c# - OWIN - token based authentication on classic MVC web application? -

-

to honest, don't seem grasp owin concept - first library can't seem understand no matter try :(

now problem...

i have 2 mvc apps - 1 uses webapi , 1 don't. webapi app uses token based authentication , works, right i'm trying implement authentication in second (non webapi) app , don't know how it. tried using token code webapi app, realised token generator can't called directly in mvc controller, ended like:

[httppost] public actionresult login(loginmodel logindata) {     string baseurl = request.url.getleftpart(uripartial.authority);      string resultcontent = "";     using (var client = new httpclient())     {         client.baseaddress = new uri(request.url.getleftpart(uripartial.authority));         var content = new formurlencodedcontent(new[]          {             new keyvaluepair<string, string>("grant_type", logindata.grant_type),             new keyvaluepair<string, string>("company", logindata.company),             new keyvaluepair<string, string>("password", logindata.password),             new keyvaluepair<string, string>("username", logindata.username)         });          var result = client.postasync("/token", content).result;         resultcontent = result.content.readasstringasync().result;     }      string access_token = jsonconvert.deserializeobject<dynamic>(resultcontent).access_token;     if(tempdata.keys.contains("token"))     {         tempdata.remove("token");     }     tempdata.add("token", access_token);      httpcookie cookie = new httpcookie("token", access_token);     cookie.expires = datetime.now.adddays(-1);      httpcontext.response.setcookie(cookie);      if(logindata.fromurl != null)     {         return redirect(string.format("{0}{1}", baseurl, logindata.fromurl));     }     else     {         return redirect(string.format("{0}", baseurl));     } }

(while above works it's ugly hell - not mention error prone.)

then struggled, how inject token every request made controller, ended this:

protected override void onauthorization(authorizationcontext filtercontext) {     var token = this.request.cookies["token"].value;      this.request.headers.add("authorization", string.format("bearer {0}", token));      base.onauthorization(filtercontext); }

but doesn't seems work. don't know if approach correct (looking @ - it's not...) - questions are:

  1. should token based approach used @ non webapi, mvc apps?
  2. if - there better way this, or need write "spaghetti code" 1 above generated access token? i'm trying use have 1 universal authentication approach, instead of many - perhaps cookie based approach should used instead?
  3. i'm trying use have 1 universal authentication approach, instead of many - perhaps cookie based approach should used instead?

i tried following owin tutorials build in mvc applications, didn't find single example of mixing token classic web app - unless count angularjs tutorials, sadly don't apply here.

i think cookie based approach more apt. doing way work needed, noticed. have @ aad samples, starting point using owin authentication. particularly, recommend taking @ https://github.com/azureadsamples/webapp-webapi-openidconnect-dotnet, todolistservice webapi project , uses token based authentication, todolistwebapp non webapi project uses cookie based approach. there lot of other samples in repo might of interest.


Comments

Post a Comment

Popular posts from this blog

Android : Making Listview full screen -

-
<linearlayout xmlns:android="http://schemas.android.com/apk/res/android" xmlns:tools="http://schemas.android.com/tools" android:layout_width="match_parent" android:layout_height="match_parent" android:orientation="vertical" tools:context=".mainactivity"> <edittext android:layout_margintop="5dp" android:layout_width="match_parent" android:layout_height="50dp" android:background="@drawable/location_edittext" android:id="@+id/locationeditext" android:textsize="15sp" android:textcolor="#999" android:paddingleft="15dp" /> <com.example.ravi_gupta.slider.viewpagercustomduration android:layout_width="wrap_content" android:layout_height="0dp" android:id="@+id/viewpager" android:scrollbarstyle="outsideoverlay" android:layout_weight="0.5...
Read more

javascript - Parse JSON from the body of the POST -

-
i'm using cameratag.com record video on website. service can send json response server can save data database. don't know how proceed here: the documentation states please note json repsonse passed in body of post , not form parameters. here example of how parse response in ruby: data = json.parse(request.raw_post) video_uuid = data["uuid"] but don't know how data on javascript. i'm not experienced in js please bare me :) post sample: { "uuid": "00012710-4b65-0131-ffe6-22000a499ea4", "camera_uuid": "98373a20-79ee-0130-3e42-1231390fcc11", "created_at": "2013-12-20t05:25:02.000z", "percent_complete": 100, "short_code": "kktb4q", "metadata": { }, "state": "published", "recorded_from": "http://singwho.com", "publish_type": null, "formats": [ { "name...
Read more

javascript - How to Hide Date Menu from Datepicker in yii2 -

-
basically in datetimepicker widget date choose first time, how can hide date option widget , filter according time. tried not working want hide remove button [ 'attribute'=>'time', 'label'=>'time', 'format'=>'raw', 'value'=>function($data){ return date('h:i:s',strtotime($data->time)); }, 'filter'=> datetimepicker::widget([ 'model' => $searchmodel, 'attribute' => 'time', 'clientoptions' => [ 'autoclose' => true, 'format' => 'hh:ii', 'showon' =...
Read more