authentication - Authenticating from a cross-platform mobile application consuming data from a WebApi service -


i trying implement authenticating , identification on xamarin cross-platform mobile application consuming data webapi service have.

my goal follows:
have mobile application perform authentication against various identity providers, security token, , have passed webapi service inside requests' headers.
service implement delegatinghandler validate token, , extract userid it, later identification , authorization needs.
client code share-able as possible !

my options afaik follows:

  1. use azure mobile services generate federated security token on client side, , validate token on webapi service. think possible, this answer. code-sharing on client side looks promising, xamarin azure mobile services components.

  2. use azure access control service(acs) generate federated security token on client side, , validate token on webapi service. however, don't think consuming acs on client can code-shared. besides, acs not new guy in town...

  3. use xamarin.auth component have client side authentication directly against identity providers, generate jwt security token, , have validated on webapi service. should give more access users' data idp. @ moment component lacks windows phone support, , it's not available before late fall.

if has dealt scenario, please share experience , let me know right way go.
if goal wrong in first place, don't hesitate criticize well.

are using windows azure mobile services (wams) backend @ all? looks have own api unrelated wams.

if want use wams ability give jwt , authenticate twitter/fb & live (their supported idps), need use token handler knows how deal wams' token idiosyncrasies. (this doc shows how sign jwt).

it possible use acs, have limited number of idp (albeit more wams), , of course api have consider different token format.

you can take @ our approach type of integration in 2 tutorials wrote. oriented towards our own identity platform, sdks use open source , can @ how work (look links github repository).

xamarin tutorial

webapi / mvc tutorial

a comment on #3. not idps capable of issuing jwt. need intermediary generate (e.g. acs, service ours, etc). not idea generate token in client code, because client code "not trusted". (and secrets not stored in device).


Comments

Post a Comment

Popular posts from this blog

c# - Send Image in Json : 400 Bad request -

from android trying send image class of data, iis webservice. (c#) the problem 400 bad request . the image being encoded base64 . , placed json rest of class elements. my guess base64 not valid inside json. server not understand it. if set string "" , post accepted fine. so question is, how make base64 valid within json array? ( tried url.encode no success). or how should send image android webservice? gson gson = new gson(); string json = gson.tojson(record); // record has param { string base64photo } how big image? i'm pretty sure surpassing iis json size limit (default 4 mb). check http://geekswithblogs.net/frankw/archive/2008/08/05/how-to-configure-maxjsonlength-in-asp.net-ajax-applications.aspx or http://www.webtrenches.com/post.cfm/iis7-file-upload-size-limits good luck!
Read more

jquery - Fancybox - apply a function to several elements -

this source code below posted cristiano g. carvalho in answer question: calling fancybox gallery other link made user. <div class="details_gallery"> <a href="#" class="manualfancybox">manual call fancybox</a> <div class="details_gallery_min"> <a rel="details" href="max/1.jpg" class="fancybox"><img src="min/1.jpg" alt="" /></a> <a rel="details" href="max/2.jpg" class="fancybox"><img src="min/2.jpg" alt="" /></a> <a rel="details" href="max/3.jpg" class="fancybox"><img src="min/3.jpg" alt="" /></a> <a rel="details" href="max/4.jpg" class="fancybox"><img src="min/4.jpg" alt="" /></a> </div> </div> <script> $(document).read
Read more

An easy way to program an Android keyboard layout app -

i program android app replaces standard keyboard 1 one-hand optimized coffee++ keyboard layout. what special problems have face in progress? guess such project go deep android core, cause keyboard such essential thing. is wise start android developer tools (adt)—eclipse plugin described in this tutorial ? or there better way achieve goal? i new android programming, firm in php, mysql , javascript , use eclipse php i guess such project go deep android core, cause keyboard such essential thing. no. can create inputmethodservice implementation of keyboard. there sample soft keyboard in android sdk installation (if chose download sample code sdk manager), , there open source input methods floating around well, such hacker's keyboard. inputmethodservice distributed part of ordinary android application, , user can elect activate input method if user chooses. is wise start android developer tools (adt)—eclipse plugin described in tutorial? that fine s
Read more