I get module zero, and run it. Then the address of question/getquestion web api is, <a class="postlink" href="http://localhost:6242/api/serivces/app/question/getquestion">http://localhost:6242/api/serivces/app/ ... etquestion</a>
If I invoke this web api in another application, such as a console application, a win form application or a mobility application, it return
<Response xmlns="http://localhost/API/SERVICES/app/question/getquestion"> <error> <code>0</code> <details null="true"/> <message>No user logged in!</message> <validationErrors null="true"/> </error> <result null="true"/> <success>false</success> <unAuthorizedRequest>true</unAuthorizedRequest> </Response>
I know I miss the authentication data in the request, but what authentication should I pass? I assume I need to invoke a user/login web api to get the authentication data, and then pass it in question/getquestion web api. Could you please give me some suggestion? Thanks so much.
7 Answer(s)
-
0
I used the Sample project from here as a starting point.
<a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/tree/master/sample">https://github.com/aspnetboilerplate/mo ... ter/sample</a>
If you need to make Authorized requests against your Application Layer Api's then what I do is hit the MVC AccountController Login action first that gives me back a token. The browser (or any other device has to ) will then send along all the token in the header values of each request to any APIs.
You can see any example of the Sample AccountController here: <a class="postlink" href="https://github.com/aspnetboilerplate/module-zero/blob/master/sample/ModuleZeroSampleProject.Web/Controllers/AccountController.cs">https://github.com/aspnetboilerplate/mo ... troller.cs</a>
To hit your MVC or WebAPI endpoints from other applications (mobile devices, 3rd party websites) you have to setup CORS. What I do is bring in the Asp.net Nuget packages for CORS.
You do not have to required your API endpoints to be authorized. You can do so by removing the AbpAuthorize attribute from either you Application class or MVC controller class.
Here's an example of my Application Layer controller requiring authorization. [AbpAuthorize] public class CampaignsAppService : CaptureApplicationServiceBase, ICampaignsAppService
Here's an example of my Application Layer controller allowing anonymous access.
public class LookupsAppService : CaptureApplicationServiceBase, ILookupsAppService {
I'm not sure if it will help you to an example of my website that is built based off the Abp framework and Zero module. You can see the javascript and usage of both a traditional MVC application and SPA.
<a class="postlink" href="http://www.capturedog.com">http://www.capturedog.com</a>
Hope this helps.
Chris
-
0
Thanks langman66.
I have went through the sample project Module Zero. Yes as you said, it do hit the MVC AccountController Login action first that gives me back a token. The browser (or any other device has to ) will then send along all the token in the header values of each request to any APIs. Ok, then let’s see, In the sample project, we can get the token by hitting the MVC accountcontroller login action, but if I invoke the authorized web api in an console application by posting HttpWebRequest, how do I get the token and send the token in the header of the HttpWebRequest?
As my assume, If I need to get the token, I need to invoke an account/login web api to get it. But in the sample module zero project, it is a MVC accountcontroller login action. I have thought move the coding of MVC accountcontroller login action to web api/application layer, but the web api is dynamic generated in the abp framework, I have tried, but failed.
Look forward your advice, do you have a sample of invoking an authorized api in other application, such as an console application using post HttpWebRequest.
-
0
Hi,
Authentication is done using ASP.NET Identity Framework and it uses cookies for auth info. Web clients like browsers sends cookies automatically but a console app does not. I did not try this before but you can search with these informations since it's not a problem specific to ABP authorization. An example discussion on same topic: <a class="postlink" href="http://stackoverflow.com/questions/14760989/how-can-i-authenticate-to-an-asp-net-webapi-that-is-using-forms-authentication-f">http://stackoverflow.com/questions/1476 ... tication-f</a> If you can find a solution, please share with us.
-
0
I have addressed it with a easy way, may be it is not a best practice, but I would like to share it here:
in console application, first I post a HttpWebRequest to <a class="postlink" href="http://localhost:62345/account/login">http://localhost:62345/account/login</a>, then in the response, we can get the cookie with access token.
Then I send the request to <a class="postlink" href="http://localhost:62345/api/services/app/question/GetQuestions">http://localhost:62345/api/services/app ... tQuestions</a>, and put the cookie with access token in the request header.
then question/GetQuestions works fines, the result id returned.
-
0
I think this is a good solution. Thanks for sharing.
-
0
Could you please share the code for returning the cookie from the login action and passing it again in following request header.
Thank you
-
0
I prepared a complete working example for this question:
Gist: <a class="postlink" href="https://gist.github.com/hikalkan/e1b9f45e08b24ef87e33">https://gist.github.com/hikalkan/e1b9f45e08b24ef87e33</a>
The solution: <a class="postlink" href="https://github.com/aspnetboilerplate/aspnetboilerplate-samples/tree/master/ConsoleRemoteWebApiCall">https://github.com/aspnetboilerplate/as ... WebApiCall</a>
