I have a simple WCF Data Service and I am connecting to it on Android via the restlet odata extension. I'm trying to use Forms authentication with my WCF Data Service, which means including a authentication cookie, but I can't seem to see how to add a cookie to a org.restlet.ext.odata.Service. In my resetlet client service proxy constructor I've tried adding:
Request.getCurrent().getCookies().add("test","test");
I've also tried on my service proxy instance:
*myserviceinstance*.getLatestRequest().getCookies().add("test","test");
But nothing. I'm checking by adding a break point to 'OnStartProcessingRequest' in my WCF Data Service, but I never get the cookie.
Any help or direction is appreciated.
Related
I am using Django as my backend for my android app. I have been handling post request using #csrf-exempt annotation with my views as I wasn't able to deal with csrf verification while sending post request from android(VOLLEY LIBRARY).
Now, I have to use django.contrib.auth login and logout methods but sessions aren't working when I am sending post request from android.
I had tried enabling cookies with my request in android but that also didn't work(enabling cookies also did not solve the csrf verification failed issue).Also I tried taking csrf token from a GET request to django( django.middleware.csrf - get_token) and then passing that csrf token in headers(X-CSRF-TOKEN)in my post requests, that also didn't work.
Code that I used to enable cookies in android:
CookieManager manager = new CookieManager();
CookieHandler.setDefault(manager);
So,
1. I don't know how to use django scripts without using #csrf-exempt from android.
2. and how to use django login with android
Here is a generic response on using django as a backend: Is it possible to develop the back-end of a native mobile app using the python powered framework Django?
More specifically this is normally done with a JWT - json web token: http://www.django-rest-framework.org/api-guide/authentication/#django-rest-auth
I'm sure other rest/ api frameworks exist but I normally use DRF.
Here is an example with a tutorial: Authentication with android app in a django server
i have build an app on Symfony and a WebService REST for this app.
I have already build an Android application on the same idea of my Symfony project and i want to use the API (I'm on localhost) of my Symfony Application for consuming my Webservice in Android.
How can I do that without an OVH server or something else ?
Thank you ;)
You just need to send HTTP request to your webservice by specifing the endpoint as your local IP address.
You can use a third-part library as https://github.com/square/retrofit to do that properly, or with the native android http request manager : https://developer.android.com/reference/java/net/HttpURLConnection.html
I used to use HTTP Headers to pass some authentication data from my SignalR Client (Android) to our SignalR.
After updating my project to use the lastest source from GitHub, this technique has stopped working.
After some research, I noted that this happens because the new default transport used is websocket, and websocket don´t allow us to use Http Headers.
So,
Is there any way to use HTTP Headers with SignalR and WebSockets transport?
If no, how could I pass some parameters to my server? Is there any other option available than using QueryStrings?
Thanks!
In general you should be able to set headers in the client and it should send them to the server when the websocket is being opened (the connect request). Not sure what client you use but this this is possible when for sure with C# client. However, as opposed to other transports, sending or receiving messages when using websockets does not require creating new HTTP requests and therefore if you set headers after the websocket is opened they won't be sent to the server until the next time the client has to send an HTTP request which is either when the client needs to reconnect or when the connection is stopped.
Another option (if your client does not support headers for websockets) is to send parameters using query string. On the server side you can get the request using the HubCallerContext.Request property which allows you accessing the query string like this (you can also read cookies the same way):
Context.Request.QueryString
Again, query string will only be sent to the server if the client is making an HTTP request, which in case of websockets after the connection is established happens when the connection is reconnecting or is being stopped.
Finally, you already have a connection to the server so maybe you can just send your parameters using this connection which should work regardless of the transport you are using.
In my asp.net mvc4 project, I am using ApiControllers to serve both web clients and mobile clients. To secure the web services, I am using the [Authorize] annotation.
So for now, the web client is working fine. However, when I tend to invoke some Web API from a mobile application (e.g. Android), I got an error.
when I looked back at code snippet:
[Authorize]
public List<double> GetSomeInfo(int param1, string param2)
{
User user = SessionData.CurrentUser;
// do something using user.UserId
// ....
}
Session Data does hold user connected properties only when he is connected to the Web App. But in the case of mobile clients, Session Data is null. So, is there any appropriate method to resolve this problem.
In my opinion, I think that userId should be provided as a parameter for any Web API that may need it to do achieve some treatment.
What do you think ?
You are talking about two different things :
Session
As Darrel said, Web Api was not design to support Asp.net Session. HTTP and Rest Services are stateless – and as a result each HTTP request should carry enough information by itself for its recipient to process it to be in complete harmony with the stateless nature of HTTP.
So, do not rely on Session Variables, but add more paramters in your request.
Of course, there are a way to use session in Web Api, I suggest you to to use it.
Authentication
Because working with only paramaters ( such as UserId, AccountId, ...) is not very secure, you have to use Authentication and Authorization. I highly suggest you to read the security section in asp.net web api web site. Web Api support many authentications (Basic, OAuth, Windows, Custom, ...). You have to choose what is the best for you.
Web API was not designed to support sessions as they are a HTTP anti-pattern. You can get the currently authenticated user by accessing Thread.CurrentPrincipal if you have setup the necessary authentication mechanisms.
Basically I would like to connect to the WCF windows service from android with authentication. I am an android developer. I have tinkered with the WCF Rest service from this article and also configured the https.
Now I need to think about the authentication process (to the username and password in the database) to the WCF service from android. Should I encode username and password in the url and do http post, while returning a token for authorization, for login process and use the token and username for subsequent operation(and also save encrypted username and token in a pref file to avoid logging in next time, thus avoiding password)? Any advice and pointer to any project and document is welcomed.
There is a similar question at the programmers https://softwareengineering.stackexchange.com/questions/93005/designing-authentication-for-rest-api but I want to keep this question open since I would like to add useful code and links here.
Instead of encoding the username and password in url, they should be in the request body. The reason is that even though https encrypt the url, it is not a good practice because if the url is called from browser, the browser will remember it and username/password will be visible there in the browser history. Thus, here is an article to handle http Post http://www.codeproject.com/Tips/150313/Simple-WCF-web-service-to-receive-parameter-from-H
If https is achieved with self-signed certificate, you will need do some extra works
http://blog.antoine.li/2010/10/22/android-trusting-ssl-certificates/
More article on WCF rest and android http://fszlin.dymetis.com/post/2010/05/10/Comsuming-WCF-Services-With-Android.aspx
Creating a custom token in C#
http://msdn.microsoft.com/en-us/library/ms731872.aspx