Mobile App Authentication on asp.net mvc controler - ajax

S*Problem to solve:*
So I'm building my first mobile app using nomad and I have pages I want to call through ajax. The problem is I need an authenticated user to get the data I'm looking for. I'm just using the built in forms authentication logic that comes built into mvc 3 projects. So how can I securely authorize a user on a mobile device and keep them logged in while making calls later?
Environment:
I'm using a tool http://vsnomad.com/, for my app, and a basic asp.net mvc 3 site controller to login and get the data the app needs. I'm not using webpi just a controler to keep it simply for now. For the mobile app its built on jquery, jquery mobile, and HTML 5, any help here would be much appreciated

Related

Passing Roles from ASP.NET Web API to ASP.NET CORE MVC to allow Authorize Attribute in Controllers

I think this is the first time to ask a question here, but wanted to try. Hope I got this right. I have searched all over web but nothing seems to come up for this scenario.
On a Test Project, I was going to have a ASP.NET Web API that will be exposed to the web. It will have authentication and authorization. The roles will be managed thru the Web API. I will have a ASP.NET CORE MVC app as one of the clients accessing the Web API.
What I would like to do is pass the users roles (in a Claim?) from the Web API into the Web Site and have the roles be used in the Controllers Authorize as well as in the views (menu filter and button disable functionality). Of course the issue is the separation of the Website from the Web API.
I have seen tutorials where the role is passed to a Angular/React/Vue site but I am trying to see about this in a Asp.net Core website.
I think I want to pass the claim(with the Roles) to the Website and have it use it as if the website was accessing the DB directly.
Just trying to figure out how this would be done.
Any direction would be appreciated.
Thanks

Progressive Web App Authenticate to API

Usually when I build a new website I create a .NET or PHP website. These website either connect to a MySQL DB or an external API. To do this I can securely store my credentials to these services and the back end will authenticate to them. Now since I want to build a Progressive Web App which is front-end only, how can I securely auth to these? Does my PWA have to have a login page that returns an API key that is dynamic? Thanks
Progressive Web App (PWA) is not front-end only. You can see the definition and the PWA Baseline too clearly understand what makes a PWA.
The problem you have mention is authentication on Single Page Web apps (which is front-end only). Here is the first article from Google with keyword "Single page web app authentication".
Token Based Authentication for Single Page Apps

Mixing MVC 5 + WEB API 2 Authentication for Website & Mobile App

I just got Visual Studio 2013 loaded up and want to create a new web/mobile app that uses the same authentication for the website version and the mobile version.
I loaded up both templates (MVC5 w/Indivual Account & WEB API w/Individual Account) to check them out but it looks like I actually want to do a merge of those projects so the MVC5 uses the Web Api 2 OWIN for normal username & password authentication along with Social Media logins via Oauth.
SPA - I did look at this template but I'm not looking for a SPA as my website will need to be SEO friendly plus I know MVC and want to keep using it.
This would seem like an obvious template that developers would like to have in order to support both websites and mobile apps in the same project.
If your target is to share user accounts between the MVC app and the Web Api app, then all you need to do is to have them both point to the same UserStore.
I think this is what you are looking for:
http://leastprivilege.com/2012/10/23/mixing-mvc-forms-authentication-and-web-api-basic-authentication/

iOS Android login form

I want to make a hybrid app for iOS and Android by wrapping the MVC4 mobile website into WebView/UiWebView. However i want the login screen to be a native view.
How can I submit the username and password to my MVC4 controller where i can check them in the database and after authenticating to redirect the user on another page? Notice that i have implemented a login form on the MVC web site also.
Should i use a ajax call from the mobile app? Can you provide some code example/tutorial/video?
That might be a problem because MVC is going to make some session cookies with tokens in it. So even if you were to get logged in using some kind of ajax call or setting headers and data and posting to the login process you still need to make sure that those tokens and cookies get set. And are useable by the Webviews.
I am not saying it can't be done just that it might be difficult.

Authentication Google Pages in .NET MVC3 App to get page source

I am writing an MVC3 app that is trying to get the page source of a google page (specifically the Android Marketplace for our company) that is behind the authentication wall. I am just wondering how I can authenticate properly so that my app can see pages that are authenticated.
I tried following the steps at this site (post by WeCi2i): http://bytes.com/topic/c-sharp/answers/870187-login-youtube-using-c, but without success.
Any advice would be appreciated.
Thanks
Microsoft included by default DotNetOpenAuth in MVC 4, but you can use it also in MVC 3
http://dotnetopenauth.net/
http://www.tkglaser.net/2012/02/single-sign-on-using-google-in-asp-mvc.html

Resources