Thursday, January 16

External Authentication Services in Visual Studio 2013

Introduction: Visual Studio 2013 and ASP.NET 4.5.1 provides external authentication services for
Microsoft,Google,Facebook and Twitter.

 The following steps show how to configure file to integrate the external authentication services.

 Steps:

 Open visual studio 2013 and create new project and select ASP.NET Application.
Select "Single Page Application" template from template.

 Press F5 and it shows a login screen; no external authentication services are enabled.

In the solution explorer, open "app_start" folder and the open "startup.auth.cs" file. Locate the code for authentication. Remove "//" to uncomment and then add your key and secret for Facebook,Twitter and Microsoft account.



Compile the project. Press F5. You should be able to see the external services as the following screen.

Posted by at No comments:

Wednesday, January 15

Cross Origin Resource Sharing (CORS) in ASP.net Web API

The Same-Origin policy is a security policy enforced on client-side web apps to prevent interactions between resources from different origins. This is useful for preventing malicious behavior such as XSS (Cross Site Scripting) attacks. This measure prevents interactions between known resources. Cross-origin resource sharing (CORS) is a mechanism that allows JavaScript on a web page to make XMLHttpRequests to another domain, not the domain the JavaScript originated. CORS specifications allow us to make cross origin AJAX calls. ASP.net Web API supports CORS.

With ASP.NET Web API, CORS can be enabled at application level or at specific controller or action level. To make it enable globally, add “Access content allow origin” to web.config file:
<system.webserver>
    <httpprotocol>
      <customheaders>
        <add name="Access-Control-Allow-Origin" value="*"></add>
      </customheaders>
    </httpprotocol>
  </system.webserver>
To enable CORS at Controller level or at action level, add config.EnableCors to Register method of WebApiConfig.cs file.

using System.Web.Http.Cors;

public static class WebApiConfig
{
    public static void Register(HttpConfiguration config)
    {
               //CORS enabled
        config.EnableCors();
    }
}

To enable CORS for a specific Controller, add  [EnableCors] for that controller.

 [EnableCors(origins: "*", headers: "*", methods: "*")]
public class TestController : ApiController
{
    public HttpResponseMessage Get() { ... }
    public HttpResponseMessage Get(int id) { ... }

    [DisableCors]
    public HttpResponseMessage Post() { ... }
}

To restrict domain, we can supply a list of domain name in origin parameter.
 [EnableCors(
               origins: "http://web1.com,http://web2.com",
               headers: "accept,content-type,origin",
               methods: "get,post")]
public class TestController : ApiController
{
               public HttpResponseMessage Get() { ... }
               public HttpResponseMessage Post() { ... }
               public HttpResponseMessage Put() { ... }
}
Posted by at No comments:

Tuesday, January 14

Web API 2 and Attribute Routing

Introduction: Web API 2 supports a new type of routing, called attribute routing in addition to convention-based routing. Routing is how Web API matches a URI to an action. In attribute routing, we use attributes to define routes.
Here we'll create a REST API and we'll retrieve data using attribute routing.

Steps:

Create a new ASP.net Web application with Web API template.


Add Classes to Model: Add a class and name it as "Customer".


Replace the code with the following code:

Add another class named Order and replace the code with the following code.


Add Web API Controller: Right click the controller folder in solution explorer and then Add| Select Controller|. In the "Add Scaffold" dialog, select "Web API Controller with actions,using Entity Framework".


The Model and Controller folders in the solution explorer:

Seed the Database: From Tools Menu | Library Package Manager | Package Manager Console
In the package manager console window- enter the following command : Enable-Migrations

It creates "Migration Folder" and "configuration,cs" file. Open the configuration.cs file and add the following code to the configuration.seed method.


In the package manager console window, run the following commands:
Add-migration Initial
update-database

Add Route Attribute:

We'll use Controller to use Attribute Routing. We'll add RoutePrefix to the controller to define initial URI segment of all methods in controller. Then, add [Route] attribute to the actions.

The Route template for each method is the prefix plus the string specified in the "Route". The Route template for getOrder method includes a parameter of Integer type.

Output: Run the application and request for all orders (http://localhost#/api/orders). 
Response:

Now request for a order (http://localhost#/api/orders/2).
Response:
































Posted by at No comments: