I have 2 projects that are WebApp and Api both use net core.
In the WebApp, I write a method Login that use identity and the Api project has method Get to get data from database.
So can I use the Login method in WebApp to generate JWT after user login to authorize to call Get method from API via ajax ?
PS: Sorry for my English
Thanks
Related
I want to implement the Jwt Token in the Asp.net Core 6 web application MVC without using web API. I read so many posts where they are referencing the API only.
And apart from that can we use cookies authentication in our Production environment?
I want to implement the Jwt Token in the Asp.net Core 6 web
application MVC without using web API. I read so many posts where they are referencing the API only.
To consume/generate JWT Token in ASP.net 6 web application MVC, it is similar like in the Web API application, you could create an MVC controller action method, and receive the Login user, then verify the user and call the generate JWT token method to generate the token. After that, you can add the token at the request header and access the protected data.
Refer the following articles and change the API controller to MVC controller:
https://www.c-sharpcorner.com/article/jwt-json-web-token-authentication-in-asp-net-core/
ASP.NET Core JWT Authentication and Authorization of Web API [Detailed]
Apart from that can we use cookies authentication in our Production
environment?
Yes, you can use it.
I am working on Ruby on Rails application. I need to implement Single Sign on / Single Log out (SSO / SLO) using OneLogin.
I used OneLogin-Ruby-Sdk => https://github.com/onelogin/onelogin-ruby-sdk to log user via session token API. It creates a cookie in browser and allows me to login on other apps. But when I logout using log_a_user_out Api. It only logs out of current application but not from all applications. So SLO is not working in this case.
Thereafter, I integrated devise_saml_authenticatable => https://github.com/apokalipto/devise_saml_authenticatable. It works with SSO / SLO perfectly. But it redirects to oneLogin UI to generate SAMLRequest and send back SAMLResponse.
Is there a way I can generate SAMLRequest and SAMLResponse programatically ?
Just like we do for OAuth2 where we can generate access token using refresh token again and again.
Basically I want users to signup and login through my app forms and communicate with OneLogin and implement SSO / SLO using API rather than going to oneLogin UI.
Please let me know if more information is required in terms of code which could help in providing answer. I will be more than glad to do so. Any help is hugely appreciated.
My user flow is as follows...
User requests a protected resource.
User redirected to authentication provider (e.g. Google)
User redirect back to ASP.Net MVC application which uses cookie authentication.
This works great, and following the MVC sample application from the IdentityServer samples I can see a list of claims for my user.
So the main page of my application is rendered using an MVC view, I have other resources which are authorised via resource authorisation and this works great.
The next part of my application is an API. Let's say it's api.domain.com/stockquote
This should only be useable by authorised users of my application and not publically available.
I have successfully made an Angular JS application with Identity Server and understand that when the token is returned I am able to get the value of /id_token from the URI, store it in localstorage and then use it to form an authorisation header for the API e.g. Authorization=Bearer {token} . Again works nicely.
However, now I am authenticated into my MVC application how do I get this token and put it into local storage so that I can create a header for my API calls?
Can I extract it from the cookie somehow?
Is it a good idea to output it in the HTML stream so that JS can pick it up and put into localstorage (guessing now).
Can I use the token endpoint to somehow get this token?
One way to handle this might be to change the way you authenticate. Instead of handling the callback in MVC on the server side, handle it in JavaScript. Then the token is available for you to store in local storage. This might not be possible if you are making requests on the server side that uses the token as well.
I have an Ember.js app using Ember Simple Auth. The API returns an auth token on successful sign in with email and password. I'm trying to add Facebook Login using their Javascript SDK. Upon successful sign in with Facebook, I would like to post the Facebook access token back to our API, so that the API can store the access token and respond with our own auth token. However, I'm not sure how to connect this to Ember Simple Auth so that the auth token can be stored outside of the normal email/password sign in. What do I need to do in order to make this work?
The dummy app in the repository implements the exact functionality you're describing (except it uses torii instead of the Facebook JS SDK). If you're using Rails on the server you might find the RailsApiAuth engine helpful that already implements the server part for the Facebook auth code flow.
I am building a SPA (Single-page application) that is going to consume and REST API. My application will use the facebook login.
Just to clarify my ideas:
I will use Facebook SDK (javascript) to authenticate my new user. Facebook will give me an access token. This will run on client side.
Now, i will make a request to my REST API. Do i need to pass the access token to the REST API? DO i need to verify always to see if the user is logged?
I know it is a newbie question..
As long as you are using the JavaScript SDK (and FB.login), you donĀ“t need to worry about the Access Token - at least not in most cases.
You can verify if a user is authorized already by using FB.getLoginStatus on page load.