I am currently writing a website that will eventually be used as a stand-along application. As a result, I created an MVC application and handle the login through a form. It then redirects to another page which is essentially all the user will see for a while. Until the rest of the application is completed, this entire website will be viewed by the users within a WPF application's WebBrowser control as part of that application.
Since the user must log in to the WPF application, I would like to keep them from having to log in twice. So, my WPF application has code to navigate to the login url and post the data as follows:
Uri linkUri = new Uri("https://www.myURL.com/Account/Login");
ASCIIEncoding encode = new ASCIIEncoding();
byte[] postData = encode.GetBytes("grant_type=password&username=" + _user.UserName + "&password=" + _user.Password);
string postHeaders = "Content-Type: application/x-www-form-urlencoded";
this.myWebBrowser.Navigate(linkUri, null, postData, postHeaders);
Based on Fiddler, I think I am sending the data correctly. However, when the WebBrowser displays, it shows the error page with
The required anti-forgery cookie
"__RequestVerificationToken_L1NjaGVkdWxlci5XZWI1" is not present.
Since I never load the initial page with the AntiForgeryToken, this is expected. However, I was wondering if there were a way around this issue. For example, is there a way to silently load the form and post it without the user seeing it? Or, am I stuck just removing the AntiForgeryToken for now until the site is no longer used within WPF?
Thanks in advance!
Use OAuth to authenticate users from the third party site.
Related
I have an angularjs app with ASP.NET WebAPI2 REST APIs. There is a scenario where I have a display a popup for initiating a survey for end users (both authenticated and anonymous types). On clicking the popup options, the user will be redirected to another applicaiton which captures all the responses provided by the user.
There is no relation between the angularjs app and the survey application.
Now next time if the user revisits the application then in that case based on the previous action taken to fill the survey , I have to take a decision to display or hide the popup for the user.
I thought of cookies and localStorage as the options but I think are not ideal choices for this scenario.
Can anyone help me to know are there any other possible options to handle this scenario?
You can solve this using the redirection link.
For example if he finished correctly the Survey you will redirect him to:
www.myapp.com/survey/success
Than in the App you can do something like: get the URL parameters, if the parameters is success store it on localStorage so next time he revisits the web-page the Popup wont show.
Otherwise direct him to:
www.myapp.com/survey/
I think the best option here is to save this information in the database using your ASP.NET WebAPI2 REST APIs. In the moment that the end user clicks the survey you can also make an Api call which will save in the database info about user's action(this will probably be sth you can do for authenticated users). For not authenticated users you can just save that information in localStorage in the moment they are clicking the survey.
I'm implementing an application using the full MEAN stack.
I created a login page to signup with facebook to be able to show a profile page. But I discovered some problems. For this reason, I created a smaller version of my webapp, maintaining the same project structure.
The complete code, executable (only replacing "client id" and "secret") with "npm install" and after "nodemon" is available here: https://github.com/Ks89/MEAN-OAuth_Example
If I'll call (with a browser) the rest API that I created to login with facebook at "http://localhost:3000/api/auth/facebook", everything will be ok!
But if I'll want to do the same thing, clicking on the "Login" button, I'll receive the error as in figure:
I know that the problem is related to CORS, but how can I'll fix this in my application, maintaining the same project structure?
I don't want to put the "rest path" inside the HTML. I tried for many days different solutions without success.
If you want, experiment directly on my application that I created exactly to write this question ;).
If really necessary, I'll able to post the entire source code here, but I prefer an organized and executable code into a repository for this particular question.
Please, give me some ideas and hopefully a solution, because I'm really blocked.
The example routes from the passport-facebook repo are intended for multipage apps, not ajax requests. If you look at what those routes are doing, /auth/facebook is just a redirect to Facebook where the user is expected to log in if necessary and authorize your application. When you make that same request from angular, it follows the redirect and tries to load the Facebook page, but the browser blocks you as your console screenshot shows. CORS would be relevant if Facebook wanted to allow you to request their login form across origins, but they don't because that would basically make you a phisher.
It looks like you're trying to handle authentication without leaving the page, but at some point you're going to need the user to leave your site and be redirected to Facebook in order to complete the OAuth flow. You can either open a pop-up containing the Facebook OAuth dialog (it looks like this is what the Facebook JavaScript SDK does by default) or just use your app's current tab with something as simple as <a ng-href="{{facebookOauthUrl}}">Log in with Facebook</a>.
I have an Silverlight 4 application, in log-in process I have some validations and data preparation, for any reason in each step if I get an exception, I want to stop my application and refresh the browser but I want save my exception message from my last session and then update my error text block in log-in screen and inform my user about exception message.how can I save my variable in session and then refresh browser?
On silverlight side you may use HtmlPage namespace ,
Beside this refreshing a page in silverlight is not a good practice,and shows your app. as if broken.Siverlight is a RIA. using benefits of this Rich platform is better I think.
HtmlPage.Window.Navigate(HtmlPage.Document.DocumentUri, "_self");
/* You may also add Query String to your URL as Bryant said,
Uri myUri=new Uri(HtmlPage.Document.DocumentUri.toString()+ "?Exception=True", UriKind.RelativeOrAbsolute);
HtmlPage.Window.Navigate(myUri, "_self");
*/
Hope helps!
Just take the current url and append your error message to the query string and then use javascript to open the current page to that url. You can then get the query string from silverlight to get the error message.
I am trying to implement a simple Facebook login flow using WPF. It turns out that I need to use some sort of embedded browser within the application if the application is a desktop application. Therefore I am using WebBrowser control, but I can't seem to correctly detect the redirecting URL.
Once I load the web page for facebook login, and after login, the browser redirects to a page of the form
https://www.facebook.com/connect/login_success.html#access_token=....
But if I look at the URI source, it only shows up to login_success.html and is cutting off whatever is after the # sign. I need this information for further processing, so I was wondering if anyone could advise on retrieving that access token using WebBrowser (or any other way) in WPF. Thanks!
I was having the saving problem with the WPF Sample in the SDK today. I figured it was a problem with the WPF Webbrowser control (like you had infered). So I used the windows.forms.webbrowser instead of the WPF webcontrol. It is a simple fix.
System.Windows.Forms.Integration.WindowsFormsHost host =
new System.Windows.Forms.Integration.WindowsFormsHost();
_webBrowser = new System.Windows.Forms.WebBrowser();
host.Child = _webBrowser;
this.grid1.Children.Add(host);
_webBrowser.Navigated += new WebBrowserNavigatedEventHandler(webBrowser_Navigated);
_webBrowser.Navigate(_navigateUrl.AbsoluteUri);
I have a WPF webbrowser control which navigates the user to a registration site. After the user registers, a collection of headers are sent back alongwith the "finished registration" page.
I have tried the Navigated event, and tried accessing WebResponse property in the event arguments but it's always null.
Is there any other way to access the headers sent?
After quite a lot of reading, I figured out that WPF web browser actually wraps around the WinForm web browser which inturn wraps around a COM dll (which is even used by Internet Explorer).
Now this COM dll provides a lot of interfaces which are not exposed by any of the wrapper controls. So those who need more control need to implement these interfaces.
I found a browser which implements a lot of these interfaces and neatly provides a lot functionality. Used it and it's working fine. http://www.codeproject.com/KB/miscctrl/csEXWB.aspx
It talks about implemnting a PassthroughAPP package to get the response headers.
I dont think you can access headers like that, best thing to do is, either use Hidden Fields of the form or you can pass on your cookie ASP.NET_SessionID from your finished page to your WPF app, and inside WPF app you can make custom request to your url with same ASP.NET_SessionID cookie where you will continue same session and you will be able to query responses you desire throught WebResponse.