I have a grails 2.2.2 application and i want to have two domains connected with it.
Domain.tld and shop.domain.tld.
Requests over domain.tld aren't allowed to access to ShopController. Only shop.domain.tld should have access to ShopController, but to no other Controller of the application.
I also want to use the grails url-rewriting. Is there a possibility to implement such use-case with grails? If yes, how would you implement it?
In the end i want that for example each online shop can be accessed by
shop.domain.tld/ID
and not by domain.tld/shop/myShop/ID. domain.tld is supposed to other purposes.
Thanks and best regards
If both domain points to the same server, and Tomcat is used for both as your public facing web server, then you just need to modify the part inside your Grails.
In Controller, you can check which domain was used to access your application:
def uri = new java.net.URI(request.getHeader("referer"))
def domainName = uri.getHost()
Related
I have created two lambda functions
register
login
and both of them are getting triggered from respective "Http APIs" in the API gateway. I have set up the stage for both of them as prod. Now I want to call them using my custom subdomain e.g prodapi.mydomain.com by setting the path as "v1"
prodapi.mydomain.com/v1/register
prodapi.mydomain.com/v1/login
I am able to achieve it for a single API but when I try to do API mapping for the other one using the same path, it doesn't allow that and says "ApiMapping key already exists for this domain name".
Any suggestion on how to achieve this?
can you share the endpoint url, before adding the subdomain, and after adding the subdomain
And can you explain your endpoints, how it should look like before adding the subdomain and after
I'm running through cooking up my own test IdentityServer, but I'm hitting a snag. The ClientUri and RedirectUris must be specified for every browser based client. I know these can be stored in the DB, but is there any way to insert wildcards here?
Each of our customers receive their own subdomain and I would like to simplify user management by allowing all browsers attempting to access any of our apps at *.ourcompany.com to be treated as the same client in the identity server. Is this possible.
You can implement your own redirect URI validator. But for security reasons, this is not recommended as it expands the attack surface.
Redirect Uri Validator Interface
How to register your custom validator
Discussion about redirect uri
Identity Server4
I think you can add AddCustomAuthorizeRequestValidator in the startup. Still, it is not recommended to modify the redirect URI validation.
Add Custom services
Related Discussion
For IdentityServer4, you can implement your own IRedirectUriValidator and register it using the AddRedirectUriValidator extension method in Startup.cs.
services.AddIdentityServer(options =>
{
// ...
})
.AddRedirectUriValidator<CustomRedirectUriValidator>();
By default, the StrictRedirectUriValidator is registered but can be overridden by calling .AddRedirectUriValidator as shown above.
I want to create a WebAPI service for use in my single page application but I also want it to be available for a mobile application too.
When users are using the SPA they are signed in using forms authentication and have a session cookie but if they're using the mobile application this wont be the case.
Is it possible to expose the same API controller as 2 different endpoints where one is authenticated using mutual SSL, a token or as a last resort basic auth and the other uses the session cookie?
For example take the following controller:
public class TodoController :
{
public IQueryable<TodoModel> GetTodos()
{
...
}
}
Can I add multiple routes that map to the same method?
https://myapp.example.org/api/todo
https://myapp.example.org/mutual-auth/api/todo
I want to configure IIS to use mutual SSL for the mutual auth endpoint and use forms authentication for the other endpoint.
Short answer: yes
This is a very broad question, so I won't go into excessive detail about every aspect. I think you should also take a look at BreezeJS because it makes things building these applications significantly easier.
DESIGN
Do you want to build in pure HTML and JavaScript or incorporate CSHTML? The decision is yours, but if you want to eventually create native-based applications using something such as PhoneGap Build, you'll want to stick to pure HTML and JavaScript so that you can compile the code later.
Do you want to use another JS library such as BreezeJS to make life a little easier when designing your controllers? Out of the box, your Web API controllers will be prefixed with api/{controller}/{id} in WebApiConfig. You may want to add {action} routing if you don't go with something like BreezeJS so that you can have more flexibility with your controllers.
Lastly, let's talk about the Repository Pattern and Unit of Work Pattern. This is a bit of hot-topic, but I find that usually creating a repository allows you a great deal of flexibility and it's great for dependency injection. Adding an additional repository layer to your controllers allows you to differentiate between different users or means of access such as a SPA or mobile application very easily. You can use the exact same controllers, but simply draw from different repositories.
SECURITY
You'll want to touch up a bit on [Authorize], [ValidateHttpAntiForgeryTokenAttribute], [Roles("")], and several other data annotations for starters. This is a huge topic which has a ton of reading material online -- invest in some research. Your controller can have multiple actions which have varying limitations on them, such as preventing CSRF on the SPA, but be less restricted on Mobile by either utilizing varying actions on the controller or drawing from separate repositories.
Can I add multiple routes that map to the same method?
https://myapp.example.org/api/todo
https://myapp.example.org/mutual-auth/api/todo
Yes, absolutely. You'll just have to do some extra work with your routing configuration files. With BreezeJS, you get access to not only /api/ but /~breeze/ which works very similarly.
You can secury your Web API using the way you want. For exemple, you can provide a custom Message Handler or a custom Authorization Filter to provide external authentication via token.
There's a full session from the ASP.NET Team that covers this, you just need to choose which one you will pick up:
Security issues for Web API.
Assuming you are hosting web API in IIS, if you enable the forms authentication, FormsAuthenticationModule establishes the identity. That is, if you look at HttpContext.Current.User or Thread.CurrentPrincipal after a successful authentication, the object of type IPrincipal will have the identity (which is FormsIdentity) and the IsAuthenticated property will be set to true. You can do the same thing for any other credential using a custom DelegatingHandler. All you need to do is to validate the credential (token, user id and password in basic scheme in HTTP authorization header or whatever) and set the HttpContext.Current.User and Thread.CurrentPrincipal to an object of type GenericPrincipal with GenericIdentity. After this, the same action method of a controller which is decorated with Authorize will work for both types of requests.
Similar to this question:
Single Sign-on - MVC3 and Webforms
I have a MVC3 application with custom routing that takes the first part of the sub-domain URL and uses it as a variable. So, for example, test1.mydomain.com gives my controllers the variable subdomain a value of test1. If we type in test2.mydomain.com, then the controllers receive "test2".
The problem is with authentication (using built-in forms auth). If I log on while on test1.mydomain.com and then navigate to test2.mydomain.com, it doesn't persist the the log on to that subdomain. Of course if I navigate back, it shows that I'm logged in.
I've tried the following two solutions, but they didn't work:
http://www.codeproject.com/KB/aspnet/SingleSignon.aspx
Forms Authentication across Sub-Domains
I've added a Machine Key to the app, though I'm not sure if this was necessary.
NOTE: I'm still on the dev box so the domain is coming up localhost:2510. So, for example, my subdomains are test1.localhost:2510 and test2.localhost:2510. I've tried to manually set the auth cookie domain to "localhost" and that doesn't work. I'm telling you this in case the problem is that I'm running from "localhost". I'm in the process of testing it under a different binding (mysite.com). I'll update if that works. For now though, does anyone have any ideas?
After I created the mysite.com domain name locally (iis binding) and surfing to my application there, I found that the solution given on http://www.codeproject.com/KB/aspnet/SingleSignon.aspx works perfectly. Shoot me a msg if you need any more clarification. Localhost can't be used when trying to persist authentication between sub-domain on a single MVC3 application.
I'm using a Web Service that has a endpoint of http://api.domain_a.com/ and using Visual Studio I can easily generate a proxy class to work with the service easy and simple.
But I want to create a way that users can use their own service (and access their own data, instead my own) and I wanted to know if there is a way that I can change the base URL of the Service on-the-fly.
As an example
I generate the proxy classes by adding the Web References to my project, but now, per each request I have a User Name that I will get the User Settings (witch contains their URL), how can I (if it's a possibility) tell the generated proxy that I'm using domain http://domain_b.com/api instead of the original that I used when adding the Web References?
Do I need to call the service manually? Sending and Receiving XML data? or there is a "switch" that I can use to point to the new URL?
If you're using .NET 2.0, each of those proxy classes should have a URL property. Simply update the URL property and the proxy will point to the new service.
If you're using WCF then things get a little more complicated, but not by much. You just have to change the Endpoint Address:
var service = new ServiceClient();
string url = "http://domain_b.com/api";
EndpointAddress newAddress = new EndpointAddress(url);
service.Endpoint.Address = newAddress;