I have an API that I want to consume with C# that uses OAuth2 with Authorization Code Grant Flow.
Does someone know an example or something on how to do it?
I want to know how I can return the Authorization code to my C# project after the user has logged in and given consent?
If you don't understand my question, I want to know how to go from step 1 to step 2 in this tutorial: https://auth0.com/docs/api-auth/tutorials/authorization-code-grant
It doesn't say how to "fetch" the "code" from the URL to my C# project.
A little bit late, but I had the same problem.
There are two solutions for getting back the code from authorization server in desktop apps.
Inner browser. If You want to use inner browser, like embeded CEFSharp, then You just want to listen to navigation event on the webbrowser control. When You authorize Your account then the server makes redirection to the specific URL that You provide. So You just catch that redirection, read the code from URL and cancel the redirection, hide the windows and so on.
Outer browser. In this case You just follow the previous steps, but insted running authorization in embeded window, You call the system browser and, what's important You set the redirect_uri to localhost/whatever:{port}. You have also run the local http server on that port (see ephemeral port), for example HttpListener Class and when the authorization process completes, server will redirect the external browser to the localhost adress You provide. The You just catch that request on Your HttpListener and You've got the code.
Related
Ok so I think I've settled on choosing BLAZOR for my upcoming project. But first I need to do something that is seemingly very basic.
For context, Blazor Server side will be how I interface with my SQL Server dB, I want "individual accounts" mode to be the way users authenticate. I'm using net 6.0,almost all tutorials out there seem to be net 5 since they all still have startup.cs files. Ok, but I also am creating a parallel app that is NOT a website, but I want it to grab data from the same database via routes after authenticating.
For example, website.com/api/data?variablestograb as a GET would send me some json data.
OK that being said, how do I login programmatically from an outside app? If you must know, the outside app is part of Unity C#. But that doesn't matter so much, what itll do is use a post call to login in via the api routes. Something like
Website.com/api/login?un=blah&pw=haha
This will generate a cookie and I can grab it with the session data and I'll use this with every get call hence.
Just using the basic templates, Blazor server net 6.0 with individual auth, how do I set up such a route? Looking at the files, I'm at a complete loss on how the login pages are actually passing data around.
Thanks!
Update: the specific ask is exactly how do I modify the Blazor Server Net 6 Individual Accounts template to allow me to authenticate a user via an external access api? My thought would be to reference the route above for /login/ but that might not even be the best practice. But even if it is, how exactly and where would I update the template to make this happen?
(I have a feeling it's pretty basic to do, but I've been reading tutorials for weeks now and they're all just talking about internal authentication and verification within each Blazor component. I basically want an external program to also be able to "drive the car" remotely, but first it must authenticate.)
If you're building an API for this from scratch, then it seems like you have the right idea, no matter what happens, you're going to send the cookie to be website every request or at least a session id which contains all the information provided. From a database perspective maybe create a session table which then contains all the info you want and also can be easily found. That's a way for you to create a cookie for client server communication, however this is from my limited knowledge and may not be the best way.
I'd recommend hiding information like keys in the header to prevent exposure, looking at other APIs like the Spotify API you can see they set the authorisation bearer.
Exposing all the information for the credentials in the URL for what could be sensitive database behaviour may not be the best. You can hide the information in the header for every request you make.
Maybe have a default controller that obtains the user information before handling any specific requests and making it accessible to your other methods/requests?
The basic process for any external authentication is:
Redirect to the external log in page.
External Provider does it business.
External provider posts to a page on your site with the authentication information included - normally security info in the header or a cookie.
The Blazor app reads the authentication information with the AuthenticationStateProvider.
Normally you just need to write a customer AuthenticationStateProvider and code to redirect if the user is not authorized. This may be a manual button in the top bar, a you aren't logged in page with a button to log in, or an automatic redirect to the provider. The return for the provider is either your landing page or some other page to tell them they logged in successfully.
The custom AuthenticationStateProvider replaces the standard one in DI services and provides the security information to the Authorization components.
Search for "blazor custom authentication provider" will get you lots of good resources.
I'm developing an app which requires oAuth2.0 code authorization. So, I want to open a browser and get the Access Token by logging into their website. But I want to do that within my app, without opening any external browser. Can Anyone Help me ??
The Documentation for the oAuth is Found Here.
I Want to open a browser within an UWP app (for oAuth2 grant)
UWP platform provide WebAuthenticationBroker class to get the Access Token by logging into their website within internal webview. And here is the detail steps how to use WebAuthenticationBroker. For more info please refer to official WebAuthenticationBroker code sample.
I understand what it is that you want to do. However what you are requesting would be a security risk for the user.
There is a reason why you cant / shouldnt do this.
By using the default web browser on the users machine. The user can be sure that this was their browser of choice and not an internal browser in your system which they have no control over.
second by opening it in a browser window the user can see the URL bar and verify that the authorization server is what they expect it to be
Oauth window opening for Google oauth you can see that the server it is going to is in fact googles authorization server.
What if this was possible.
If it was possible to request authorization from with in your app and you It would be very easy for you to set up a login screen to look exactly like the login for this authorization server. The user would then have no way of knowing that this was a fake login screen they were typing their credentials into.
All that being said I am not familiar with AniList API but I would hope that they do not allow you to do this. Open consent screen in the users browser and let them know that you are concerned with their security.
How do I redirect url based on register client in c# .net or asp.net 4.0. For example if client registers as "client1" and our website is www.mycompany.com for every page client proceeds should get www.client1.mycompany.com.
More detailed example:
For example another client created is Client2. The pages i have created in general is like
"www.mycompany.com/product.aspx"
"www.mycompany.com/categories.aspx" should be shown as
"www.client2.mycompany.com/product.aspx" and
"www.client2.mycompany.com/categories.aspx" respectively
I have searched on web and found for static pages or using Gloabal.asax during startup of application but haven't found any thing after user logged in.
I have done something similar before in a few sites and there are a couple methods you could use. Assuming that you have a url setup so that all subdomains ( *.url.com) will send any user to your server and you have IIS setup to handle them all (i.e. no host header required, just IP) in the same site you can use one of the following methods:
After login simply send the user to that url. Since .Net won’t care the url the server knows how to render it, then it should be that simple. This assumes all your navigation uses relative paths and you must enable cookie sharing for that domain. This is required if the cookie for login was give on 1.url.com and you send them to 2.url.com You can share cookies in the same domain, requires a little work, but can be done.
Create a generic login page that does a web service request back to the server to see if the user can login. If he or she can have it send back to the browser a command, along with the correct url, that tell the clients browser to post directly to that sites login page (send username, password). This will login them into their site and assign the cookies correctly all from one simple login page. You could even make an external login page that only exists for this purpose. In the end all the generic page did was see if they could login and the sent their credentials to the correct page that did the login. I recommend this be done in a post with ssl for security reasons.
I hope that makes since.
There's a project called UrlRewritingNet which I use - it's pretty old but the source is available so you could recompile it for 4.0.
Link is at http://urlrewriting.net/149/en/home.html
So I play an online game that's web based and I'd like to automate certain things with it using C#. Problem is that I can't simply use WebClient.DownloadData() because I need to be logged in to actually recieve the source. The other alternative was to use the built-in web browser control but that doesn't give me access to source code. Any suggestions?
I don't think NetworkCredentials will work in all cases. This only works with "Basic" or "Negotiate" authentication.
I've done this before with an internal website for some load testing, but sounds like you are trying to "game" the game. For that reason I won't go into details but the login to the site is probably being done in the form of an HTTP POST when you hit the login button.
You'd have to trap the POST request and replicate it in your code and make sure that your implementation maintains the session state as well, because if the game site is written well at all it will make sure that the current session has logged in before doing anything game related.
You can set the login credentials on the webclient using its Credentials property before calling DownloadData:
WebClient client = new WebClient();
client.Credentials = new NetworkCredential("username", "password");
EDIT: As mjmarsh points out, this will only work for sites that use a challenge-response method of authentication as part of a single request (I'm so used to dealing with this at work, I hadn't considered the other types!). If the site uses forms authentication (or indeed any other form of authentication), this method will not work as the authentication is not part of a single request - multiple requests are needed that you will need to handle yourself.
Network credentials will not work as mjmarsh has already pointed out.
While web scraping we come across lot of pages where login is needed. One of the approaches I use is install fiddler and monitor the POST and GET packets while manually logging in the site. This allows you to find out how the browser emulates the login. Then you need to recreate the same process by Code.
For example, most web servers use cookies to assume the session is authenticated. So you can use the credentials to post UserName and Password on the web site and record the Cookie. This cookie can then be used to access any further details on the web site.
Please check following link to check out more about Advanced Web Scraping:
http://krishnan.co.in/blog/post/Web-Scraping-Yahoo-Mail.aspx
In this blog, you will find how to authenticate into Yahoo account and then read the page after authentication.
I'm using WPF and C#.
I want to be able to launch a browser window, most likely IE, and provide known credentials so that the Windows-based application can handle the transition from itself to an outside browser without having the user enter his/her credentials again.
I do know how to launch the browser:
System.Diagnostics.Process.Start(url);
My main question is, how can I attach authentication to that? Perhaps by adding headers to it somehow?
Lastly, I don't really want to use the new WebBrowser control inside of WPF due to it's current problems with displaying with a transparent window.
1) You have to know how to "log in".
To do this login manually in the web application and trace the http traffic with http debugger like Fiddler. Pay attention what kind of http requests are sent, what names have the parameters, etc.
Once you know what sequence of http requests has to be send to log in you has to do this with the browser.
2) Implement log in automatically
2.1) If by any chance log in happens via http GET - just append the right query string to the url and start the browser. This could happen only if you control the web application and build in this mechanism, other wise log in is almost always implemented as POST with https.
2.2) If you have to do POST request you have several options:
2.2.1) You could provide local html document, that contains javascript and make ajax call to the login form from the javascript. To pass the parameters you could use get parameters.
2.2.2) If nothing else works you will have to use the browser via COM (WebBrowser control)
It's going to depend on how the web site handles user authentication. If you own the website, you can create a url that will log the user in with the information you provide.
Nick,
The authentication will be handled in different ways: -
Proxy Authentication is handled by Windows manually.
Forms Based authentication is handled by cookies, so the user needs to have the cookies present.
Windows NTML might be in the 'keychain' on the Operating system (Remember this password).
Cheers,
Phil.