MEETING TONIGHT
2 visualizações
Pular para a primeira mensagem não lida
Paul Johnson
21 de mar. de 2012, 13:37:0521/03/2012
para brw...@googlegroups.com
Just a reminder that we'll be holding a meeting tonight at Sparkhound, Inc. at 545. After meals, a quick overview of Web API and how you can access it via your app.
See you there!
Lancelot Dunnehoo
4 de abr. de 2012, 10:05:0804/04/2012
para Baton Rouge Windows Phone User Group
Brent asked about securing Web APIs. Here's a good answer:
http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CodeBetter+%28CodeBetter.Com%29
HTTPS, cryptography, and limiting IPs.
http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-web-apis-secure/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+CodeBetter+%28CodeBetter.Com%29
HTTPS, cryptography, and limiting IPs.
Paul Johnson
4 de abr. de 2012, 12:25:3804/04/2012
para brw...@googlegroups.com
Action filters are great. Another useful idea that I stole from the Windows Phone for Azure Tookit was to set up the membership api on the server, create a simple service that has 2 functions one to verify user creds (username/password) and the other to veriify an authentication ticket.
The service would simply validate the user, then create an authentication ticket, encrypt it and return that to the caller. The caller would then attach the ticket to the header of each call made to the service. The service has the following property to validate the identity:
private IIdentity UserIdentity
{
get
{
string ticketValue = null;
{
get
{
string ticketValue = null;
var cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
// from cookie
ticketValue = cookie.Value;
}
else if (HttpContext.Current.Request.Headers["AuthToken"] != null)
{
// from http header
ticketValue = HttpContext.Current.Request.Headers["AuthToken"];
}
if (cookie != null)
{
// from cookie
ticketValue = cookie.Value;
}
else if (HttpContext.Current.Request.Headers["AuthToken"] != null)
{
// from http header
ticketValue = HttpContext.Current.Request.Headers["AuthToken"];
}
if (!string.IsNullOrEmpty(ticketValue))
{
try
{
var ticket = FormsAuthentication.Decrypt(ticketValue);
if (ticket != null)
{
return new FormsIdentity(ticket);
}
}
catch
{
}
}
{
try
{
var ticket = FormsAuthentication.Decrypt(ticketValue);
if (ticket != null)
{
return new FormsIdentity(ticket);
}
}
catch
{
}
}
return null;
}
}
}
}
Refactoring this into an action filter is a breeze. I could forsee adding a public key request function to it, and encrypt all user auth traffic (or any other traffic) between your device and the site.
Really cool stuff!
Really cool stuff!
I'll add this to the pile of coolness for the WebAPI lightning round in June!
--
You received this message because you are subscribed to the Google Groups "Baton Rouge Windows Phone User Group" group.
To post to this group, send email to brw...@googlegroups.com.
To unsubscribe from this group, send email to brwpug+un...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/brwpug?hl=en.
Lancelot Dunnehoo
5 de abr. de 2012, 09:54:1505/04/2012
para Baton Rouge Windows Phone User Group
There's actually a WebApiContrib spinning up right now. Pretty cool.
> On Wed, Apr 4, 2012 at 9:05 AM, Lancelot Dunnehoo <lancelotdaem...@gmail.com
>
>
>
>
>
>
>
> > wrote:
> > Brent asked about securing Web APIs. Here's a good answer:
>
> >http://codebetter.com/johnvpetersen/2012/04/02/making-your-asp-net-we...
>
>
>
>
>
>
> > wrote:
> > Brent asked about securing Web APIs. Here's a good answer:
>
Responder a todos
Responder ao autor
Encaminhar
0 nova mensagem