c# - ASP.NET MVC Forms authentication against external web service -

-

i trying write asp.net mvc application frontend our crm has soap web service. user log in web application using crm username , password, , authenticate against crm, make web service calls on pages etc.

i started @ using forms authentication , implementing custom membership provider - can implement methods need validateuser(), problem have after logging in crm web service given token has passed every subsequent web service call, , not sure can store this.

so questions are:

  • is forms authentication way go here, or going more straightforward handle of authentication myself , store token in session.
  • if forms authentication way go, , how should store additional information this. seems likes using forms authentication ramming load of additional information (which related authentication) cookie or session outside bit of mess?

any advice appreciated

you can store authentication token in userdata part of forms authentication cookie. way available on each request.

so example once verify credentials of user query web service obtain token , manually create , emit forms authentication cookie:

[httppost] public actionresult logon(string username, string password) {     // todo: verify username/password, obtain token, ...     // , if ok generate authentication cookie this:      var authticket = new formsauthenticationticket(         2,         username,         datetime.now,         datetime.now.addminutes(formsauthentication.timeout.totalminutes),         false,         "some token used access web service , have fetched"     );     var authcookie = new httpcookie(         formsauthentication.formscookiename,          formsauthentication.encrypt(authticket)     )     {         httponly = true     };     response.appendcookie(authcookie);      // ... redirect }

then write custom authorize attribute read information , set custom generic identity:

[attributeusage(attributetargets.method | attributetargets.class, inherited = true, allowmultiple = true)] public class myauthorizeattribute : authorizeattribute {     protected override bool authorizecore(httpcontextbase httpcontext)     {         var isauthenticated = base.authorizecore(httpcontext);         if (isauthenticated)          {             string cookiename = formsauthentication.formscookiename;             if (!httpcontext.user.identity.isauthenticated ||                 httpcontext.request.cookies == null ||                  httpcontext.request.cookies[cookiename] == null)             {                 return false;             }              var authcookie = httpcontext.request.cookies[cookiename];             var authticket = formsauthentication.decrypt(authcookie.value);              // can read userdata part of authentication             // cookie , fetch token             string webservicetoken = authticket.userdata;              iprincipal userprincipal = ... create custom implementation                                            , store web service token property              // inject custom principal in httpcontext             httpcontext.user = userprincipal;         }         return isauthenticated;     } }

finally decorate controllers/actions require authentication attribute:

[myauthorize] public actionresult foo() {     // httpcontext.user represent custom principal created     // , contain web service token use      // query remote service     ... }

Comments

Post a Comment

Popular posts from this blog

php - What is the difference between $_SERVER['PATH_INFO'] and $_SERVER['ORIG_PATH_INFO']? -

-
what’s difference between $_server['path_info'] , $_server['orig_path_info'] ? how use them? when run print_r($_server) , path_info , orig_path_info not present in array. why not? how can enable them? i have read php manual on them, still don’t understand them. the path_info variable present if invoke php script this: http://www.example.com/phpinfo.php/hello_there it's /hello_there part after .php script. if don't invoke url that, there won't $_server["path_info"] environment variable. the porig_ prefix uncommon. path_info standard cgi-environment variable, , should never prefixed. did read that? (there issues around php3/php4 if invoked php interpreter via cgi-bin/ - hardly has such setups today.) for reference: http://www.ietf.org/rfc/rfc3875
Read more

fortran - Function return type mismatch -

-
i'm attempting recode old c++ program in fortran make use of lapack (i'm aware c++ have lapack++, i'm having lot of trouble installing it, gave up). i didn't have problems compilation, when had variables declared real . when started coding section of program required lapack, found parameters passed dsyev need double precision . tried change double precision (including changing hard coded numbers double precision counterparts, i.e. 0.0 -> 0.0d0) when try compile, following error of functions , subroutines i've written: error: return type mismatch of function <function> @ (1) (real(4)/real(8)) i'm not sure coming from, in program has been changed double precision. for example, i've declared following: double precision :: alpha(3),d(3),zeta1,zeta2 double precision :: a1(3),a2(3),d1(3),d2(3) double precision :: pi pi = 3.14159265359d0 alpha = (/0.109818d0, 0.405771d0, 2.22766d0/) d = (/0.444635d0, 0.535328d0, 0.154329d0 /) 10 i=1,3 ...
Read more

queue - mq_receive: message too long -

-
i implementing communication between 2 processes using queue. problem when call function mq_receive, error: message long. i have done following: struct mq_attr attr; long size = attr.mq_msgsize; .... // initializing queue "/gateway" int rc = mq_receive(gateway, buffer, size, &prio); if print size value, size=1, while when print same size program (got same mechanism), not long integer ( -1217186280 )... how can solve error?....so while size = 1, believe it's right "message long" why 1? p.s. have tried put : int rc = mq_receive(gateway, buffer, sizeof(buffer), &prio); but no result. it seems need read docs more carefully. when call mq_receive should pass size of destination buffer. this size must greater mq_msgsize attribute of queue . in addition, seems have error in queue attributes initialisation makes proper mq_receive call impossible. here standard message queue session: fill mq_attr struct ( doc ): struct mq_a...
Read more