Good morning,
I am trying to develop a webapp using Blazor and Net5. I have successfully implemented the 3 legged authentication system and attached the token to the default header for further requests.
I have implemented also the 2 legged authentication request in the same process and saved both in the local storage.
Now I need to start to call some Data Management service to store and retrieve models and also submit work items to design automation. All of these will require to send the bearer token together with the request.
I would like to manage this bit of the application on the server side and the question is: is there a way to use the token on the server side other then just try to retrieve that from the local storage?
Also, is is possible to setup two different HttpClient in the client app to be able to attach two different tokens and then use the same http client in the server-side Blazor? I assume I can not inject a service from the client to the server thou.
I can easily do it in the client side using DI
public async Task<string> PostSignedUrlAsync(string bucketKey, string objectKey)
{
using (var client = new HttpClient())
{
var token = await tokenManager.GetTwoFactorAsync();
using (var request = new HttpRequestMessage(
HttpMethod.Post,
$"https://{configurationManager.Host}/oss/v2/buckets/{bucketKey}/objects/{objectKey}/signed"
)
)
{
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token);
using (var response = await client.SendAsync(request))
{
if (response.IsSuccessStatusCode)
{
var json = await response.Content.ReadAsStringAsync();
return JsonConvert.DeserializeObject<PostObjectSigned>(json).SignedUrl;
}
}
return null;
}
}
}
public async Task PostTwoFactorAsync()
{
using (var client = new HttpClient())
{
using (var request = new HttpRequestMessage(
HttpMethod.Post,
$"https://{configurationManager.Host}/authentication/v1/authenticate"
)
)
{
var body = $"client_id={configurationManager.ClientId}&client_secret={configurationManager.ClientSecret}&grant_type=client_credentials&scope={configurationManager.ScopesInternal}";
request.Content = new StringContent(body, Encoding.UTF8, "application/x-www-form-urlencoded");
using (var response = await client.SendAsync(request))
{
if (response.IsSuccessStatusCode)
{
var json = await response.Content.ReadAsStringAsync();
TokenInternal = JsonConvert.DeserializeObject<Token>(json);
TokenInternal.ExpiresOn = DateTime.UtcNow.AddSeconds(TokenInternal.ExpiresIn) - TimeSpan.FromMinutes(10);
await localStorage.SetItemAsync(configurationManager.LocalStorageKeyInternal, TokenInternal);
}
}
}
}
}
Maybe is a simple question with a simple answer but I can't find any example that can explain how to solve this "connection" and there are now example in the Forge documentation around Blazor implementation that are suitable for this task.
Thanks in advance
Firstly, please don't call APIs from client side, send the token with only scope: viewables:read for viewing in forge viewer. Other than this, call all the forge APIs from server side. This is for security reasons. Because if you send and store tokens to client side, it's easy to get access to your resources for any client.
Regarding token scopes please refer these links:
Documentation
Tutorial
Related
I have managed in SSIS 2010 to access a JSON API with basic authentication ... Username and password, using the script below
I need to amend the script below to also include passing credentials of a Client Secret and Client ID
anyone know how to amend this for SSIS 2010. I have tried with no joy, so I have pasted the working code so far
Please help
WebRequest req = WebRequest.Create(#"https://sub.domain.com/api/operations? param=value¶m2=value");
req.Method = "GET";
req.Headers["Authorization"] = "Basic " + Convert.ToBase64String (Encoding.Default.GetBytes("username:password"));
//req.Credentials = new NetworkCredential("username", "password");
HttpWebResponse resp = req.GetResponse() as HttpWebResponse;
It may depend on how the API is set up and what it's expecting, but in my case, I did this in the creation of an HttpClientHandler:
using System.Net.Http;
using System.Configuration;
...
HttpClientHandler handler = new HttpClientHandler { Credentials = new NetworkCredential(ConfigurationManager.AppSettings["API.UserName"].ToString(), ConfigurationManager.AppSettings["API.Password"].ToString()) };
HttpClient apiClient = new HttpClient(handler);
OR, without using Configurations:
using System.Net.Http;
...
HttpClientHandler handler = new HttpClientHandler { Credentials = new NetworkCredential("MyUserName", "MyPassword") };
HttpClient apiClient = new HttpClient(handler);
Then use the Client to make calls. Here's how I do it:
HttpResponseMessage httpResponse = apiClient.GetAsync(curl).Result;
I have a Chrome extension that requests a user to login using the chrome.identity.getAuthToken route. This works fine, but when you login you can only use the users that you have accounts in Chrome for.
The client would like to be able to login with a different Google account; so rather than using the.client#gmail.com, which is the account Chrome is signed in to, they want to be able to login using the.client#company.com, which is also a valid Google account.
It is possible for me to be logged in to Chrome with one account, and Gmail with a second account, and I do not get the option to choose in the extension.
Is this possible?
Instead of authenticating the user using the chrome.identity.getAuthToken , just implement the OAuth part yourself.
You can use libraries to help you, but the last time I tried the most helpful library (the Google API Client) will not work on a Chrome extension.
Check out the Google OpenID Connect documentation for more info. In the end all you have to do is redirect the user to the OAuth URL, use your extension to get Google's answer (the authorization code) and then convert the authorization code to an access token (it's a simple POST call).
Since for a Chrome extension you cannot redirect to a web server, you can use the installed app redirect URI : urn:ietf:wg:oauth:2.0:oob. With this Google will display a page containing the authorization code.
Just use your extension to inject some javascript code in this page to get the authorization code, close the HTML page, perform the POST call to obtain the user's email.
Based on David's answer, I found out that chrome.identity (as well as generic browser.identity) API now provides a chrome.identity.launchWebAuthFlow method which can be used to launch an OAuth workflow. Following is a sample class showing how to use it:
class OAuth {
constructor(clientId) {
this.tokens = [];
this.redirectUrl = chrome.identity.getRedirectURL();
this.clientId = clientId;
this.scopes = [
"https://www.googleapis.com/auth/gmail.modify",
"https://www.googleapis.com/auth/gmail.compose",
"https://www.googleapis.com/auth/gmail.send"
];
this.validationBaseUrl = "https://www.googleapis.com/oauth2/v3/tokeninfo";
}
generateAuthUrl(email) {
const params = {
client_id: this.clientId,
response_type: 'token',
redirect_uri: encodeURIComponent(this.redirectUrl),
scope: encodeURIComponent(this.scopes.join(' ')),
login_hint: email
};
let url = 'https://accounts.google.com/o/oauth2/auth?';
for (const p in params) {
url += `${p}=${params[p]}&`;
}
return url;
}
extractAccessToken(redirectUri) {
let m = redirectUri.match(/[#?](.*)/);
if (!m || m.length < 1)
return null;
let params = new URLSearchParams(m[1].split("#")[0]);
return params.get("access_token");
}
/**
Validate the token contained in redirectURL.
This follows essentially the process here:
https://developers.google.com/identity/protocols/OAuth2UserAgent#tokeninfo-validation
- make a GET request to the validation URL, including the access token
- if the response is 200, and contains an "aud" property, and that property
matches the clientID, then the response is valid
- otherwise it is not valid
Note that the Google page talks about an "audience" property, but in fact
it seems to be "aud".
*/
validate(redirectURL) {
const accessToken = this.extractAccessToken(redirectURL);
if (!accessToken) {
throw "Authorization failure";
}
const validationURL = `${this.validationBaseUrl}?access_token=${accessToken}`;
const validationRequest = new Request(validationURL, {
method: "GET"
});
function checkResponse(response) {
return new Promise((resolve, reject) => {
if (response.status != 200) {
reject("Token validation error");
}
response.json().then((json) => {
if (json.aud && (json.aud === this.clientId)) {
resolve(accessToken);
} else {
reject("Token validation error");
}
});
});
}
return fetch(validationRequest).then(checkResponse.bind(this));
}
/**
Authenticate and authorize using browser.identity.launchWebAuthFlow().
If successful, this resolves with a redirectURL string that contains
an access token.
*/
authorize(email) {
const that = this;
return new Promise((resolve, reject) => {
chrome.identity.launchWebAuthFlow({
interactive: true,
url: that.generateAuthUrl(email)
}, function(responseUrl) {
resolve(responseUrl);
});
});
}
getAccessToken(email) {
if (!this.tokens[email]) {
const token = await this.authorize(email).then(this.validate.bind(this));
this.tokens[email] = token;
}
return this.tokens[email];
}
}
DISCLAIMER: above class is based on open-source sample code from Mozilla Developer Network.
Usage:
const clientId = "YOUR-CLIENT-ID"; // follow link below to see how to get client id
const oauth = new OAuth();
const token = await oauth.getAccessToken("sample#gmail.com");
Of course, you need to handle the expiration of tokens yourself i.e. when you get 401 from Google's API, remove token and try to authorize again.
A complete sample extension using Google's OAuth can be found here.
I got a request from customer to create a service for traffic control of WMS service. The idea is:
a company buys some amount of data from WMS provider;
the company shares this data among its clients ;
the service should track how much traffic and requests have been consumed.
So I need some kind of proxy which passes requests to a target WMS services and meanwhile logs passed traffic.
The problem is that I have no clue how to start and where to start from. I will appreciate any idea, concept or so.
Thanks in advance!
Here is how I implemented proxy that passes requests to GeoServer WMS service and returns the map image. I use Web API, NET 4.5. You can customize my example with logging and authorization.
public async Task<HttpResponseMessage> GetMapAsync()
{
HttpClient client = new HttpClient();
WmsLayer layer = _unitOfWork.LayerRepository.GetById(model.LayerId) as WmsLayer;
// This is typical WMS request url pointing to server behind the firewall,
// something like http://localhost:8081/geoserver/data/wms?service=WMS&version=1.1.0&request=GetMap&layers=data:layer1&styles=&bbox=337098.1084,4972868.3433,368833.6,5014800.3417&width=387&height=512&srs=EPSG:3765&format=image%2Fpng%3B+mode%3D8bit
string url = layer.GetWmsRequestUrl(layer.Url, model.SRS, model.Width, model.Height, model.BBox);
// See http://developer.greenbutton.com/downloading-large-files-with-the-net-httpclient/
var responseMessage = await client.GetAsync(url, HttpCompletionOption.ResponseHeadersRead);
var response = Request.CreateResponse();
response.Content = new PushStreamContent(
async (outputStream, httpContent, transportContext) =>
{
var buffer = new byte[65536];
using (var httpStream = await responseMessage.Content.ReadAsStreamAsync())
{
var bytesRead = 1;
while ((bytesRead = httpStream.Read(buffer, 0, buffer.Length)) > 0)
{
await outputStream.WriteAsync(buffer, 0, bytesRead);
}
}
outputStream.Close();
}
, new MediaTypeHeaderValue("image/png"));
return response;
}
I am using ServiceStack to create a C# client to a JSON RESTful service. I have this code that returns my DTO:
Search result = restClient.Get (search);
This works fine, but in order to effectively debug the search results coming back I need to output the text content from the underlying HTTP Response object. (I don't know all the elements in the response yet in order to add them to the DTO).
Is there any way I can get hold of the underlying HTTP response, and thus the full text content, from my result object?
Thanks in advance.
#adamfowleruk
When inheriting from ServiceStack's built-in Service you can access the underlying Request and Response directly from the Response class with:
public class MyService : Service
{
public object Get(Request request)
{
base.Request ...
base.Response ...
}
}
You won't see the response output in your service or filters since it writes directly to the response stream and is the last thing that ServiceStack does after executing your service and all response filters.
For diagnosing HTTP I recommend using Fiddler or WebInspector also ServiceStack's built-in Request Logger might help as well.
Consuming a ServiceStack service
If you're using the C# Service Clients you can simply ask for what you want, e.g. you can access the returned response as a raw string:
string responseJson = client.Get<string>("/poco/World");
Or as raw bytes:
byte[] responseBytes = client.Get<byte[]>("/poco/World");
Or as a Stream:
using (Stream responseStream = client.Get<Stream>("/poco/World")) {
var dto = responseStream.ReadFully().FromUtf8Bytes().FromJson<PocoResponse>();
}
Or even access the populated HttpWebResponse object:
HttpWebResponse webResponse = client.Get<HttpWebResponse>("/poco/World");
webResponse.Headers["X-Response"] //World
using (webResponse)
using (var stream = webResponse.GetResponseStream())
using (var sr = new StreamReader(stream)) {
string response = sr.ReadToEnd();
}
You can also introspect the HttpWebResponse by using Global and Local Response filters, e.g:
JsonServiceClient.HttpWebResponseFilter = httpRes => { .. };
Or using a Local filter:
var client = new JsonServiceClient(baseUrl) {
ResponseFilter = httpRes => { .. }
};
Consuming a 3rd Party Service
If you're consuming a 3rd Party REST/HTTP API you can use a responseFilter: in ServiceStack's HTTP Util extensions:
List<GithubRepo> repos = "https://api.github.com/users/{0}/repos".Fmt(user)
.GetJsonFromUrl(responseFilter: httpRes => {
var remaining = httpRes.Headers["X-Api-Remaining"];
})
.FromJson<List<GithubRepo>>();
I use Fiddler to debug my services. It gives you all sorts of cool HTTP debugging facilities.
http://www.fiddler2.com/fiddler2/
I like to use RestConsole. It is a Chrome Extension and you can easily submit POST requests and see the response. It is also handy to create sample data and then step into the ServiceStack code and see what's happening. The ServiceStack PluralSight course has a nice demo of how to use them together.
Thanks to the above help I found the right answer. Documenting here for others:-
SearchResponse result = null; // my ServiceStack DTO
HttpWebResponse webResponse = restClient.Get<HttpWebResponse>(
completePath("/v1/search",qp)); // builds the URL with parameters
using (var stream = webResponse.GetResponseStream())
using (var sr = new StreamReader(stream)) {
var text = sr.ReadToEnd();
log.log ("response text: " + text); // *** PRINTING STRING VALUE HERE FOR DEBUG
result = text.FromJson<SearchResponse>();
}
// Now do something useful with the result DTO object
log.log ("RESULT: " + result.ToString ());
for (int i = 0; i < result.Results.Length; i++) {
log.log ("Result " + i + ": " + result.Results[i].ToString());
}
I am using the Facebook C# SDK in my Silverlight 4 browser app to perform some requests to the Facebook Graph API. I followed the example in the SDK documentation to request the user's information (using the asynchronous method to make it work on Silverlight):
var fb = new FacebookClient(accessToken);
fb.GetAsync("/me");
fb.GetCompleted += (o, ea) =>
{
var result = (JsonObject)ea.GetResultData();
var name = (string)result["name"];
};
This way I get the JsonObject without any problem and I can read all data, but when I make request to "me/feed" or "me/home" instead of "/me":
fb.GetAsync("/me/home");
fb.GetCompleted += (o, ea) =>
{
var result = (JsonObject)ea.GetResultData();
var data = (JsonArray) result["data"];
foreach (JsonObject post in data)
{
id = (string)post["id"];
}
};
then the JsonObject is empty and I get a exception when trying to access its elements. I successfully managed to POST a message to "me/feed", but why do I receive an empty response when making a GET request? I have set the access token in the FacebookClient I'm using to make the calls, is there something else that I'm missing?
Thanks!