I'd like to create a website with authentication using REST framework. Well I'd not like to use it because I didn't understand everything about it, but I have to.
Can I use the REST API and yet have custom templates for administration and simple browsing ?
What I mean is that when I did the REST tutorial (on their website), I didn't see at all where I could put my templates instead of the ones generated by REST. How can I for example use the authentication of REST with my interface, my web template ?
Cannot figure out what do you mean by custom templates ?
Incase you want to begin with REST then you may start with jersey framework. For Security you may use OPenID or the latest OAuth2.0 specs
Here is my tutorial for REST + OAuth2.0
http://restful-fundamentals.blogspot.in/2013/02/rest-and-http.html
http://restful-fundamentals.blogspot.in/2013/04/oauth-20-introducation.html
Google code repo: http://restful-fundamentals.blogspot.in/2013/04/svn-repository-oauth20-spectifications.html
Related
Is there any solution to automatically generate a web UI from a REST API?
I found Swagger codegen but it generates a client for the API, not a UI.
I need a basic UI, allowing directly from the browser to use the different endpoints and display the response prettily. Something like a basic Postman that would be directly integrated into my website.
I don't have constraint about how the generation is done. Can be done once at build time, or at runtime on server side or on client side.
I've heard good things about retool.com, it seems to do what you need.
I use Swagger in my web api project:
GlobalConfiguration.Configuration
.EnableSwagger(c =>...
an so on. We also use SwaggerUI. Works like a charm.
For production we don't like the swagger UI to be available and we would like to protect it with basic auth. Afaik there is no such functionality available out of the box. Is there a way to do it with some kind of 'hack' in the web api? Can i register a dedicated filter only for a specific route or something like this?
Thank you for your help
regards
laurin
The web server that you use may support enabling HTTP basic authentication for URL matching certain pattern (e.g. starting with /swagger-ui).
I am using new feature of Azure that enables the active directory authentication for your website without writing any code.
http://azure.microsoft.com/blog/2014/11/13/azure-websites-authentication-authorization/
But the problem is my web application is also hosting some Web APIs, which need to be called without any authentication.
Is there a way (some attributes?) so that I can call Web APIs without any authentication?
Tushar, I see that Byron also replied to your question on his post- and suggested creating another website as for APIs as a work around. However I suggest that you wire-up auth separately for your Web App and APIs following our samples here: https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet, https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet
Let me know if you run into any issues.
From the very same article you refer:
Current Limitations
There are some limitation to the current preview
release of this feature:
...
With the current release the whole site is placed behind login the
requirement.
Head less authentication/authorization for API scenarios
or service to service scenarios are not currently supported.
So, no, you cannot have partial APIs or pages anonymously available - all pages and API will be protected by the Azure Active Directory.
I have built a cakephp site with RESTFul calls. Happy to say these calls work when using curl from another php site. (This is all testing at the moment)
The next stage is setting up authorization, from my understand I'd be looking at either basic or digest loging to make RESTful calls.
I'd like to build a phonegap app, that requires login. Would RESTful calls to CakePHP be the way to go. i.e making a RESTful API for my site?
I'd like to provide an API key. How would this key be secured in a phonegap app?
How secure is phonegap in general? If the files for an app are css, html, js can't the app be broken into and the files revealed
Just looking for general advice and a direction to continue researching.
I believe what you need would be a stateless authentication system. CakePHP comes with 2 built in. Take a look at this example
I'm trying to use the new WCF Web API Preview 6 with Basic Authentication. But don't really know where to begin.
zanewill apparently had the same issue:
https://stackoverflow.com/questions/8304367/how-to-use-basic-authentication-with-wcf-web-api
But the question is not a dup. I'm using this with mvc and don't really see how
Wcf Basic authentication
should apply?
I've tried out this:
http://cacheandquery.com/blog/2011/03/customizing-asp-net-mvc-basic-authentication/
But can't get it to work.
Should there not be an official solution from MS?
I have to note, that we are using our custom membership provider and that I basically just wanna pass an API token to the service. So the built in Windows Basic Authentification cannot be used.
I actually figured out a way myself. I've built my custom HttpOperationHandler and combined it with an Attribute, so I get a similar functionality as the MVC AuthorizeAttribute.
You can have a look at the solution here:
http://remy.supertext.ch/2012/02/basic-authentication-with-wcf-web-api-preview-6/
I think the recommended approach is to implement custom message handler. See my blog post for an example that works with ASP.NET Web API RTM:
http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-message-handlers/