I have this scenario ahead and I'm wondering if someone has already tried to run IdentityServer4 on mobile device since it supports .net core?
In theory you can. however IdentityServer4 is an ASP.NET Core middleware that relies on ASPNETCore.MVC which means it needs to be hosted. If you can figure out how to host a standard MVC application on the mobile device then you can add the IDS4 middleware to it.
You might need to jump through many hoops though but I have seen apps of phones that actually are "webservers" (AirDroid for example)
Related
Company needs to decide about future frontend technology and I was asked by the big man to determine if Blazor (using Webassembly) is for us.
I fully agree with Blazor / Webassembly because it's so easy to use that even backend developers can develop frontend stuff quickly enough (as opposed to things like react.js and angular, which are based around Javascript or the very similar Typescript).
But...
We need to create a mobile application from our web frontend as well, because people will want to use our frontend on the go (a lot, actually... our product is meant for people to enhance their "outdoor experience" about their home).
Any chance to run a Blazor / Webassembly app in the browser on mobile devices?
To give more information about this: there is a complication - we need to run a tiny bit of native code, too, when indoors, because of a specific requirement regarding "offline operation". Thats actually why I ask - if it was only about "show website X in browser" I wouldn't need to ask, but we need to actually implement some "local only" functionality.
I wanted to create a React Application that could be unlocked via Face Authentication similar to Windows Hello. How does face authentication work? How can I make this work? Many android applications and iOS applications already have this functionality. Is there any website implementing such functionality?
The WebAuthn API and FIDO2/CTAP2 spec is supported on all major platforms/browsers now, including iOS, Android and Windows 10 (Hello). This means you can implement a similar experience to native iOS apps in a browser application if you wish as well as supporting FIDO compliant security keys also.
You can try it for yourself here: https://webauthn.io/
You'd need a backend that can support registration of credentials and authentication of assertions however. This is potentially non-trivial depending on what you have in play but library support is improving all the time.
I'm working on an AngularJS mobile web app and am getting ready to deploy to Firebase Hosting. Does anyone know how to ensure that only devices can install the web app and prevent desktop browsers from viewing? I'm trying to protect the client's intellectual property as well as my own by making a reasonable attempt to disallow the source code from being read. Thank you!!
It's not possible to prevent the reverse engineering of any web application.
Developing a mobile application using native code may make you feel more secure about the intellectual property, however once a would be attacker gets the software on to their own hardware they will have the opportunity to defeat your software.
I wound up using ng-device-detector to determine whether the user was using a mobile device or not, and delivering a different template page depending. This library contains an isMobile() function that works great.
Does anyone know is it possible to do a single sign up web application with ADFS in a "pure" angularjs enviroment? I am at the point to decide which framework for my next project. One of the main requirement is the ability to do "single sign up" with ADFS, but I don't want to "mix" angularjs with asp.net, just make thing more complicated. I would like to go pure angular without any asp.net framework, is it even possible?
I know there are a lot of questions on this topic, but it seems no one is really answering the question. Is it because it's not doable?
By the way, It is an intranet web application.
The problem is not with your ADFS server, the ADFS protocol itself, AngularJS, JavaScript or the browser.
It's with the way you tell your client-side application that the user is logged in from your server-side application.
As far as I know there is no way to do "pass-through" authentication over HTTP so you will need to have your users go through the preauthentication step.
With ASP.NET you get an access token "for free" because the ASP.NET application runs on a machine that's in the "trusted" ADFS network. Your browser on the other hand is not. The only way for ADFS to know you are who you say you are is to preauthenticate you.
I just implemented it using the Azure Active Directory for JavaScript library. After IT registered my app for me, I was up and running in 10 mins. There is an AngularJs example in the source code. https://github.com/AzureAD/azure-activedirectory-library-for-js
You should also register your development workstation so you can test locally.
How do Mobile Apps communicate with a server? Does this communication happen over HTTP or are there other methods (for instance, I guess a mobile app could open a socket)? Does this differ form device to device? Is there one most commonly used approach? If the communication happens over HTTP how do the URLs look like? Is there a way to identify the app based on the the "User Agent" in the HTTP request if the communication is happening over HTTP?
Mobile Apps can communicate with a server in many ways. Mobile apps can also use other features of the mobile. For instance SMS , MMS. Its pretty open really. Your question could be "how do computers communicate with a server?".
A mobile app can be a simple as loading a web page. This would be http.
The problem with mobile apps. They run on phones. There are lots of different phone manufacturers and its up to them (in some case the mobile phone operators also have weight) what to allow the programmer to do by the choice of operating system.
If you are getting started with mobile apps. Take a look at android its pretty simple to get going with if you know a little about programming.
As for the useragent. It depends but usually if you are using the http api on the phone, you can set the user agent to what ever you want it to be, its just a string.
Hope this helps!
Communication usually happens over http. Applications usually identify themselves in the User Agent field