m trying to make an VB .NET Windows Form app that authenticate to my website by POST request!
if user login info is valid it says "welcome" and application authentication is successful!
my website is coded with php + mysql!
problem is it is insecure and can be bypassed by many techniques..
HOW TO MAKE SECURE APP IN VB .NET that auth server side?
any method? please provide codes if possible!any code or
any other best language to make it most secure?
You can create an authentication function in PHP Web Service Class File .
And from your windows application, you can call the authentication function in that PHP web service .
Here is the sample link on how to create a web service in PHP : http://www.codeproject.com/Tips/671437/Creating-Web-Service-Using-PHP-Within-Minutes
Related
I am implementing a WebApp in our company's intranet with Blazor WebAssembly. I need to make API-Calls to our DevOps Server hosted in our intranet and need to use Windows Authentication to access the API. In the former used WPF Client it was enough to just add the UseDefaultCredentials-Flag on the HttpClient, but that does not work in WebAssembly anymore since the App is running in the browser. The Microsoft Docs state We don't recommend using Windows Authentication with Blazor Webassembly, but not recommend does not mean not support, so it has to be possible somehow, to attach the current App-User's Windows Credentials(Token) to the API Call. Unfortunately there exists no example on the docs page on how to implement this and I have not found any code on how to tackle this, although on some forums people wrote that it is possible, but did not include the How in their comments.
I am using .NET5 for both Server and Client and need to make the Api-Call with Windows Authentication from the Client, not the Server as most examples are using it, as my Server-Project uses the same User for all Requests but I need the User of the Client-Project.
Any kind of help is appreciated.
We have an intranet site web app. It's angularjs on the front end and asp.net web api on the backend. Because it started out as internal it uses windows authentication. Now we want to create a true mobile web app and be able to call these web api's from outside our network.
Since it's outside I'm assuming windows authentication no longer works?
Is there a way to mimic this windows authentication from the client so the api's still work or is there something else that needs to be done on the web api to make them work both internally and externally? Any direction would be great!
I am using mvc 4 web api project template. i have USERMASTER table which contains usename and password for different users.
Now i dont know what authentication is for web api????
how to stop invalid users to access it? ?
Let's say i m using fiddler to call web api. at that moment how can i stop invalid user.( i mean using tool like fiddler we can call web api. so i can stop invalid call not made by the valid user)
Moreover, i wish that user A can access only 5 web apis and user B can access all web apis from my project.
Is it possible???
i know how to use web api.
but i dont know about authentication and authorization process.
please help me.
I m using angularjs to call web apis.
Yes all this is possible but you need to use ASP.NET Web API 2 (.NET framework 4.5) you can find detailed source code and blog posts starting here including AngularJS Authentication using Web API, it should makes things clearer for you.
I have an issue that I am seriously struggling with.
I have a website, and a separate WebAPI which I want to be able to authenticate against each other. I was thinking that forms authentication would be best here. However, on my website, how do I go about calling the forms authenticated webAPI via a jQuery AJAX call?
Does anyone have any links or suggestions?
There is a discussion in this blog post on mixing forms authentication and basic authentication in Web API. You may be able to leverage some the principles in this article although it was tested with the Web API's residing on the same server as the web application.
If you keep the Web API and web application on separate servers your web application will run into cross domain issues and will have to support JSONP in your Web API. A possible work around for your website is to create a Web API locally on your web server which is just a facade to the Web API on the remote server. You incorporate the standard security methods on the local Web API, using AuthorizeAttribute, which in turn just calls your the Web API on the remote server. You can incorporate whatever security method you want to have for external users on the remote Web API.
I'm looking for a complete step-by-step guide or a sample project about implementing a RESTful Service using .NET 4.0 using Custom Basic Authentication over HTTPS hosted in IIS.
I've been googling about it for 3 days and I could only find either an implementation with WCF 3.5 which is very different, or without Custom Basic Authentication, or without SSL.
Basically I implemented my REST service on WCF 4, and added SSL, but I can't use a custom authentication using my custom users database.
Any references would be really appreciated.
It's not currently possible using the available WCF extension points.
It is possible with custom HTTP module allowing basic authentication against custom credential store. Built-in module in IIS supports only windows accounts.
I wrestled with this for a while and ended up just implementing basic auth in my service. Check WebOperationContext.Current.IncomingRequest.Headers for an 'Authorization' header. If it's missing or the credentials don't match set the challenge header and return a 401 status:
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException<string>("Username and password needed", HttpStatus.Unauthorized);
That's enough to trigger a browser to prompt the user for credentials. See https://www.rfc-editor.org/rfc/rfc2617 for more on basic auth, http://ithoughthecamewithyou.com/post/Basic-HTTP-auth-for-an-IIS-hosted-WCF-4-RESTful-service.aspx for more on this frustrating missing capability.