Action filters are great. Another useful idea that I stole from the Windows Phone for Azure Tookit was to set up the membership api on the server, create a simple service that has 2 functions one to verify user creds (username/password) and the other to veriify an authentication ticket.
The service would simply validate the user, then create an authentication ticket, encrypt it and return that to the caller. The caller would then attach the ticket to the header of each call made to the service. The service has the following property to validate the identity:
private IIdentity UserIdentity
{
get
{
string ticketValue = null;
var cookie = HttpContext.Current.Request.Cookies[FormsAuthentication.FormsCookieName];
if (cookie != null)
{
// from cookie
ticketValue = cookie.Value;
}
else if (HttpContext.Current.Request.Headers["AuthToken"] != null)
{
// from http header
ticketValue = HttpContext.Current.Request.Headers["AuthToken"];
}
if (!string.IsNullOrEmpty(ticketValue))
{
try
{
var ticket = FormsAuthentication.Decrypt(ticketValue);
if (ticket != null)
{
return new FormsIdentity(ticket);
}
}
catch
{
}
}
return null;
}
}
Refactoring this into an action filter is a breeze. I could forsee adding a public key request function to it, and encrypt all user auth traffic (or any other traffic) between your device and the site.
Really cool stuff!
I'll add this to the pile of coolness for the WebAPI lightning round in June!
--
You received this message because you are subscribed to the Google Groups "Baton Rouge Windows Phone User Group" group.