I have a Silverlight application that uses both a RIA authentication domain service and a RIA entity domain service. The application works properly when run in a standard deployment scenario where the RIA services are consumed from the same ASP.Net web site that the Sivlerlight app is downloaded from.
In order to make my deployments more flexible I'd like to use separate web applications for hosting the RIA services and to host the Silverlight application. I've managed to get the RIA services working in a separate site and updated my Silverlight application to point to them. The problem is the authentication seems to break. I've looked at the RIA requests in fiddler and the authentication cookies are seemingly correct.
Has anyone managed to deploy a Silverlight RIA application with the RIA services hosted on a web site different to the one the Silverlight app is downloaded from?
Edit: this won't help you either.
http://msdn.microsoft.com/en-us/library/ee707359%28v=vs.91%29.aspx
The domain context class contains three constructors:
A default constructor that embeds the URI necessary to communicate with the domain service over http using a WebDomainClient class.
A constructor that permits the client to specify an alternate URI.
A constructor that permits the client to provide a custom DomainClient implementation (typically used for unit testing or redirection to a custom transport layer).
In the end the only difference I used fiddler to look at the difference in the requests that were working for a self hosted RIA service and an external one and the only difference was the HTTP referrer header. It would seem strange that the RIA RequiresAuthentication attribute takes the referrer header into account so perhaps it's something else entirely.
I was able to find a way to consolidate my domain and authentication services into a single one and allow it to be hosted on a different web app which is very handy. The approach was to put the AuthenticationDomainService into the main domain service. It doesn't allow the same usage pattern on the client, authentication is an entity load operation, but it does still make it easy to use an ASP.Net membership provider for authentication.
[EnableClientAccess]
public class MyDomainService : LinqToEntitiesDomainService<MyEntities>, IAuthentication<User>
{
public class AuthenticationDomainService : AuthenticationBase<User>
{ }
private AuthenticationDomainService m_authService = new AuthenticationDomainService();
public User Login(string username, string password, bool isPersistent, string customData)
{
return m_authService.Login(username, password, isPersistent, customData);
}
....
Related
I am looking to build an MVC with Entity Framework app so users with proper credentials can enter and edit data. I then want to expose the data via a REST Web Service so a "public facing site" can consume the JSON data. All users of the public facing site need to be able to view the Web service data without needing to login.
If I lock down my MVC site, will that affect the REST API coming from it, or will the REST be "open"? The REST API will be consumed by a totally different site. I need to separate the editors from the Web users.
Thanks!
K.
You can decorate the controller with [AllowAnonymous] attribute. The rest of the MVC controller you need to decorate with the [Authorize] attribute in order to be protected.
We would like to use the new authorization/token system of Web API2 and have upgraded to MVC5/Web API2.
There is an internal REST API that does authentication already that we would like to reuse. Essentially it takes uid/pwd and some additional profile parameters and returns true/false.
Question: how to hook up an authentication filter against that service instead of the default Entity Framework 6 DB-based Identity store?
I looked at UserManager class and it is unclear this is the right path.
Hope following video answer your question.
http://www.pluralsight.com/training/Courses/TableOfContents/webapi-v2-security
I have few basic questions on session management in GWTP.
Client : GWTP, Server - Restful WebServices using Guice and Jersey.
Application session management is straightforward when i have the backend service with RPC mechanism. But, With GWT client running on android and server side logic exposed as Restful Web services using Jersey, how do we maintain session because Restful WS are stateless. Now how do we achieve user session in this case?
Regarding session management there is no difference whether you use GWT's RPC, RequestFactory or RequestBuilder.
Communication in the web is basically stateless regardless of the communication protocol you are using.
Traditionally session management is done via server side sessions.
However RESTfull services are not supposed to rely on server side sessions as it violates restful principle.
So basically there are two ways to do it:
If you don't care much about violating the restful principles you can deploy server side sessions (see here for more details).
use OAuth (https://wikis.oracle.com/display/Jersey/OAuth)
somehow pass the credentials/securityToken for every request to your backend. You can probably do that by using GWTP's ClientActionHandlers.
After going throught lot of comments from different people, here what I have thought of doing.
My application can be accessed from Browser based app and Mobile devices as well. Application was written the http session management in server at first for browser based app. Now while getting Mobile client, we have implemented Rest web services, with same service layer for mobile device and browser client as well.
When user logs in with mobile device, we are creating a unique auth token and we store the http session with this token ID as key, value map in app. Later on we expect every user request from mobile device to return this token, and using this token get the session from map and continue.
Does anybody has any opinion on this approach?
Regardless of whether I create a RESTful Web service to be consumed by Ajax in my own pages, or by any user, I can provide the same functionality (data) to the application or user using a simple servlet.
I mean the user or application don't see any different between response provided by a simple servlet or respone provided by a RESTful web service. So, I'm guessing that the benefit is on the server side and to the developers. Can someone please tell me what are the benefits of using RESTful web services.
I appreciate any respone
By definition a webservice is intended to be consumed by any client granted access. If the client you are developing is the only application that you will ever need or want to access the resource then there is little benefit to creating a webservice. However, if you want to make the resource available as a service endpoint for more than just this application in a way that is implementation agnostic then a Restful webservice is a great way of doing it.
what are web services(Rmi,ejb,soap)? what is the difference between web services and web application? Is it possible to implement web services in web application?
A web service is a way to transmit/expose information in such a way that a Web Service client, which can created in a server script or from a stand-alone program, can call the service for what it wants using methods and functions defined by the service.
One of the benefits of a web service is that it abstracts these methods and functions (and variable types) in such a way that any language that "speaks" web services can use it's own syntax to interface with the service (thus making it cross-language).
Another benefit is that it uses the HTTP protocol (usually transmitting via XML or JSON, but not necessarily either), so it's also cross-platform.
A huge benefit is that an application that typically requires very specific knowledge and software can "expose" information via a web-service. So if you're corporate mainframe has tons of top-secret data that typically requires a terminal client, etc, to get data, certain data can be accessed via a Web Service so that you can have your HR department download and upload timesheet changes from a web site.
A web app can certainly include a web service, but they are not the same thing. You can make a web service using PHP or .NET, and then have a web app written in either language interface with that service, but a web app tends to be an interface for the site you're on, while a web service is about getting info to and from other apps (web or not).
web app is user interface, access by humans, user can browse data , can submit and retrieve data. All user interactivity (the GUI) is done through web pages, but all data is stored and manipulated on the server.
Web service server-based application and meant for interaction with other programs.
A web service is a way to expose some business logic you have over the internet. Say you got a module that connects to the database and does something. You can let other applications on the internet use this module of yours via web services. Web services uses SOAP over HTTP to invoke the request and retrieve the response in XML.
Web application - Person-to-server with HTTP, HTML
Web service - Server-to-server with HTTP, SOAP, XML