I'm having a lot of trouble finding an example of how to wire up a client to use external auth in a web api service. Any questions I find similar to this have responses pointing to the same couple of blog entries:
This one with an Angular front end
And this one on the Microsoft website
I really just want to know what AJAX calls I need to make to the service in order to register and login to it using external authentication. If anyone can help me, I'd really appreciate it. This has turned into a frustrating ordeal that should have been pretty straight forward.
Related
My goal is to implement a generically extendible .NET core web API. The generic refers to modules that can be added at runtime and provide new endpoints as well as functionality. These modules will be developed based on a framework.
Currently I am still deciding if the modules will be included as a DLL or run as a separate process (.exe).
I have the basic understanding of Dependenci Injection regarding the addressing of controllers in a DLL. But now I wonder if and how to realize the whole thing via an own process.
The API should always be addressable via http://localhost/myapi/{endpoint}, i.e. a request to a module should be done via the same URL. For the user / developer of the frontend everything should be presented as one API.
Unfortunately I was not successful on my research and don't know exactly what I have to / should look for specifically. Therefore I hope that you can help me.
Examples are helpful, but I am also keywords or articles, which deal with such a topic, help me further.
kind regards
Background
I am currently working with an application that uses Web API. We he have implemented custom token based authentication. Our front end is primarily HTML5, CSS3, and Javascript. Although it is an MVC application we are only really using mvc for routing, because Web API handles much of everything else. We are evaluating SSRS as a possible reporting solution. We would like to keep our Website session-less as it currently stands.
Question
I have not been able to find a good implementation of SSRS with Web API. I basically want a simple Web API route that constructs the URL to the report server while passing parameters. I was able to find several resources on making a request and passing parameters via a URL. I am struggling with Authentication. How do I send the credentials to the report server via URL. In WebForms there is an interface called IReportServerCredentials that allows you to do this. Is there anything like this for WebAPI. Is there another solution for logging in via a URL? We want to either send the credentials directly with this call, or somehow tap into our current WebAPI Token Based Authentication.
On a side note if anyone knows a report viewer that will work on the client side I would appreciate it. Since our frontend is technically an MVC application I have been evaluating this one:
-https://github.com/ilich/MvcReportViewer
That being said it is not ideal for what we are currently trying to accomplish.
Any help is much appreicated! I am very new to SSRS, so please forgive my ignorance towards the subject.
Have done a lot of search and reading over the WEB but could not come to any conclusion yet.
We are planning to develop a list of API's (planning to use ASP.NET WEB API). One of the business goals is to package the API and selling/licensing the Packages/API to end users.
Some thoughts that came to consideration:
Using Authorisation Filters to do check against database, if the user requesting the API has access to it or not. Not very sure of the implementation details yet even on this approach.
Are there any better suggestions or ideas or any open source libraries that we can go with?
What are the possible recommendation or best practices to achieve this.
Thanks in advance.
Please take a look at the following links. Hopefully, they help.
Web API creating API keys
How to secure an ASP.NET Web API
I've been working lately on my own WCF AtomPub service (based on the example in the "WCF REST Starter Kit") for using WLW with my custom written blog. All basic actions such as adding, updating, retrieving and deleting an entry are working "fine".
Although, right now I'm a little stuck when trying to implement the authentication. I can't seem to understand how WLW manages the authentication with AtomPub services.
I've tried to implement it on my side by checking the Authorization header. If not present sending the Unauthorized header etc... but their fails WLW on me.
I also checked all headers send by WLW (for exemple when adding an entry) but I can't seem to find anything related to authentication.
I must say that the WCF service currently is hosted in the same site as my website. And the IIS authentication is set to Unauthorized and Forms. All others are disabled.
Can anyone help me into the right direction? Some interesting websites for example explaining this? (something I have missed in my searches on the web).
Thanks
I had to write an atompub service for the Live Writer about an year ago. These blog posts helped me a lot at that time: http://jcheng.wordpress.com/2007/10/15/how-wlw-speaks-atompub-introduction/. For your case you may look at part 2. In short - "Use Basic, Digest, or X-WSSE over HTTP or HTTPS". I used the basic authentication and had to use this library MADAM http://msdn.microsoft.com/en-us/library/aa479391.aspx to get forms and basic authentication work together. I hope this helps.
I'm having a hard time getting my head around this, and Google just isn't being helpful.
I'm looking at converting some legacy code to use the following technologies: ASP.NET, WCF, jQuery.
The ASP.NET conversion isn't an issue, nor is accessing the WCF service for data, on the server-side.
However, what I'm having an issue with is potentially being able to secure the service so that I can return JSON-formatted data, requested via jQuery on the client-side, but lock it down to prevent external access.
For this particular implementation, it's not that big of a deal, since the ... quasi-Ajax-like functionality has been in place for quite a while, and there hasn't been abuse.
But, once this project is complete, I'd like to take what I've learned and convert another form, which is often abused, and allow for a slicker display.
If I want to do client-side calls to a Web service, am I stuck making my Web service open to anonymous access?
Short of securing the Web interface down to a specific subset of users (I see no issue with securing the added functionality to logged in users), are there any other strategies on securing a Web service in this scenario? Am I just overlooking something obvious?
Require an authenticated session for both the server-side page and its caller via ajax, with both behind HTTPS.
Another strategy is to use a token that is bound to the session during the last page load to confirm that the session itself has not been high-jacked. This is done when the client loads the page. The server tracks what the next token must be to confirm a valid request.