I am using ELMAH in a Web API 2 project. I wrote my own IAuthenticationFilter to authenticate against Atlassian's CROWD.
I want to secure ELMAH also against CROWD. Is there any way to achieve this?
Are you wanting to make a secure Web API call that shows the most recent or the most common errors in your ELMAH data store? If so, why not write those data-fetching calls and secure them with your custom filter the same way as your other API calls.
Related
I just started to work with Google API's (Calendar and Gmail for now). I already got both examples working on both my Frontend (React) and my Backend (Java - Spring).
I have the following doubt, If I want to enable users to be able to send email's using the oficial API not javax.mail should that be done on the Backend or it can be done on Frontend? Since the official documentation only shows examples on Java and Python.
If the answer is on Backend how will users be able to authenticate via OAuth2 If they are "not supposed" to see server-side information.
Thanks
Ok for does looking for an answer. I found the following guide...
https://developers.google.com/identity/sign-in/web/server-side-flow#step_1_create_a_client_id_and_client_secret
Basically you can get a client-side one time access code which is send to server-side where it can get a long-live access_token in order to have offline access once correct authentication has happened.
I am developing a client to access weather information from a RESTful API (http://api.worldweatheronline.com/free/v1/weather.ashx). I am using ASP.NET MVC4 and i have two choices as of my limited knowledge.
using jQuery.ajax({....});
using .NET4.0 HttpClient.
The API requires a key parameter key=xxxxxxxxxxxx as part of the request, and i do not want to reveal the key to the users of the site.
Please guide me someone and also let me know if there are some best practices/standard way of doing this?
If you don't want to reveal the key to users of the site, then you have no choice but to use HttpClient from within your ASP.NET web site. If you allow the call to be made by jQuery in the client browser then it is impossible to hide that key.
Well the title basically sums it up, I'm wondering if I can create an OWIN pipeline to my ASP.NET Web API. I want to do this so I can apply a base security layer that I can apply to all of my API service hosted on my service server. New to OWIN, love the idea
Yes. You can start with this http://nuget.org/packages/Microsoft.AspNet.WebApi.Owin/0.21.0-pre and then you will need an another package depending on what host you choose.
You will find below link helpful. It using Katana, an OWIN implementation for Microsoft hosts and the Web API framework.
http://www.strathweb.com/2012/12/running-aspnet-web-api-with-owin-and-katana/
Yes.
Also: If self-hosting Web API 2 using OWIN in a windows service, you can check out this example on GitHub: https://github.com/danesparza/OWIN-WebAPI-Service
It walks you through creating the service, adding OWIN using NuGet, and using attribute based routing in Web API 2.
I have a windows service that is supposed to send e-mails periodically.
Next to the windows service project there is an MVC 3 project that is sending e-mails with MvcMailer (beautifully).
I want to use the same engine to send e-mails for the windows service.
How should I do it?
Import the MVC binaries and create one controller and new views for this purpose? Will it work?
Saving it in the database and requesting my web project to send the e-mail might not be the best solution because the information is the result of a query and is too big to be sent in the request.
The only other option I see is to simply request the web project to do all the work but this way it wouldn't be beneficial to place the windows service in another service to save the site application resources.
How would you do it?
As an alternative to MVC Mail, ActionMailer.NET can now be used stand-alone outside of MVC.
The details are covered here
http://geeksharp.com/2011/07/06/actionmailer-0-6-released/
I would argue that calling a mvc mailer from the service might be an overkill. If the mvc project is supposed to expose sending the email API for all of your other solutions, then building a REST api might make sense. However, if you just want to bring the functionality of the action method to the windows service, then i would choose an in-process functional component. If you can refactor the logic of the mvcmailer action method into another assembly why not just do that and then include that assemlby as a depedency in your windows service solution.
If you can provide the over all purpose of the mailer and how it's used in the web scenario, it may help us to provide a better architecture.
Why do you think the query to send to mvcmailer us too large? If you have the mailer MVC project already working and exposed via a restful URL, that becomes your email service and simply call it as a web request from your service.
You can get around size constraints in your request That shouldnt be an issue.
I'm planning to use DotNetOpenAuth(http://www.dotnetopenauth.net/) for implementing openid logging for my application.
Initially I facilitate Facebook, Google, Yahoo and Twitter open ids to log in to my web application.
Do I need to write consumers ie. google, facebook for each items or Are there any common implementations to handle that ?
You could download the OAuth2 CTP which contains a sample project (OAuthClient) which has Facebook and Twitter implementations.