I'm writing a mobile app that connects to Azure web services that use ACS access control for authentication. The mobile app is going to be a new version of a website that already exists. The website is already setup in ACS to connect to the web services.
Do I need to create a new entry in the ACS portal for the mobile app or can I just re-use the entry that the website has? If I create a new entry, what would I put in the realm and return URL? Mobile apps don't use URLs so I'm confused.
Thanks.
ACS supports a jsnotify protocol which basically will fire a JavaScript event that the host can listen. However this only works on Windows Phone. The other option you have is to poll the InApp browser (webview) until the URL is equal to whatever you put on the return url. Then inspect the result of the page to get the token, but that's not very easy. The truth is that ACS has not been updated for years and they are behind on mobile scenarios. You will probably spend a week or so trying to get something to work.
You can look at other services like Auth0 (disclaimer: I work at Auth0) which support the same protocol ACS supports (Ws-Fed) and have native support for lots of platforms (ios, wp, windows8, android, xamarin, etc.).
Related
I built a website with reactjs and the client wants that the web automatically creates a link on the phone home screen that opens chrome to the specific url of my website.
Is this possible without wrapping the reactjs with another framework like Cordoba, Ionic or React Native?
Thank you so much
A web application has no access to the device's internal APIs. Web applications are naturally subject to the browser's features, restrictions and limitations in which it is running on. Even native applications has to request access from the user to have such permissions. What your client asks is, regretably, impossible.
I agree with the above answer by #Lux Ilustre. You can't add the application link to the phones homepage without the users permission. But it is possible to make your website installable with a PWA. You can create a PWA with a manifest file and a service-worker file which makes possible to install the website to the users phone and load assets from cache which makes it possible to make some parts of your website function offline.
I have followed Adrian Halls book to create a cross platform app with a Mobile Service API backend. I have successfully got unsecured access to the backend working from Android, iOS and Desktop (WPF) clients. I am moving on to adding security to the API using the Authorise attribute. I would like to add social authentication using MicrosoftAccount (formerly passport/Live ID).
Since Adrian wrote his book the Microsoft.Azure.Mobile.Client and the authentication and authorisation landscape seem to have moved on. The samples given in the book no longer build and Microsoft's social authentication and AAD authentication seem to have been rolled into one API.
I have spent days searching for up to date and relevant information but there seems to be lots of stuff on the internet that is either out of date or only shows examples of authenticating using Facebook or Google from Xamarin clients or authenticating against Azure AD.
I am using .NET 4.7 and WPF for the desktop app. I am also using Microsoft.Azure.Mobile.Client V4.0.1. and my questions are:
Should I be using the Microsoft.Identity.Client to authenticate users from my desktop client; and,
If so can someone point me to an example of the client flow that I need to follow, specifically how do I get the authorisation token that I need to pass to the new MobileServiceClient.LoginAsync() function that uses the identification provider and token parameters?
If so can someone point me to an example of the client flow that I need to follow, specifically how do I get the authorisation token that I need to pass to the new MobileServiceClient.LoginAsync() function that uses the identification provider and token parameters?
According to your requirement, you want to use client-flow authentication with MSA. As I known, MSA authentication uses the Live SDK for signing users.
Since Live SDK is deprecated, you could leverage OneDrive SDK for CSharp for logging with MSA, and you could follow the detailed steps for achieving this purpose:
Install the client libraries via NuGet:
Microsoft.OneDriveSDK
Microsoft.OneDriveSdk.Authentication
Log into Microsoft Account Developer Center and create your app, add the native application platform, then Register your app with Microsoft Account.
Then you could follow the code below and add to your WPF application as follows:
For more details about OneDrive SDK for CSharp, you could refer to here and Authentication Adapter for the OneDrive SDK.
UPDATE:
It's my fault. I did not mention that the above code would automatically open a web browser. Per my test, you could configure the parameter returnUrl to https://login.microsoftonline.com/common/oauth2/nativeclient when constructing your MsaAuthenticationProvider instance.
I was in a similar boat - and here is summary from the top of my head - There two security libraries currently in play for authorization- ADAL, and MSAL.
ADAL
This is the first library that came out, and services like B2C must each be handle separately using this library.
MSAL
One security framework to rule them all!
https://github.com/Azure-Samples/active-directory-xamarin-native-v2
This library has a go live license, but technically it's still in Beta.
Head to Mobile.azure.com for the last info in creating a mobile application, and this article on a V2 endpoint.
When you register an application for Authorization - there are two categories a "Converged" application, and a "Live SDK application" ( see https://apps.dev.microsoft.com/#/appList) - why they would choose these names is beyond me to understand. IMPORTANT Translation - Converged application ONLY work with MSAL, the other ONLY works with ADAL. THAT will go a long way for you to get the authentication working, as the Application / Client ID must match the correct SDK, and hence endpoint.
In the end, we chose to stay with ADAL for now as we were having problems with MSAL. MSAL is the future however, as all services will be incorporated, and it should be an easier SDK to use.
Here are some links that I kept, all of which refer to ADAL or MSAL:
http://aka.ms/aadv2
https://azure.microsoft.com/develop/identity
https://learn.microsoft.com/en-ca/azure/active-directory/develop/active-directory-authentication-scenarios#native-application-to-web-api
https://github.com/AzureAD
https://github.com/AzureAD/microsoft-authentication-library-for-dotnet
These links are about month old - HTH
I was wondering what would be a better way to let my jQuery Mobile app "know" the user of the app after completing a registration process.Since the handlers in my Python Google App Engine app expect a username, i decided to store the username in localstorage and then use this as part of any request made to the server.But i don't think this is a good design idea (?).After a lot of search, i have found that jQuery Mobile does not support Google login (Please correct me if am wrong) So i have decided to use the Users Service from the server end.I am confused on how to implement this, since the users service from Google has it's own sign-in form.
Is it possible to use this same service with jQuery? If so, can i change the design of the sign-in form to blend in with the design of my jQuery app?
jQuery Mobile is just a template designer created directly for mobile web applications using a mobile web browser. It does not possess any connections with server side scripting automatically.
You need to create a connection using server side scripting.
Once you login in using the Google Login, your app associates it with the Google account.
jQuery is just a browser scripting. It does not have an automatic connection with the server unless you connect using AJAX to request to a server, but still need to code the server using HTTP protocol (as a tunnel) and server side scripting language like Java, Python, or PHP.
If you just want to get the "username" using a javascript, you may use REST to get the user information after login. You may look for how JSON or XML REST is created (but putting the username on local storage is not a bad option, without the password, however it may get deleted if you clear the root), but knowing that you are already connected with Google Sign in, just as long as you are already logged in with Google, your app should be able to retrieve the Google username.
Udacity also contains a complete course about web development focused on Google App Engine using Python, and how you may use cookies, password encryption, as well as user login. A detailed information about HTTP protocol is also discussed.
https://www.udacity.com/course/cs253
Note that the course I took existed 2 years ago. It may be different now.
I am trying to return the Client UserName back into Silverlight by using HttpContext.Current.User.Identity.Name in the .aspx page that starts the application.
I have this hooked up to InitParams working fine passing it into silverlight with the ASP.Net Development Server but when I change to an IIS Web site it returns an empty string.
All of our users will be on the same IP subnet with different domains. This is a intranet app. I need to know who they are, preferably without authenticating, in order to load the proper interface. I do not have any Windows or Forms authentication established in the app yet.
....is it possible?
Without authentication on the server-side, I believe this is not possible. You'll have to have the ASP.NET page authenticate in order for it to write the client's username into that init param.
The test web server's process is running as the local developer, it probably appears to be working since both the client and server are running as the same user.
Suggestion:
Enable Windows authentication in IIS for that application folder that hoses the ASP.Net page. Disable anonymous. This should (in theory) be fine for the intranet. At this point I think you should be able to get Authenticated user from HTTP context. We use Thread.CurrentPrincipal.Identity.Name since we're doing this in a WCF web service.
Not all browsers support Windows authentication. IE and Chrome seem to work the best. Firefox requires you to enable this per-site (look up the "trusted-uris" settings, note that Negotiate and NTLM are separate settings). Safari and Opera as well as non-windows clients, I'm not sure any more.
To get more consistent support across browsers look into the "alternative" client HTTP in Silverlight. However, I guess this wouldn't work with setting init params in the asp page. If you could make an additional request to another ASP page (or a web service) to get the user after loading you could choose to use this other http stack. I found it supports authentication itself, regardless of the browser.
I want to implement "mobile website provider" tool. Basically, It intake desktop website url and generate a mobile version of website without edit/add additional content to the desktop website. I am planning to design a product like (what mofuse.com does. This website create mobile websites). This tool should be hassle free to client(who are not tech savvy.)
1.Q) I want to know kind of functionality involved in this process.
2.Q) In Java Technology, I need the tool set and functionality of this actitity.
As I am new to this mobile application environment. Any information(web links) regarding this will be appreciated.
Update:
its not like skweezer.com.
I had a website and I want to "mobile"ize it. 1) What kind of java tool set I have to use to create mobile web site? 2) How to test in multiple mobile devices 3) How the domain name will be created for mobile websites.
Check out our Wapple Architect tech (http://wapple.net) - we allow you to use the same content from web to mobile, but if it's mobile, instead of outputting the html, use a web service to turn it into the right content for that particular handset.
Mobilizes the same domain, no need for m.yourdomain.com or anything like that.
Check http://wapple.net on a mobile for example!
there are certain plugins which mobilise your website .
they check user agent and if user agent is of mobile browser they load another css of mobile and if you want to redirect some another redirect it ther.
you dont have to buy separate domain make sub domain or cname like
m.yourdomain.ccom
wap.yaourdomain.com
try some javacripts code which detect browser type and redirect accordingly.
The best place to learn about mobile toolkits are
WURFL - The open source community built around profiling devices and managing their capabilities (http://wurfl.sourceforge.net/)
Mobile Elements - A tool to help you build mobile sites using a proxy type approach (http://www.mobilelements.com)
Device Atlas - A device profiling tool (http://www.deviceatlas.com)