Is it possible to call json service from JavaScript which is behind a windows authenticated web site?
Ultimately, I would like to do this from phonegap but right now trying to do this from browser.
My first attempt was to open a window have the user authenticate against the server and was hoping subsequent JavaScript/ajax requests would send the authentication information with the request. I don't think this is working is desired. I certainly know from phonegap this is not working.
Related
I am sure this is not a new issue I am facing, but couldn't find any resolution yet.So, we have a ng2 app which uses Windows Authentication. It is implemented using Waffle libraries with Jersey RESTful service. We are implementing logout functionality, which seems to have an issue where browser is caching credentials, until all of it’s instances are closed.
When user launches browser for the first time (first instance of browser), it prompts for credentials as expected. When user clicks on “Logout” option from application, session is invalidated on server. But, next time when user refreshes URL or launches application in new tab, browser do not prompt for credentials.
In Internet Explorer, using document.execCommand(“ClearAuthenticationCache”) clears credentials stored for the user. Is there any equivalent code or way to clear http authentication cache from Chrome?
Our setup is like this: we use a coldfusion 10 server, and files are on a local intranet. Users use a domain login to access any files over https. I'm interested in using html5 websockets, but the first attempt gave me an error because no credentials were supplied. Is there a way around this? If not, is there a recommended technology for this scenario?
The user does log in on the client side. If it's possible, what I'd really like to do here is pass those credentials when making the connection to the server.
you should be able to supply the authentication header to your web socket server before the elevation to web socket read that and send it back in the headers for the elevation (first frame) then when the browser connects it should have the authentication it needs.
if your using a custom authentication E.G in page not authentication header you can also do this by passing any custom header to your server.
Or mandate that the first thing your web client sends is the authentication details this could be something like {username_hash}.{password_hash} if they don't close the socket to them.
Do not do this.
You're now responsible for sending and encrypting the authentication credentials yourself, bypassing something that already works and is tested.
Anyone can snoop on an unencrypted websocket port. Use HTTPs for an intranet, use stable solutions, don't reinvent this wheel because it tickles your fancy.
In a couple of years some colleague will have to maintain this and will have to figure out how your homebrew version works versus something that's solid like plain browser authentication.
My advice: Leave this to the browser and to well-tested coldfusion libraries.
I've been looking at solutions so that I can create a cross-platform fluid experience. So to do this for the online website version, I would just send an Ajax request to a PHP script to query a MySQL database. But I am thinking of creating an electron app for offline use, so I will need to send queries to that online database, but I know there are a lot of limitations when it comes to Ajax with regards to cross-site requests.
So is it possible to send these sort of ajax requests to a PHP script on a web server, from an electron application. But, if Ajax requests aren't possible, how would I achieve this type of request to an online database. I have tried doing some research on the subject but was unable to find any solutions that are similar to this situation.
Cross-domain AJAX requests are blocked by default. All your regular desktop apps such as your Mail client send requests out all the time. You simply have to enable Cross-Origin Resource Sharing (CORS) on your server. I don't know what server application you're using (Apache/Nginx), but for Apache you can start simply by adding the following line to the relevant part of your Virtual Host or .htaccess file:
Header set Access-Control-Allow-Origin "*"
You can refer to the Enable CORS to learn how to enable CORS for other server technologies.
I was watching the java quickstart video for the google drive API and in that video it is mentioned that when developing real time console application the login flow should be done by :
starting a web browser in the local machine.
opening the native browser and taking the user directly to the authorization link.
making the redirection link as the local host and then let the local server receive the code and then shut down the browser and continue with you app.
but i have no idea how to execute these steps any idea or guidance???
The tiny application on Java quickstart implements these steps. Use "urn:ietf:wg:oauth:2.0:oob" as your redirect URL.
I have created an application from Box developer account, but I couldn't able to set the redirect url as http. I have seen that Box API supports only https. As I hosted my web application as a module of another web application, I cannot change it's protocol to https. So is there any way to set the redirect url to http?
Please find me a solution for this.
Thanks in Advance.
Since the redirect URL is used to send you your application OAuth2 tokens, You are essentially asking Box to send you confidential information in the clear. It's just not a good idea, since anyone that installs a network sniffer anywhere between you and Box can just sniff those tokens and start using them.
If you don't have the ability to ask your server hardware or hosting web application for an encrypted connection, it's probably time to upgrade your service provider or web app.