I have a scenario where I'm trying to login from UIWebview and if authenticated successfully then I'm getting a string token using script snippet window.external.notify I'm able to get token in windows phone using myWebView.ScriptNotify+=WinNotify; and in android using myWebView.AddJavascriptInterface(new ExternalInterface(),"");
but the problem is that I'm not able to detect any code snippet in iOS webview to read this notify script.
I've tried This where I've used IWKScriptMessageHandler but didn't work.
Can you guys please help me to get it done in iOS?
I've done something like this a some while ago for Azure Access Control Services. The code can be found here: https://github.com/Cheesebaron/Cheesebaron.MvxPlugins/blob/0e8b7765fe375d1d4998552074d664e6cf5397a3/AzureAccessControl/AzureAccessControl.Touch/Views/AccessControlWebAuthController.cs
Basically what this does is injecting a Notify script into the page, when that script is invoked, it navigates to a specific URL that I know and from that I can grab the payload.
private const string ScriptNotify = #"
<script type=""text/javascript"">
window.external = {
'Notify': function(s) {
document.location = 'acs://settoken?token=' + s;
},
'notify': function(s) {
document.location = 'acs://settoken?token=' + s;
}
};
</script>";
So the code above navigates to acs://settoken?token= when the notify script is invoked. You can detect this in UIWebView.ShouldStartLoad by checking the url scheme. If it matches the one in the notify script you are done.
To inject the script, I implement NSUrlConnectionDelegate and in the FinishedLoading override I inject it as part of the data and make the UIWebView load that content instead.
Related
I have developed an Xamarin forms application. Provided download option to download file in our application. I have clicked download file and download progress show in app itself. If lock the iphone while download is in progress and unlock it again download stopped. How can I process download even locked phone?. This occurs only in iOS and works properly in Android.
I have used webclient DownloadFileTaskAsync process to download a file and maintain progress value in it.
WebClient client = new WebClient();
client.DownloadFileTaskAsync(new Uri(DownloadUrl), FileName);
Updated Query:
I have implemented the back-grounding process into my source. I have used "Creating Background-Safe Tasks" concept for my download process. I can download more than one file, so put this process in Task itself previously. Now, I have used BeginBackgroundTask in my download process but download process not carried to UI, even BeginBackgroundTask code doesn't hit while debug the code.
Below function put in native and called this function from forms when click download button.
public async Task DownloadFile(string DownloadUrl, string FileName)
{
var taskID = UIApplication.SharedApplication.BeginBackgroundTask(async() =>
{
WebClient client = new WebClient();
client.DownloadProgressChanged += new DownloadProgressChangedEventHandler(client_DownloadProgressChanged);
client.DownloadFileCompleted += new AsyncCompletedEventHandler(client_DownloadFileCompleted);
client.DownloadFileTaskAsync(new Uri(DownloadUrl), FileName);
});
UIApplication.SharedApplication.EndBackgroundTask(taskID);
}
Also registered the app into Background fetch registration categories and now also progress not carried out while lock screen or minimize the app.
Am I missing any process in background techniques? Could you please help me to resolve this or suggest some simple sample as my scenario?
Please help me on this to resolve it.
Regards,
Cheran
You will need to use NSURLSession instead and create a background session for it. You can read how to do this in the official Xamarin Documentation.
You might get away with using WebClient in a background session, but only for a very short time span by using the pattern described in the "Handle iOS Background Limits" docs:
Task.Factory.StartNew(() =>
{
//expirationHandler only called if background time allowed exceeded
var taskId = UIApplication.SharedApplication.BeginBackgroundTask(() => {
Console.WriteLine("Exhausted time");
UIApplication.SharedApplication.EndBackgroundTask(taskId);
});
while(myFlag == true)
{
Console.WriteLine(UIApplication.SharedApplication.TimeRemaining);
myFlag = SomeCalculationNeedsMoreTime();
}
//Only called if loop terminated due to myFlag and not expiration of time
UIApplication.SharedApplication.EndBackgroundTask(taskId);
});
Where you would replace the while with your WebClient code.
However, as mentioned you really need to use Background Transfers for this to work properly.
Is there any way to provide RedirectURL then using GoogleWebAuthorizationBroker?
Here is the sample code in C#:
Task<UserCredential> credential = GoogleWebAuthorizationBroker.AuthorizeAsync(secrets, scopes, GoogleDataStore.User, cancellationToken, dataStore);
Or we have to use different approach?
I have an "installed application" that runs on a user's desktop, not a website. By default, when I create an "installed application" project in the API console, the redirect URI seems to be set to local host by default.
What ends up happening is that after the authentication sequence the user gets redirected to localhost and receives a browser error. I would like to prevent this from happening by providing my own redirect URI: urn:ietf:wg:oauth:2.0:oob:auto
This seems to be possible using Python version of the Google Client API, but I find it difficult to find any reference to this with .NET.
Take a look in the implementation of PromptCodeReceiver, as you can see it contains the redirect uri.
You can implement your own ICodeReceiver with your prefer redirect uri, and call it from a WebBroker which should be similar to GoogleWebAuthorizationBroker.
I think it would be great to understand why can't you just use PrompotCodeReceiver or LocalServerCodeReceiver.
And be aware that we just released a new library last week, so you should update it to 1.9.0.
UPDATE (more details, Nov 25th 2014):
You can create your own ICodeReceiver. You will have to do the following:
* The code was never tested... sorry.
public class MyNewCodeReceiver : ICodeReceiver
{
public string RedirectUri
{
get { return YOU_REDIRECT_URI; }
}
public Task<AuthorizationCodeResponseUrl> ReceiveCodeAsync(
AuthorizationCodeRequestUrl url,
CancellationToken taskCancellationToken)
{
// YOUR CODE HERE FOR RECEIVING CODE FROM THE URL.
// TAKE A LOOK AT THE FOLLOWING:
// PromptCodeReceiver AND LocalServerCodeReceiver
// FOR EXAMPLES.
}
}
PromptCodeReceiver
and LocalServerCodeReceiver.
Then you will have to do the following
(instead of using the GoogleWebAuthorizationBroker.AuthorizeAsync method):
var initializer = new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecrets = secrets,
Scopes = scopes,
DataStore = new FileDataStore("Google.Apis.Auth");
};
await new AuthorizationCodeInstalledApp(
new GoogleAuthorizationCodeFlow(initializer),
new MyNewCodeReceiver())
.AuthorizeAsync(user, taskCancellationToken);
In addition:
I'll be happy to understand further why you need to set a different redirect uri, so we will be able to improve the library accordingly.
When I create an installed application the current PromptCodeReceiver and LocalServerCodeReceiver work for me, so I'm not sure what's the problem with your code.
How can you detect the url that I am browsing in chrome/safari/firefox via cocoa (desktop app)?
As a side but related note, are there any security restrictions when developing a desktop app that the user will be alerted and asked if they want to allow? e.g. if the app accesses their contact information etc.
Looking for a cocoa based solution, not javascript.
I would do this as an extension, and because you would like to target Chrome, Safari, and Firefox, I'd use a cross-browser extension framework like Crossrider.
So go to crossrider.com, set up an account and create a new extension. Then open the background.js file and paste in code like this:
appAPI.ready(function($) {
appAPI.message.addListener({channel: "notifyPageUrl"}, function(msg) {
//Do something, like send an xhr post somewhere
// notifying you of the pageUrl that the user visited.
// The url is contained within msg.pageUrl
});
var opts = { listen: true};
// Note: When defining the callback function, the first parameter is an object that
// contains the page URL, and the second parameter contains the data passed
// to the context of the callback function.
appAPI.webRequest.onBeforeNavigate.addListener(function(details, opaqueData) {
// Where:
// * details.pageUrl is the URL of the tab requesting the page
// * opaqueData is the data passed to the context of the callback function
if(opaqueData.listen){
appAPI.message.toBackground({
msg: details.pageUrl
}, {channel: "notifyPageUrl"});
}
}, opts ); // opts is the opaque parameter that is passed to the callback function
});
Then install the extension! In the example above, nothing is being done with the detected pageUrl that the user is visiting, but you can do whatever you like here - you could send a message to the user, you could restrict access utilizing the cancel or redirectTo return parameters, you could log it locally utilizing the crossrider appAPI.db API or you could send the notification elsewhere, cross-domain, to wherever you like utilizing an XHR request from the background directly.
Hope that helps!
And to answer the question on security issues desktop-side, just note that desktop applications will have the permissions of the user under which they run. So if you are thinking of providing a desktop app that your users will run locally, say something that will detect urls they access by tapping into the network stream using something like winpcap on windows or libpcap on *nix varieties, then just be aware of that - and also that libpcap and friends would have to have access to a network card that can be placed in promiscuous mode in the first place, by the user in question.
the pcap / installed desktop app solutions are pretty invasive - most folks don't want you listening in on literally everything and may actually violate some security policies depending on where your users work - their network administrators may not appreciate you "sniffing", whether that is the actual purpose or not. Security guys can get real spooky so-to-speak on these kinds of topics.
The extension via Crossrider is probably the easiest and least intrusive way of accomplishing your goal if I understand the goal correctly.
One last note, you can get the current tab urls for all tabs using Crossrider's tabs API:
// retrieves the array of tabs
appAPI.tabs.getAllTabs(function(allTabInfo) {
// Display the array
for (var i=0; i<allTabInfo.length; i++) {
console.log(
'tabId: ' + allTabInfo[i].tabId +
' tabUrl: ' + allTabInfo[i].tabUrl
);
}
});
For the tab API, refer to:
http://docs.crossrider.com/#!/api/appAPI.tabs
For the background navigation API:
http://docs.crossrider.com/#!/api/appAPI.webRequest.onBeforeNavigate
And for the messaging:
http://docs.crossrider.com/#!/api/appAPI.message
And for the appAPI.db stuff:
http://docs.crossrider.com/#!/api/appAPI.db
Have you looked into the Scripting Bridge? You could have an app that launches, say, an Applescript which verifies if any of the well known browser is opened and ask them which documents (URL) they are viewing.
Note: It doesn't necessarily need to be an applescript; you can access the Scripting Bridge through cocoa.
It would, however, require the browser to support it. I know Safari supports it but ignore if the others do.
Just as a quick note:
There are ways to do it via AppleScript, and you can easily wrap this code into NSAppleScript calls.
Here's gist with AppleScript commands for Safari and Chrome. Firefox seems to not support AE.
Well obviously this is what I had come across on google.
chrome.tabs.
getSelected
(null,
function
(tab) {
alert
(tab.url);
}) ;
in pure javascript we can use
alert(document.URL);
alert(window.location.href)
function to get current url
I am writing a Firefox add-on for Linux users to pass credentials for NTLM authenticated sites.some what similar to AutoAuth which is written using XUL framework
https://addons.mozilla.org/en-us/firefox/addon/autoauth/
my question is how to access Authentication Dialog using Firefox SDK?
With the add-on sdk you don't have XUL overlays so only thing you really can do outside of that is to use the window watcher. Since popup windows are considered windows you'll see them in the onTrack function when they popup in the browser.
This example code watches windows looking for the window location chrome://global/content/commonDialog.xul which is similar to what the autoauth add-on is doing. That dialog is used for a number of auth questions so you'll have to do the additional work of detecting NTLM auth.
var { isBrowser } = require("sdk/window/utils");
var delegate = {
onTrack: function (window) {
if (!isBrowser(window) && window.location === "chrome://global/content/commonDialog.xul") {
// this could be the window we're looking for modify it using it's window.document
}
},
onUntrack: function (window) {
if (!isBrowser(window) && window.location === "chrome://global/content/commonDialog.xul") {
// undo the modifications you did
}
}
};
var winUtils = require("window-utils");
var tracker = new winUtils.WindowTracker(delegate);
With this code you're pretty much at the point of the autoauth add-on's load() function. You can use window.document.getElementById() to access the DOM of that window and alter the elements within it.
NOTE That the window-utils module is deprecated so you'll need to keep up with the SDK as they move from that module to (hopefully) something else similar.
I have problems with facebook application based on flash which communicate with PHP using FBJS-bridge. When someone use the application for the first time, he/she is asked for various permissions. After that, flash contact PHP with ajax but request is never sent. When you refresh page, everything is working without any problems.
If you remove the application on privacy settings, refresh the page and try again - same bug happens. If you allow application, refresh page, in other tab remove application and start application in previous tab - user is asked for permissions but everything is working after allowing application.
This is FBJS code
function openPermissions(){
Facebook.showPermissionDialog(/*permissions string*/, permissionOnDone);
}
function permissionOnDone(perms){
if (!perms) {
document.getElementById("indexswf").callSWF('noallow');
} else {
document.getElementById("indexswf").callSWF('allow');
}
}
function ajaxCall(url,parameters){
var params = {};
for(var i=0;i<parameters.length;i+=2){
params[parameters[i]]=parameters[i+1];
}
ajax = new Ajax();
ajax.requireLogin = true;
ajax.responseType = Ajax.RAW;
ajax.ondone = function(data){
document.getElementById("indexswf").callSWF('parseAjax', data);
}
ajax.post('http://the.url.to/the_real_server/not_to_the_fb_url/'+url,params);
}
openPermissions is called to display permission dialog, and on allow flash function allow() is called. In flash, allow() calls JS function ajaxCall(), which should make ajax request. But, ajax.post never sends request. I know that for sure, because flash function parseAjax was never called and also debugging tools in browsers are not showing any ajax requests. URL and parameters are same as when it is working. No flash or JS errors are detected...
Anyone have idea what is wrong here? Maybe facebook bug again since this was all working few days ago...
ajax.requireLogin = true should be set to false for some reason