I've been struggling a lot lately to find decent solution which has authentication mechanism for server and client API's.
I put alot of effort trying to find working(!) code samples , but couldn't find any.
The code from DotNetOpenAuth doesn't work for me - im using vs 2010 .net 4 webform
Anyway , I can't seems to find a solution which covers an overall API for all parameters/providers and it seems that I have to build it from scratch.
For example — ( google) : Every solution I've found provides only the info that the basic url is :
https://accounts.google.com/o/oauth2/auth
Also , i don't know if this usage is going to work since I've heard that the service is deprecated :
But this will never work alone , since I have to append URL parameters :
https://accounts.google.com/o/oauth2/auth?
scope=email%20profile&
state=%2Fprofile&
redirect_uri=https%3A%2F%2Foauth2-login-demo.appspot.com%2Foauthcallback&
response_type=token&
client_id=812741506391.apps.googleusercontent.com
Why do I have to build/encode it by myself ?
Now , I don't have a problem with the parameters filling , I have a problem with the fact that I can't find full API for both client (js) and server side (.net).
It seems that I have to build the url + encoded values by myself
Question
Is there any solution which will take as param my plain values , and will provide final valid URL ?
(both for C# and js/jq and for many providers )
If you do this request in Ajax with jQuery, you can use the "data" parameter to pass those values and jQuery will ensure that everything is kosher.
If the request is a POST, it will add it to the body or append it to the URL if it's a GET request.
See here: http://api.jquery.com/jquery.ajax/
Related
I'm trying to get to grips with OneDrive, using this tutorial:
https://msdn.microsoft.com/en-us/library/hh826529.aspx
When I run in code, it gets as far as the makeAccessTokenRequest function, sending the following requestURL:
"https: //login.live.com/oauth20_token.srf?client_id=[myclientID] &client_secret=[myclientsecret]&redirect_uri=https:// login.live.com/oauth20_desktop.srf&grant_type=authorization_code&code=[authcode]"
(please ignore the spaces after "https:", I had to add them here to allow the question)
[myclientid], [myclientsecret], and [authcode] all appear to be populated correctly. It seems to get a response, as it runs the function "accessToken_DownloadStringCompleted", but throws a "TargetInvocationException" error, The inner message of the error is ""The remote server returned an error: (400) Bad Request.".
Could anyone throw any light on this? I'm completely new to this, so apologies if my question makes no sense, or is irritatingly vague..
Requests to the oauth20_token.srf end point need to be a POST with the parameters in the body of the post, instead of the query string. Since you didn't mention what code you're using to build the HTTP request it's hard to provide an example, but take a look at RedeemAuthorizationCodeAsync in my sample OAuth 2 project for an idea.
The outgoing request should look like this:
POST https://login.live.com/oauth20_token.srf
Content-Type: application/x-www-form-urlencoded
client_id={client_id}&redirect_uri={redirect_uri}&client_secret={client_secret}&code={code}&grant_type=authorization_code
You may also find this tutorial easier to follow than the one you linked with: https://dev.onedrive.com/auth/msa_oauth.htm.
If you are doing something with OneDrive (you tagged the post OneDrive) then you may want to consider using the OneDrive SDK instead. It includes authentication for several types of .NET projects so you don't need to figure out how to do auth yourself.
I have an .NET application that uses mostly AngularJS, but for getting some things to work on IE9 we used sometimes a Jquery plugin to fix it (e.g. file upload)
Then on the other side there is an API that handles that application. But the API and the App won't be running on the same urls, so as good practice I would love to have 1 place where all the URl's can be set for where the API is where you can find the videos, ....
but how can I handle all this?
If i set them on the angular side, the controller is loaded after the JQuery,
so the value is undefined.
It can't read the web.config because it's just plain html files that are getting loaded. so no support from C#.
And didn't find any way on loading it in via JQuery.
Any suggestion on how to do this?
You can set it as a basic Object so scripts outside of Angular can use it. When you need to use it in the app, you can either require it directly or set it as a constant or create a service using it.
For example,
var api = {
baseUrl: 'www.moo.com/api/v1',
dogs: '/dogs',
cows: '/cows'
};
alert('This alert was created prior to angular module declartion with your api: ' + api.baseUrl);
angular.module('myCheeseIsGoodApp', [])
.constant('apiConstant', api)
.controller('TestController', ['$scope', 'apiConstant', function($scope, apiConstant){
$scope.apiConstant = apiConstant;
}]);
Here is a plunkr to check out how it works.http://plnkr.co/edit/fnqcwHxgxgrZlCpryMiC?p=preview
Keep in mind this was just a quick way to show you how to use it, but you may want to make it a bit more elegant.
I'm coming to .net web api from a JavaScript background, and I'm trying to make a proxy to help with a cross domain JSON request. I'm GETing from a server I don't control the source code for, so I can't configure CORS directly. Likewise, it doesn't speak JSONP.
So two questions as I try to get my head around Web API:
1) Is Httpclient the right tool for this job? (if not, what is?)
2) If httpclient IS the right tool, what is an absolute bare bones httpclient config so I can test this out? Not worried about throwing exceptions or anything else other than just GETing API data and feeding it to a jQuery client.
I guess one other piece of information that would be nice would be building username / password authentication into the http request.
Any help is much appreciated, as are links to any good blogs / tutorials / etc that might help as an introduction to this sort of thing. I've watched several today alone, and I'm still not able to get a basic http request going on the server side without resorting to cutting / pasting other people's code.
Thanks in advance!
** EDIT - To make this question a bit more clear, what I'm trying to test is 1) Can the proxy connect to the third party server, which involves authentication via a username and password 2) Can the proxy then respond to the jQuery client request with the JSON data it received from the third party server.
Thanks to all who have taken the time to respond.
HttpClient seems to be ok in this job.
About the minimal config- it depends on what the third party expects. In most cases would work out-of-the-box, but there always may be some minor tweaks like headers and/or auth code.
I have just found some blog entry where some author shows how to test such a proxy and shows the proxy code too. Please see: http://www.davidbreyer.com/programming/2014/10/11/create-fake-responses-to-rest-service-calls-in-c/
You can find info about sending credentials here: How to use credentials in HttpClient in c#?
HTH
EDIT:
this sample code should work (copied from blog above and modified):
public class Proxy
{
public async Task<ExampleDto> GetExample(int id)
{
var client=new HttpClient();
//set some auth here
//set other headers
var response = client.GetAsync(
string.Format("/api/restserviceexample/{0}", id))
.Result.Content.ReadAsAsync<ExampleDto>();
return await response;
}
}
It's so simple that you can just run it and see if the other server responds. If not, you can play with headers - since all the session info and user auth info are sent using ookies and/or headers, all you have to do is to see how it's made with regular browser and then fake it on the server. Probably best tool for this job will be Fiddler.
However - there is one thing to consider. If the other service has special method for authorization (other than passing credentials with each request) the whole thing becomes tricky, since your proxy should perform authorization using their service, then store their auth cookie on the server or propagate them to the browser and attach them with all next requests.
First, you don't need ASP.NET with C# if you really want minimal.
.NET has great http handling without ASP. Check out classes like HttpListener, HttpListenerContext, HttpListenerRequest, etc... Yes, you'll have to write some boilerplate as your application, but these classes are pretty good.
See among others:
http://www.codeproject.com/script/Articles/ViewDownloads.aspx?aid=599978
Second, if you want user & password, I'd checkout using oauth authentication so you don't have to deal with them directly. Google Plus, Windows Live, Facebook, etc... all have similar OAuth 2.0 APIs for that. See among others:
http://msdn.microsoft.com/en-us/library/dn659750.aspx
https://developers.google.com/+/web/signin/server-side-flow
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2
I have an MVC 3 application, in which I am using actionMailer to send out emails (to the C drive for now) for Password reset etc.
The problem is I can send the e-mail and password reset no problem however there is nothing to stop the user from using that same email over and over again.
So I believe I need to send a token with the e-mail.
I've being trying to use...
var token = WebSecurity.GeneratePasswordResetToken(email);
I get following error...
You must call the "WebSecurity.InitializeDatabaseConnection" method before you call any other method of the "WebSecurity" class. This call should be placed in an _AppStart.cshtml file in the root of your site.
UPDATE: Basically I'm looking for the steps involved in doing the above for an MVC 3 application!
I have no webpages tables in my database and would prefer not to have to add such tables now.
I have searched around the web and keep getting answers related to MVC 4, which as far as I can understand as built-in facility for the above.
I have webMatrix.WebData in place in my references folder, and have set "CopyToLocal = true".
If anyone as any advice can you please be as detailed as possible in your suggestions, also I can post up whatever additional code needed. Please keep in mind this is MVC 3 application.
I'm just trying to make an yahoo boot that send to registered user of my application an instant message. I've spent some hours searching the web on how to do it but yahoo developer documentation sucks.First of all I don't know what servers I should use for authorization, log in, and messaging. I have a consumer key and I've tried to follow this steps but nothing works.
Any advice/suggestion is welcome.
The documentation looks to be very good, I think the issue here is that your knowledge of how REST API's work in general is a bit lacking.
Let's talk about diagram #2: Get a request token using: get_request_token.
get_request_token is part of an HTTP endpoint, and in their diagram they want you to pass in a handful of parameters to validate your request.
oauth_consumer_key
oauth_nonce
oauth_signature_method
etc
(If you need more clarification of any step you can find it in the tree view on the left hand side of the page)
The request URL:
https://api.login.yahoo.com/oauth/v2/get_request_token.
Now at this point you can either use the HTTP GET or POST verb. If you decide to use GET you will need to include those above parameters as a query string.
?oath_consumer_key=myConsumerKey&oauth_nonce=oathNonce etc
I will leave it to you to write the associated C# code. You'll want to start off with the HttpWebRequest.Create() method