We want to use webservice provide by sharepoint. Before we use the webservice , I neet to access the form authentication. Now I'm using a UIWebView to show the web site. It works, but I know it's not the correct way. Can anyone how to do this by code?
use authentication webservice provided by sharepoint, it works.
Related
i'm new to asp.net web api, owin, and everything related to it.
I'm trying to find the best way to do this scenario:
1 - Web api to have all the connections and rest service
2 - Web site to show data to user on a browser using the restful service
3 - An mobile app that have some functionalities like the web site and access the restful service to get all the information
My doubt is: what's the best practice related to the login? I'll use owin/oath2 with Identity to login, but since it's going to be implemented on the web api, the login/register/forgot password should be on the web api directly (like the project template does) or should i move most of the functionality to the web site? Of course its easier to leave in the web api, but if i do it, i must duplicate my razor templates just to call the login part. Can someone give me a path to follow?
Thanks!
the answer is not, your web api should not have any html or js or css file, only the services that your need, the web api exposes the functions to register the user, next when you have to do request, you must Send a token, you can obtain the token using the URL that you have configure in owin, the URL is like /token and Send the username and pass.
Regards,
Out of the two methods of : JS API and OAUTH ,can anyone suggests which one is more reliable and should be used?
I want user to come on my application and from there I want them to login in LinkedIn from where all his personal data will be fetched and shown in my application . I have done this with JS API but still confused b/w the two.
Thanks,
Both are same if you want to use JS API then you may include js code in your code otherwise you can use OAUTH, Both methods are fetching same fields.
If you want to use JS API you can refer these links-
http://www.aspdotnet-suresh.com/2013/05/get-linkedin-logged-in-user.html
for OAUTH - http://mvcrocksonasp.net/OAuthWithMVC4
get code from these links.
Background: I'm trying to use social oath providers to sign up and sign in on an iOS app. I believe MVC's API is the right way of doing this, but I have a few holes.
The MVC API has a GET /Account/ExternalLogin API call that returns valid external login providers, (often social) login options.
How should I use this from iOS?
Additional parts to this question:
I'm not familiar with the x-auth-token header but I think I'll need to use this in combination with the JSON payload itself. How do I use this?
Buried in the payload is a double encoded URL that I can use with something like GTM oAuth. Is this something I need to decode twice before I use it?
GTM oAuth library looks like a candidate library to use to help out.
Is ExternalLogins the right place to start? If I try and login from the app then the app needs to know client secrets and the like. Shouldn't these be managed safely in the API?
I'm happy to refine this question if it's not up to scratch before you reject it.
Thanks!
I have 2 projects an mvc5 & webapi. I am wanting to call the api from a pure clientside manor even though im using mvc (I am slowing trying to migrate old code into a spa like application still being able to maintain the current codebase).
The url of the api sits under the main domain e.g. subdomain.mydomain.com/api so I dont have to worry about jsonp or crossdomain stuff.
How do I secure the api. Am I right in thinking when a user logs into the mvc5 application there is there some kind of key or token I can access. I store it somewhere on the site and add it in the request header?
If I follow this approach how do I validate the token at the api end. An actionfilter that reads the header? or is there a cleaner method.
The only information I can really find on using the api is to use basic auth which is something I dont really want to have to do.
I think a nice simple(ish) way to do it is to use a token based method. So the client authenticates once, you give them a token, then subsequent requests pass the token and the server checks it.
It does require some custom code, but I have seen a few good examples. Here is one that I loosely followed:
http://www.codeproject.com/Articles/630986/Cross-Platform-Authentication-With-ASP-NET-Web-API
It enforces HTTPS, then does the token generating and validation after that.
I am developing MVC application and want to use WIF & Claim based security.
However I am very disappointed with the way login is perfomed. I mean redirection to STS login page and then redirecting back to my page. That is not user-friendly at all.
I want to implement login page in my application (it fact it will be popup dialog). Than using Web API I want to be able to perform STS request and get security token and initialize WIF infrastructure (Principle etc).
Is it a good way to go with?
Did anybody do something similar?
Does anybody have some samples of what I am trying to do?
I just worry that I don't have control over the STS login page layout & style.
Also I will have mobile application and must perform login using Web API service.
What can you advice?
Thanks
Well - you can do that of course. This does not need to be WIF specific. Call a service, pass credentials - and when OK set the login cookie.
But if you want SSO you have to make a user agent roundtrip to the STS - otherwise you cannot establish a logon session.
Consider using MembershipReboot membership provider which uses claims-based security and is not based on microsoft's traditional membership provider.
It does not have a documentation, but in the zip file you can find 2 sample projects that uses MemebershipReboot provider, which explains all you need to know about it.
In fact after reading this blog post today, I decided to use this approach in my current project. I'm still struggling with it now and I'm so excited !
In addition to Ashkan's recommendation Brock Allen provides solid documentation about how to implement MembershipReboot in association with IdentityServer. You can find that their is a way to configure a custom implementation Here. Also their are a few tutorials on vimeo from Dominick Baier (leastprivilege) that will provide a full walk through on getting started! I hope this helps!