c# - OWIN - token based authentication on classic MVC web application? -

-

to honest, don't seem grasp owin concept - first library can't seem understand no matter try :(

now problem...

i have 2 mvc apps - 1 uses webapi , 1 don't. webapi app uses token based authentication , works, right i'm trying implement authentication in second (non webapi) app , don't know how it. tried using token code webapi app, realised token generator can't called directly in mvc controller, ended like:

[httppost] public actionresult login(loginmodel logindata) {     string baseurl = request.url.getleftpart(uripartial.authority);      string resultcontent = "";     using (var client = new httpclient())     {         client.baseaddress = new uri(request.url.getleftpart(uripartial.authority));         var content = new formurlencodedcontent(new[]          {             new keyvaluepair<string, string>("grant_type", logindata.grant_type),             new keyvaluepair<string, string>("company", logindata.company),             new keyvaluepair<string, string>("password", logindata.password),             new keyvaluepair<string, string>("username", logindata.username)         });          var result = client.postasync("/token", content).result;         resultcontent = result.content.readasstringasync().result;     }      string access_token = jsonconvert.deserializeobject<dynamic>(resultcontent).access_token;     if(tempdata.keys.contains("token"))     {         tempdata.remove("token");     }     tempdata.add("token", access_token);      httpcookie cookie = new httpcookie("token", access_token);     cookie.expires = datetime.now.adddays(-1);      httpcontext.response.setcookie(cookie);      if(logindata.fromurl != null)     {         return redirect(string.format("{0}{1}", baseurl, logindata.fromurl));     }     else     {         return redirect(string.format("{0}", baseurl));     } }

(while above works it's ugly hell - not mention error prone.)

then struggled, how inject token every request made controller, ended this:

protected override void onauthorization(authorizationcontext filtercontext) {     var token = this.request.cookies["token"].value;      this.request.headers.add("authorization", string.format("bearer {0}", token));      base.onauthorization(filtercontext); }

but doesn't seems work. don't know if approach correct (looking @ - it's not...) - questions are:

  1. should token based approach used @ non webapi, mvc apps?
  2. if - there better way this, or need write "spaghetti code" 1 above generated access token? i'm trying use have 1 universal authentication approach, instead of many - perhaps cookie based approach should used instead?
  3. i'm trying use have 1 universal authentication approach, instead of many - perhaps cookie based approach should used instead?

i tried following owin tutorials build in mvc applications, didn't find single example of mixing token classic web app - unless count angularjs tutorials, sadly don't apply here.

i think cookie based approach more apt. doing way work needed, noticed. have @ aad samples, starting point using owin authentication. particularly, recommend taking @ https://github.com/azureadsamples/webapp-webapi-openidconnect-dotnet, todolistservice webapi project , uses token based authentication, todolistwebapp non webapi project uses cookie based approach. there lot of other samples in repo might of interest.


Comments

Post a Comment

Popular posts from this blog

Android : Making Listview full screen -

-
<linearlayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent" android:layout_height="match_parent" android:orientation="vertical" tools:context=".mainactivity"> <edittext android:layout_margintop="5dp" android:layout_width="match_parent" android:layout_height="50dp" android:background="@drawable/location_edittext" android:id="@+id/locationeditext" android:textsize="15sp" android:textcolor="#999" android:paddingleft="15dp" /> <com.example.ravi_gupta.slider.viewpagercustomduration android:layout_width="wrap_content" android:layout_height="0dp" android:id="@+id/viewpager" android:scrollbarstyle="outsideoverlay" android:layout_weight="0.5&quo
Read more

javascript - Parse JSON from the body of the POST -

-
i'm using cameratag.com record video on website. service can send json response server can save data database. don't know how proceed here: the documentation states please note json repsonse passed in body of post , not form parameters. here example of how parse response in ruby: data = json.parse(request.raw_post) video_uuid = data["uuid"] but don't know how data on javascript. i'm not experienced in js please bare me :) post sample: { "uuid": "00012710-4b65-0131-ffe6-22000a499ea4", "camera_uuid": "98373a20-79ee-0130-3e42-1231390fcc11", "created_at": "2013-12-20t05:25:02.000z", "percent_complete": 100, "short_code": "kktb4q", "metadata": { }, "state": "published", "recorded_from": "http://singwho.com", "publish_type": null, "formats": [ { "name&qu
Read more

javascript - Chrome Extension: Interacting with iframe embedded within popup -

-
i writing chrome extension needs interact urls user not have open. therefore using hidden iframes embedded within popup, , attempting click button within iframe. however, receiving same origin policy error. know possible extension interact iframes of different domain via content scripts when iframe on tab user has open, not sure if possible use content scripts interact iframes directly in popup. here code: manifest.json "content_scripts": [ { "js": [ "bin/jquery.min.js", "interaction.js" ], "all_frames": true, "run_at": "document_start", "matches": [ "http://*/*", "https://*/*" ] }], "permissions": [ "activetab", "tabs", "http://*/", "https://*/" ], interaction.js $(document).ready(function() { $('div#iframes').append("<iframe id='shop' src=
Read more