Base solution for your next web application
Open Closed

Login from external system (e.g. mobile device) #463

User avatar
0
cashonledger created

I'm developing a mobile application (iOS/Android) with Xamarin (C#) and wanted to connect to my ASP.NET backend. I've read in the forum that I should just call Account/Login and use cookies for subsequent requests. I haven't really tried the last part yet (I guess it should work fine with cookies), but I've got a question to the first one.

I'm using RestSharp in my project and calling Account/Login is no problem. Just some easy-to-understand code of the request to put this in context:

RestRequest request = new RestRequest ("Account/Login", Method.POST);
request.AddParameter ("tenancyName", "foo");
request.AddParameter ("usernameOrEmailAddress", "bar");
request.AddParameter ("password", "baz");

If the login is successful, I get this JSON response:

{
  "targetUrl": "/Application",
  "success": true,
  "result": null,
  "error": null,
  "unAuthorizedRequest": false
}

This is great! I can work with that. But if the credentials are wrong, I get an HTML response (and not a JSON response) and this is something I can't parse. Is there a way to always get a JSON response? I've already tried this:

request.AddHeader("Accept", "application/json");

But that doesn't seem to do anything. Is there some way to achieve this?

Go to accepted answer
3 Answer(s)
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    1. You can use token based authentication for mobile clients which is more proper for non-browser clients. It does not use cookies but uses header tokens for authorization. See document: <a class="postlink" href="http://www.aspnetzero.com/Documents/Development-Guide#token-based-authentication">http://www.aspnetzero.com/Documents/Dev ... entication</a>

    2. It should not return HTML in errors normally. But customErrors should be "On" in web.config. Please check it.

    Thanks.

  • User Avatar
    0
    cashonledger created

    Thanks! We had to update ABP though, because token-based authentication seems to be fairly new. ;) But it works great!

    I think we may have found a bug. In AccountController.cs there was no LocalizationSourceName set. That's why we got this error, when it tried to throw a UserFriendlyException for an invalid username/password or other errors:

    Abp.AbpException: Must set LocalizationSourceName before, in order to get LocalizationSource
  • User Avatar
    0
    hikalkan created
    Support Team

    Hi,

    Strange, I have tested it :) Anyway, I fixed: <a class="postlink" href="https://github.com/aspnetzero/aspnet-zero/commit/594d6535d8b52fb3776ff46c8619d74a6b2a7f4a">https://github.com/aspnetzero/aspnet-ze ... 4a6b2a7f4a</a> Thank you very much.

Assignee
No one
Labels
Non yet