I am new to WP7 and I am working on a WP7 app that communicates with a Rest service using C#. I have been able to successfully develop the async code using HttpWebRequest to interact with it.
However, I am having difficulty with the login aspect (the service abstracts out all the details of login to Facebook so I do not have to deal with them. All I need to do is to go through the service call for login).
The service does the login by providing me a URI that I can call where I need to include several parameters withing the QueryString (such as app and user login info). Another one of those parameters I need to send is a "Response URI" within my app code for receiving the Login responses back. So, as the service executes the login procedure, it will continually send information back to my "Response URI" to notify me of the status of the Login process.
The possible outcomes of the Login process include:
1- a success message in the Querystring to my "Response URI"
2- more interestingly, the service may need my user to enter additional information in order to log in in which case the service wants to display a web page within my app for the user to enter this info.
Due to #2 above, I believe I need the "Response URI" within my WP7 app to be a WebBrowser control. So login responses from the service can be sent there and I just monitor the Query string of the URI displayed on that WebBrowser until I determine that we have arrived at a "final outcome" of the login process. Meanwhile, my app just lets the service make use of the WebBrowser to interact with my user if needed.
My issue is that I do not know how I can set the "Response path" for the login call to be a WebBrowser. Any help or suggestions would be greatly appreciated.
Thanks in advance.
This response is based on my experience of RPX/JanRain Engage. It might help if we know which login system you are using (it's not facebook itself, or is it?)
If the login system sends you a "need more info" message, then that message will contain a URL to show.
At this point show a page within a WebBrowser and pass in a dummy ResponseUrl (e.g. http://myurl.special/reply)
Then keep monitoring the WebBrowser's OnNavigating event - when the WebBrowser navigates to http://myurl.special/reply then you know you are done
I hope this helps...
Related
I'm currently working on a VueJS project on which I've just implemented a SSO system designed by the Portuguese government using our national identity cards, but I'm having some issues parsing the response from the external authentication server.
Here's a small GIF of my problem: https://gfycat.com/threadbarepossiblebagworm
The workflow is as follows:
User clicks on Authenticate.
User chooses "Login via ID Card"
User gets redirected to the external Authentication Provider
User logins with his ID Card.
External Authentication provider then sends back a POST method to the callback URL that is provided.
I read/parse the callback
The issue lies in step 6... The external authentication provider uses the callback URL I provided but I get this error
Cannot POST /users/callback
If this was a typical NodeJS I could just use
router.post('/callback' ....)
Is there a way I can read that callback in VueJS?
I've found this similar issue https://forum.vuejs.org/t/cannot-post-handling-form-post-from-an-external-site/41194/1 but no one managed to offer him a solution.
Thanks in advance!
EDIT: Before you ask, yes, that '/users/callback' is defined on router.ts and if I go to that route it does show a page. It's just not designed for POST methods afaik
Vue is a front-end framework, which means it doesn't have direct access to POST requests by default.
For production, are you running an npm script like "npm run build" and then serving the files that appear in the "dist" folder on a webserver, say Apache? Then you would have to respond to the POST request in Apache.
You could then store their authentication result "farther toward the backend" than Vue and have Vue grab it with vuex.
I am using webhook to create bot for page. I got everything but not getting where to get Callback URL
I think you're misunderstanding the concept of webhooks. The Callback URL is simply the location that you want Facebook to deliver messages to.
For example: if you are running a server at https://my_awesome_service.com and you want it to receive facebook updates, you would first create a route (let's say /v1/facebook_subscriptions) in your service. Once that's ready, you would insert https://my_awesome_service.com/v1/facebook_subscriptions into that Callback URL field. Facebook will then do a GET on that URL, which your server must reply to correctly. After that's done, Facebook will start sending you POST's, based on the subscription fields you set up.
There's a lot more information about this in the Facebook API Docs.
Callback URL(s)
A callback URL indicates where the user is to be redirected after a successful sign-in. Choose at least one callback URL, and it should:
Be an absolute URI.
Be pre-registered with a client.
Not include a fragment component.
See OAuth 2.0 - Redirection Endpoint.
Amazon Cognito requires HTTPS over HTTP except for http://localhost for testing purposes only.
App callback URLs such as myapp://example are also supported.
Background checks:
I read through several blogs but unable to find anything specific around this question.
Below is the architecture:
HTTPS website (no login needed) have common LIKE button.
Upon clicking, user enters email address and solves CAPTCHA and click SAVE button.
Rest call is made with data and DB stores the values.
Problem:
Now if someone try to call Rest from say POSTMAN, there is no way to authenticate whether call is coming from Https website or somewhere else.
Question:
Is there any way to ensure that Rest will understand whether call is coming from https site only in order to process request further?
Im writing a user registration mechanism by hand so I dont want to use existing plugins or something.
Im wondering what the best way would be. I planning to do the following abstract steps:
Writing an component which is in charge to output a button which calls the facebook-api --> login in via facebook (Im getting token and user name/id)
In my route im using that Data to call the REST-Server-Backend of my app. I will pass the token as well as the username/id to the Server. (POST api.myapp.com/users)
The Server recieves the request and will validate via Facebook-API
the user data and token on its own --> if valid: Add new user to
database.
If the user wants to login now (after registration) he will do again
step no.1 and than will ask the server if the user is existing. But
how: Since ember suggest that the REST-Server is somekind of a
CRUD-Server and using the store is for working for model data only, there
is no possiblity to do a "logic"-call to the server like "ask
him if user with id is existing". Should I call "GET ../users/" and than check in my route if the sum of the returned records are smaller than 1?
So is that a common pattern?
Sounds like a fairly simple OAuth workflow but obviously refer to the facebook docs. As far as point 4 is concerned, I would suggest that yes, on login you make a request for the login route on your server (which should abstract the facebook OAuth call), and if the user is authenticated, then send down the user resource, otherwise redirect them to the login and send down some sort of 401 HTTP error.
As all your API calls should be authenticated too your user won't be able to access any protected API resources.
I would also suggest you look into an ember plugin like ember-simple-auth which also supports OAuth.
You can find more information about OAuth2 workflows here.
I have a GWT app to deploy to Tomcat on a Windows server, with the following requirements:
1- The app should work fully, whether the user is in the Windows domain or not;
2- If the user happens to be in the domain, the app should be able to identify the user in some manner. Presumably, this should be via getThreadLocalRequest().getRemoteUser(), but any other alternative is fine...
3- If the user happens to be in the domain, the app should be able to access the MS Exchange server in that domain, without requiring the user to enter their password.
I've scoured the web high and low for this, but unfortunately, it seems there's no way to get authentication without forcing authentication. There are many examples of exclusions for, say, a login form or other "public" resources, but that won't work for us, since all the resources in a GWT app are packed into the same "page".
Maybe it's my limited understanding that's making me fail in some basic way, but I've tried to look at JCIFS, Jespa, Waffle and SPNEGO, and I just can't seem to get working the way I want to...
Any help would be greatly appreciated.
Cheers,
J.
How about putting a Javascript on your front page and have a Kerberos/SPNEGO protected page. The javascript will attempt to request a protected page, if the user is on the domain you will get the correct result from the page otherwise you will get 401 access denied. In the former case you can redirect your browser to exchange page, or have another AJAX call to retrieve things from exchange server in the later case you either show a log-in form or a generic anonymous page.
What about using JNI to call the Win32Api function LogonUser?
By doing impersonation at the thread level you will have the NTLM token added to the current thread and you would be able to call exchange with no issues