I want to make a hybrid app for iOS and Android by wrapping the MVC4 mobile website into WebView/UiWebView. However i want the login screen to be a native view.
How can I submit the username and password to my MVC4 controller where i can check them in the database and after authenticating to redirect the user on another page? Notice that i have implemented a login form on the MVC web site also.
Should i use a ajax call from the mobile app? Can you provide some code example/tutorial/video?
That might be a problem because MVC is going to make some session cookies with tokens in it. So even if you were to get logged in using some kind of ajax call or setting headers and data and posting to the login process you still need to make sure that those tokens and cookies get set. And are useable by the Webviews.
I am not saying it can't be done just that it might be difficult.
Related
I have a Codeigniter website,
I'm tring to redirect users to different URLs after logging-in with google log-in dependent on the button they click before.
i set an "Authorised redirect URI" in google APIs.
i tried to set tempdata before the user log-in but it wont work, even seting userdata isn't working.
what is the proper way? thanks
Don't use session while login with social media rather use database to keep data for temporary use. Authorization sometimes destroys sessions.
I have created an application with Laravel 7 that contains users that can log in.
In parallel, I create a showcase site for the application (another domain) and essentially html/css.
I would like on this showcase site to propose login and registration buttons if there is no user connected to the laravel.Otherwise I would just like to propose a "Dashboard" button if a user is connected to the Laravel application.
How to do that? I confess that I'm a bit lost. Thanks for your help.
You need to create an API on the laravel app which will be used by the "showcase site".
To login and authorize themselves you can use JWT
to keep user data and use it on the showcase site you can either save them in
localstorage (just be careful not to save any sensitive data there as people can take that information in case of XSS vulnerable)
indexdb
cookies
None of these methods are safe. They can be exploited using XSS so i advice on using JWT to secure sensitive data.
I have a website which uses an identity server to authenticate a user, though OIDC, I think. Inside the Xamarin Forms application, I have a facility to log in a user through an identity server via a token.
The website itself uses cookies to handle access tokens which difference to the application. (Note: the website was not written by me). I have so many features to write, so I decided to use WebView to handle those features using React, etc., so I don't need to rewrite the code in native and easy to manage at runtime when people using the application.
What is the logic behind having the mobile application log into the authorized page silently without the user needing to authenticate within the WebView?
Is it possible to handle this scenario?
On Android you can use the CookieManager to add/remove cookies that your private instance of Webview will use.
On iOS, UIWebView has NSHTTPCookieStorage and on the newer WKWebView (11+) you have WKHTTPCookieStore
S*Problem to solve:*
So I'm building my first mobile app using nomad and I have pages I want to call through ajax. The problem is I need an authenticated user to get the data I'm looking for. I'm just using the built in forms authentication logic that comes built into mvc 3 projects. So how can I securely authorize a user on a mobile device and keep them logged in while making calls later?
Environment:
I'm using a tool http://vsnomad.com/, for my app, and a basic asp.net mvc 3 site controller to login and get the data the app needs. I'm not using webpi just a controler to keep it simply for now. For the mobile app its built on jquery, jquery mobile, and HTML 5, any help here would be much appreciated
I am building a WP7 Twitter client. The normal OAuth 1.0 flow involves obtaining a request token by navigating a web browser to https://api.twitter.com/1/oauth/authenticate with my app's consumer key; this page will show a login prompt and ask the user to authorize my app to perform actions on their behalf. Upon completion, this page will redirect to a callback URL supplied by my app, with the request token supplied as a parameter.
For web apps this makes sense. I don't understand how this is supposed to work for a standalone mobile/desktop app, though. The Twitter API documentation seems to imply that this should be a feasible option. They do offer an alternative xAuth mechanism that allows an app to gather username/password itself and then supply that directly to obtain an access token. The API documentation points out that this is an inferior option (as it requires the user to trust the app, not just Twitter, with their password), but I don't see how I have any reasonable alternative?
(there is also a PIN-based option, but that's a pretty burdensome solution for the user)
I just want to make sure I'm not missing anything obvious.
"For web apps this makes sense. I don't understand how this is
supposed to work for a standalone mobile/desktop app, though."
Just embed a web browser control in your app, and navigate to the twitter authentication page. Then detect the redirection to the callback url (using the Navigating event) and retrieve the parameter. Many twitter apps do that, it's basically the same as asking the user for the login and password, except that instead of your own controls you're displaying twitter's page.
Nope, you're correct. The option for a mobile/desktop application is either a pin-based option or to use xAuth. Once you have an xAuth application has an access token it is indistinguishable from OAuth (it only changes the authorisation workflow). One thing it does change, and this is very specific to Twitter, is that if you do use xAuth then your application will not be allowed to read or write Direct Messages. See Twitter's The Application Permission Model page for more information.