I am using WSO2 api-manager to provide secure access to my restlet uris'.
At the resouce class which extends ServerResource class i need to access the username and store it in db for auditing purpose.
I followed below link for the same
https://docs.wso2.com/display/AM180/Passing+Enduser+Attributes+to+the+Backend+Using+JWT
But not sure how to access the username at my resource class.
Can anybody help me for the same.
thank you.
~Shyam
Thanks Thierry Boileau your information helped to extract the header from the restlet but to decipher the token i followed the below links
http://lalajisureshika.blogspot.in/2013/06/passing-end-user-details-from-client-to.html
Related
I need help to the follow issue:
Each endpoint of my API is decorated with the "Authorize" attribute, where I indicate the claim or the necessary claims to access the endpoint. However, the same user can have a considerable amount of claims and these claims will be stored in the database. So with every request in my API, I need to intercept this request, identify the user, query the database to see if it has the required claims, and return, providing or denying access to the requested endpoint. Most of the implementations that I saw on the internet, pass the claims in the code itself, in a static way, and that does not meet me.
I tried to implement some custom filters, but I was not successful either.
Could someone help me solve this?
Thanks!
I recomended you to use JWT Authorization.
It's easy to implement and also secure.
In this article you have an example with how to do it. I hope that's help you.
https://code-maze.com/aspnetcore-webapi-best-practices/#jwt
how can I get HTTPS authorization on site https://uslugi.beeline.ru not using UIWebView from iOS?
Their APIs I unfortunately do not have = (
Please help, and sorry for my english, it's Google Translate.
P.S. Username and password to login I can not give because important information is stored there.
P.P.S Maybe there are ways to fill out a form via http UIWebView, but so that it loads only source without pictures?
you need to know the API for the POST or GET (and parameters of the body data). Check the documentation(Configuring Authentication point): documentation
I am a bit confused by the method Engine.SetDownloadSource(). What I am trying to do is change the download URL for the bundled packages from an external website to an internal one. (If there is an easier way to do this, I am open to other suggestions).
Now for the problem. When calling this method it is asking for a user and password. I am not sure where I should get this info from.
string downloadSource = Path.Combine(WebSitePath(), "WebSetup/WebSetupData/", Path.GetFileName(args.DownloadSource));
Engine.SetDownloadSource(args.PackageOrContainerId, args.PayloadId, downloadSource, user, password);
WebSitePath() simply returns the base URL for the website. I can't find any hint about what username and password the MBA would use if I didn't change the link, and likewise I am not sure how to tell it to use the current windows user to download from the new link. Any help would be greatly appreciated.
Username and password are optional to support basic or digest HTTP authorization. Set them to null if you don't want to provide a user/password combination.
I am using jive 5.0 forum. I have my own user tables with user id and password. How can i use this to provide Authentication for jive? The password is encrypted using sha-1 hashing technique.
Thanks in advance.
I found the answer myself. it was there are a couple of classes such as CustomAuthFactory CustomAuthToken CustomUser CustomUserManager which are explained in the documentation of Jive forum.
The tool I'm developing would do a thing similar to when you join Facebook and they ask your GMail username and password and with it they can grab all your contacts.
But my tool doesn't use a browser, therefore it is difficult to get the proper headers. I assume that the Google application (Orkut) checks only my Cookies and Identity(ip, machine name, user-agent) as authentication method. In this case all I need is to get the proper cookies.
I tried to call https://www.google.com/accounts/ServiceLoginAuth?service=orkut with the parameters Passwd=realPasswordHere&Email=mymail#gmail.com . But the response was a similar HTML with Set-Cookie: GALX=A9iBuq7y5xU;Path=/accounts;Secure
None of these cookies are the real thing. Have you tried it yourself? Do you know how to do it? Have you ever seen an open source project that does it?
Consider using OAuth -- the URL I just gave details how to use OAuth to authorize the OpenSocial REST interface on Orkut, and this one has detailed specs on the RPC interface to OpenSocial, if that's what you prefer (the authorization part is basically the same, anyway).
If you are just looking for the contacts check out the provided API:
http://code.google.com/apis/contacts/
other google APIs
http://code.google.com/apis/gdata/
If you need source code to view how to do this you can check out the following project.
http://sourceforge.net/projects/gccontactman/
hope that helps, and good luck!
Perhaps you could check the source code of a Google tool that does this:
http://mail.google.com/mail/help/email_uploader.html