This is probably a related question, except it's in Android: How to check WiFi is pass through web page login?
Anyway, my issue is that I need to detect whether the user on my WP7 app is connecting to an access point that requires web authentication. The access point would not provide any Internet connectivity if the user has not authenticated himself.
Is there any way I can detect such a situation? Or perhaps redirecting the user to the access point's authentication webpage before proceeding with the app flow would be nice too!
I'm currently using WCF Data Services btw.
Easy: just make a WebRequest for a url that you know that always return the HTTP response code 200 (the OK code) and if it returns any 30x that will be the router redirecting you elsewhere!
Example: requesting http://www.whatismyip.org/ should return HTTP response code 200!
There is currently no way to detect this.
What I did was to make a HttpWebRequest to the service, and see if it starts off with xmlns using the .Contains() method. If the call is redirected to the WiFi hotspot, then it will return a HTTP response, which is inherently different in nature.
I know this might not be the best of solutions, but it works for me to simply test reachability.
Related
For the first time, we are developing a new project that needs to support the browser (a website) and a mobile app built on react-native.
We have plenty of experience developing for the web, but little to no experience in the mobile app world.
We are now defining our API and trying to make it work for both platforms - This will be a basic JSON API, running on Flask. The API will have some public endpoints, and some protected ones as well (that require auth). We want a cross platform auth solution.
Typically, for the web, we have always relied on cookie based sessions (encrypted) that frameworks like Flask provide. We have been successfully using these in various scenarios: loading HTML templates directly from the web framework, or even when the frontend application runs on React (same domain + HttpOnly + secure cookies).
The introduction of react-native could potentially bring some new challenges, and some of our developers worry about not being able to continue to use our typical session based cookies - They are advocating to using something like JWT for authorization, for both the browser and app (and yes, I know that we can't compare sessions to token based auth).
I'm not a big fan of token based authorization (for a number of reasons, could entertain that conversation if anyone wants to waste some time...), and I can't seem to understand why we shouldn't stick to our normal encrypted "Cookie" value.
Here is how I imagine this could work, based on using the Flask cookie session:
A user hits /api/login with some credentials
The endpoint will validate the user and return back whatever response + the Set-Cookie header with a value of session=<encrypted string>
Any further requests from the browser/app would send back the cookie value again.
Essentially, nothing would change for typical browser implementations, this is how browsers work by default.
The react-native documentation mentions a few issues with cookie based authentication: https://reactnative.dev/docs/network#known-issues-with-fetch-and-cookie-based-authentication
From what I can gather (my knowledge is extremely limited on this subject), react-native might not always respect the Set-Cookie header. Which is OK - we would just have to make sure to send back the expected header with any further requests.
This, in theory, would fulfil our requirements.
I'm looking for feedback on my "solution", am I missing anything? Did I get HTTP completely wrong?
React Native actually provides networking similar to that of websites developed with basic JavaScript, which also supports cookie based authentication, however there are some serious caveats as mentioned in here
The following options are currently not working with fetch
redirect:manual
credentials:omit
Having same name headers on Android will result in only the latest one being present. A temporary solution can be found here:
https://github.com/facebook/react-native/issues/18837#issuecomment-398779994.
Cookie based authentication is currently unstable. You can view some of the issues raised here:
https://github.com/facebook/react-native/issues/23185
As a minimum on iOS, when redirected through a 302, if a Set-Cookie header is present, the cookie is not set properly. Since the redirect
cannot be handled manually this might cause a scenario where infinite
requests occur if the redirect is the result of an expired session.
Therefore, I would advise against using it as it is unstable and might give you a hard time dealing with it
I also suggest looking into frameworks that handle authentication for you, such as auth0
Hope you find this helpful :)
Following Nordigen's Quickstart details here https://nordigen.com/en/account_information_documenation/integration/quickstart_guide/
where my VB.NET desktop calls the Nordigen API, to let my customers choose their account then login so I can retrieve transaction details. My chosen component for the various web requests is Chilkat using Chilkat.Rest objects.
Going well until Step 4.2. I open a browser window with the url provided to me from the API, go through the end-user authentication process but once that is complete I am struggling to return 'control' to my VB.NET application. My redirect uri is http://localhost but I simply get "localhost refused to connect". There's obviously something missing but I'm unsure what. Managed this before with the HMRC MTD API for oAuth where you provide a port on ListenPort and all magically works. No oAuth needed this time however.
Any help/pointers gratefully received
I would like to develop a desktop application.
Sadly I got stuck at login. I want to use a web view which be SoundClound login end point.
https://soundcloud.com/connect?client_id=my_client_id&response_type=token_and_code&scope=non-expiring
Using the above I received error : "invalid_client: The configured redirect_uri of the client application is invalid."
Would be nice if API would tell you which parameters are required and which are optional. As I read about OAuth 2.0, redirect uri is optional. This caused me confusion when received this error. I also tried curl version, same kind of error.
If I tried to add a random redirect_uri won't pass either. (I'm aware this is about security.)
I found this answer, but I doesn't work and I think is error-prone: it requires 2 text fields and you're asking the user to provide their credentials (then you're able to do what you want with them...)
Soundcloud API authentication without a web browser
I would like to do the flow this way:
Open a web view with SoundCloud login end point.
User is providing his credentials to SoundCloud Server.
SoundCloud Server is sending me a token.
Something similar to OAuth 1.0.
Is possible or is there something similar to achieve my goal?
After another few hours of research and keep trying to login I figured it out.
It works with redirect_uri after I did the setup for it on page "Your apps" on SoundCloud.
Once again I am stuck! I am trying to implement a secure WebApi service with ASP.NET Identity using Individual Account. The WebApi service will be consumed by a mobile app developed with phonegap. My phonegap app uses facebook and twitter for login and I have implemented that on the client perfectly.
I have created a SPA project form the visual studio template and I have tested the login process monitoring the HTTP requests with fiddler and chrome dev tools. I have tried the following requests using postman
GET: http://localhost:49577/api/Account/ExternalLogins?returnUrl=/&generateState=true
RESPONSE:
[{
"Name": "Facebook",
"Url": "/api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A49577%2F&state=jpePf27F3ufkCCEldFdoOVMEGBGTEO1CrRdUQ3bHEP01",
"State": "jpePf27F3ufkCCEldFdoOVHSGBGTEO1CrRdUQ3bHEP01"
}]
and then I call
GET: http://localhost:49577/api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A49577%2F&state=jpePf27F3ufkCCEldFdoOVMEGBGTEO1CrRdUQ3bHEP01
which calls GetExternalLogin method of AccountsController. This then returns an instance of ChallengeResult when the user isn't authenticated.
This is where I an stuck.
Q1: ChallengeResult forces a 301 redirect to facebook login page with some querystring parameters. I don't want this, I want it to give me the parameters but let me handle the logging in my ajax request. I have tried commenting out this line of code
Request.GetOwinContext().Authentication.Challenge(LoginProvider);
but I end up getting a 401 with nothing else, how can I control what the response from ChallegeResult?
Q2. Also, I cannot quite figure out what next from here, after I get an access token from facebook, what webapi end point should I call for instance if I have already obtained the access token, what should I be passing to it?
I have googled all day but I cannot find anything that answers my question. Any help would be appreciated.
Thanks
UPDATE:
Regarding Q2; I have figured out the next step and that's
GET: http://localhost:49164/signin-facebook?code=...&state=...
This returns another 302 which redirects to
http://localhost:49164/api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A49164%2F&state=7oGPd37EA-nmtXPtYEQ40qnretDeKjbPEM1gNkb2DuM1
which in turn returns another 302 which then redirects to
http://localhost:49164/#access_token=...
So how do I handle all there redirects from a mobile non browser client?
UPDATE
I am trying to find the controller action that handles
http://localhost:49164/signin-facebook?code=...&state=...
Can anyone help?
UPDATE
I have since posting this question learned alot about the facebool login flow, which maybe I should have done before!
I still have one question but I have created a different question for that here to keep down the clutter
The answer to this question is a very detailed one. So to make it easier, I am going to point you to a sample which shows you how you can have a SPA app and connect different clients (phone, tablets etc) and login with Social logins such as Facebook etc
https://aspnet.codeplex.com/SourceControl/latest#Samples/WebApi/Todo/ReadMe.txt
I am developing a REST API, and have found a very interesting problem.
When I access the resources in a web browser (in my case Chrome), everything works fine. However, when I access the resources using a REST client (Google Chrome plugin, web-based client, and a Java applet), NONE of the variables pass to the API. This happens both with GET and POST methods.
I have absolutely no idea why this would be the case, and it's proving very difficult to test the methods before putting them into production (especially with POST methods).
Please help!
At first glance it sounds it could be 2 things:
You are not correctly passing API parameters via your client or
applet
A problem with authentication or cookie management. Does the API require any type of authorization?
Are you forgetting to set a necessary HTTP header?
Do you have control of the API also or is it a third party API? If so, do the params arrive at all or do they arrive empty? What's the error code? - a 403 not authorized (which would make sense if the key doesn't pass) or something else due to missing params.
Try the intermediate step of doing it with CURL form the command line - that'll give you more detail on what's coming back.