposed to work.
I am looking to set up 2 rails apps (with the same tld) which have single sign on and share some user data. If I have railsapp.com I will have the second app set up as otherapp.railsapp.com or railsapp.com/otherapp. I will most likely have railsapp.com handle registration/login etc (open to suggestion if this is not the best solution).
So lets say I sign up and upload an avatar and start accumulating user points on the main-app, I can then browse to the other-app and my profile there has the correct avatar and points total. is there an easy way to achieve this? Do the available SSO solutions create the user in the second app with the same user ID? if not, how are they tied together? (ie how can I query the other app for information I would like to be shared across the 2 - user points and avatar) I was initially looking at sharing a database or at least the user table between the 2 apps, but I can't help thinking there must be an easier solution?
I think the simplest solution is if you set the cookie on the .railsapp.com domain, then it should be sent when you do requests to otherapp.railsapp.com or any other subdomain (just stressing that as it might be a security concern). Remember to mark the cookie as secure!
And a extra bit you might need to make this work, is to store authentication tokens on a database so they can be shared between the two apps.
Disclaimer: I don't have much experience with Rails anymore, so I'm not sure if some of the frameworks like Devise can do something like this out of the box.
Edit
Got curious and ... google had the answer: http://codetheory.in/rails-devise-omniauth-sso/
Ok this question might sound a bit weird, let me try to explain what I am trying to achieve here.
I need:
- some mostly static pages: home page, about us, etc. the usual suspects
- a full complex rails web app
The web app being the heart of the system will have a lot of stuff, including user authentication (with devise by the way). The application will have a standard navigation menu with possible actions changing depending on user status (login or not, admin or not, etc).
Until now, nothing out of the ordinary.
However for unrelated reason, I MUST have the entry point of the whole system be the home page that will be hosted on another server (ergh).
So now, since my home page and other static pages will be on server A and all the application will be on server B how can I maintain contact between the 2 ?
Meaning: keep my navigation menu dynamic even on my static pages, have a sign-in / sign-up form on my static server but registering an account on the "real" application server ?
They can share the same database, no pb there.
Any pointers on how to do this ? I would really like not to put some iframes on the static site...
Thanks !
Alex
For the signin/signup stuff, you can have your forms action going to B and redirecting to A.
To display the right stuff in the menus you can make a jsonp call(as Chris said) to fetch either the entire header or specific parts of the header that are dynamic.
If you are just looking to include the users name, you can also simply store their name in a cookie and then use javascript to display it in the header.
If there's no cookie display a link to login/signup.
edit: For the jsonp calls take a look at a javascript framework to make the call client side, I personally use jQuery http://api.jquery.com/jQuery.ajax (and look at the jsonp options).
Thinking out loud...
Can you dynamically build the menus using javascript/AJAX in the static code? Perhaps that could query server B (via jsonp) to determine the options...
Its going to have do some "funky" (tm) stuff to track whether there is a user session or not... and linking them...