Hi I have a hosted WebAssembly project. I have managed to implement IS4 on the client side using the the standalone method https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/standalone-with-authentication-library?view=aspnetcore-5.0&tabs=visual-studio.
I can not however find a guide to secure the server api side. Any help would be greatly appreciated
Related
I have just finished the local development of my Web API (ASP.net) and the User interface (AngularJs) and I would like to put it in a Tomcat server. I really need help getting this done.
I really have no ideas
Apache Tomcat is for Java-based applications and will not work. If you are on Linux you would use something like nginx or apache. If you are on windows, you would setup your ASP.NET Core site in IIS or as a windows service. If you have the option, I recommend hosting on a cloud provider such as Azure.
I hope you’re doing well.
I'm facing some issues migrating applications from Weblogic to Glassfish 4.1 and, I'm quite new with the Glassfish server.
I will try to explain what I'm doing and what I've found so far on googling.
There are some applications in Weblogic server that are set up to use SSO (SAML with Salesforce as Identity Provider), and Weblogic provides an easy out-of-the-box configuration to do that and I need to do the same but in Glassfish.
By my researches I found out that Glassfish provides SSO for the applications deployed on the same Virtual Server and doesn't have any configuration related to Third Parties for using SSO over SAML and, I should use tools like OpenAM, Shibboleth or similar as Service Provider and they must be deployed on Apache Tomcat.
I found the following discussion in the stackoverflow but is quite old (9 years ago): OpenSSO/OpenAM alternatives
Also, I found another link related to Glassfish + Salesforce but is quite old as well (from 2012):
SSO using SAML2 updated document
So, my questions are:
1 - My applications are deployed in Glassfish, and I'd like to know what's the best approach or alternatives to set up SSO with Salesforce as Identity Provider over SAML (could be free and paid)?
2 - Is there any external tool that I can install/deploy in Glassfish instead of Apache Tomcat to configure the SSO over SAML?
I really appreciate any help.
Thank you.
You could use a Java library that acts as a SAML SP, no need for a full-blown SP implemetation as OpenAM for Shibboleth. Most of those libraries are acting as JEE servlet filter, so it should not be a big deal to extend your application.
Is it possible to create a SPA using a JavaScript framework like Vue, React or Angular and secure it using Active Directory authentication? I've only seen Forms authentication examples.
Thanks for any help.
Yes. Windows authentication is performed by the web server (IIS or Apache, for example) so that's where you need to set it up. You can search Google for help on setting it up. There are lots of examples.
The framework behind the web server (Vue, React, Angular, etc.) isn't really relevant.
Connecting project in Monaca Mobile restful api backend with mysql database
I have a backend developed with php and mysql with various restful apis consultation, inclusion, exclusion ready. I need to connect the mobile project in Monaca this backend by apis from our server.
I'm trying different codes using angular, but nothing has certain data. If I can not make this connection will give up working with monaca.
Thank you!
Could not find a working rest example. This example connects to remote server and pulls data from a remote server. Changing URL should take care of the rest.
https://github.com/argelius/onsen-weather-sample
I've been developing a GWT project which uses Google APIs authorized by the App Identity API. This way, I can authorize my application backend to exploit the APIs needing authorization (e.g. Calendar, Mail, etc). I want to keep control of the data, I don't want users to need their authorization for the personal data.
It is very useful to use the hosted mode to develop GWT apps. But as far as I know, you won’t be able to hit the real calendar API using OAuth while running in hosted mode because the GAE dev server doesn’t simulate the Application Identity API.
But how about the other APIs? Has anyone used this approach? Can I simply create a mock for the Identity API and work with Calendar Java API in hosted mode?
It is unclear to me how to work around this problem. Any help would be greatly appreciated.
How about you create a Calendar Stub class.
In case you are running in the production environment,
the Stub class calls the Google API using the App Identity API.
In case you are running in the developer environment,
the Stub class calls a secret handler in your production app,
which then calls the Google API using the App Identity API.
All you basically need to create is a proxy handler in your production app.
You can have a shared secret between the dev and the prod environment
and use https to communicate.