|
Richard Andrew x64 wrote: My company wants to create an internal portal website as a gateway to our applications that is hosted in an on-premises web server.
I don't want to try to re-invent the identity management, login and authorization process.
Is there any third-party solution that can be integrated with a local website to perform login functionality and user management?
It's funny you mention this, Richard. Right now, I'm working on an authorization and authentication system for my project. Creating the system from the ground up will take way too much time and effort to implement, so I'm using Google's Identity Services ("GIS") for this. If you just want a simple login prompt, it's fairly easy to implement. I'm implementing a more comprehensive and custom approach, so it will be some time before I get things up and running properly.
Are you developing in a Windows environment? If so, MS Visual Studio allows you to create web applications using a generic user account template. In VS, create a blank web application. You will be prompted to choose a type of user account system. Select the "Individual User Accounts" option, and VS will create your application with a built-in user accounts system. From there, you need to customize the user accounts system, but it only took me a few hours to get up and running.
I haven't looked into any other 3rd party services as of yet, but I plan to allow users to log in with various social media accounts. Microsoft's authentication service looks to be a bit more convoluted. I think you have to go through a process where you verify the identity of your organization before you can implement anything. It sounds like an arduous process.
If you want to take a look at GIS,
see: Authentication | Google for Developers[ ^]
|
|
|
|
|
Yes, we eventually settled upon the automatic login functionality that's baked into ASP.NET Core. It will suffice for now.
The difficult we do right away...
...the impossible takes slightly longer.
|
|
|
|
|
Richard Andrew x64 wrote: Yes, we eventually settled upon the automatic login functionality that's baked into ASP.NET Core. It will suffice for now.
Yep, that's what I used. I tried using the .NET Framework 4.x before using .NET Core. The former is pretty much depreciated for this type of thing.
One thing that perplexes me is the email functionality in .NET Core. When a new user creates an account, the components that handle the confirmation emails require a 3rd party SMTP service. If I remember correctly, I used something called "SendGrid". I have no idea why this is. I couldn't find anything that would let me integrate SMTP service into the project. I looked everywhere for anything, and using a 3rd party for SMTP service was the only reasonable option. Did you encounter anything like this?
|
|
|
|
|
I forgot to mention Amazon Web Services as an option. It's called "Identity and Access Management (IAM)", and that's the entire extent of my knowledge. Did you look into it? I haven't yet done so.
|
|
|
|
|
Every week I get a Dependabot alerts from github about my repositories, but when I go to have github build the needed PR to do the updates, it always fails with the error "/Gemfile.lock not parseable". The file looks good to me, but then I really have no idea what it's supposed to look like. IS there online service that will parse & lint a gemfile and tell me what's wrong with it?
Truth,
James
|
|
|
|
|
You'll probably want to start with the documentation:
Bundler: gemfile[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I have an Asp.Net MVC API with this controller :
namespace ApiDemo.Controllers
{
[Route("api/[controller]/[action]")]
[ApiController]
public class UsersController : ControllerBase
{
[HttpGet("{id}/{name}/{birthDate}/{isAlive}/{presNo}")]
public IActionResult Get(int id, string name, DateTime birthDate, bool isAlive, int presNo)
{
return StatusCode(200);
}
}
}
When I call this Swagger generates this Request URL:
https:
I don't understand the instances of '%20B' or '%3A22'. They are not always the same. What are these? Where are they coming from?
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
It's %20 , not %20B. The %20 is an encoded space character.
The same is true for %3A , not %3A22. The %3A is a colon.
Encoding is required because certain characters are illegal in URLs, like a space or :, unless specified in certain places. For example, a colon is only legal after the protocol and between the hostname and port number.
So, your unencoded URL is:
https:
|
|
|
|
|
OK, so here's another from the same api call:
https:
So how would a client like, say for example a console app, call this? Would the app have to format the URL to convert spaces & colons to look like that??
Thanks!
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
|
Thanks!
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
I posted on this yesterday, but I haven't made any progress.
I'm just trying to set up a simplet test API. Here's my controller:
[Route("api/user")]
[ApiController]
public class UserController : _ControllerBase
{
public UserController(IConfiguration configuration) :
base(configuration)
{
}
[HttpGet("getById/{id}")]
public IActionResult GetById([FromQuery]int id)
{
try
{
var repo = new Repository(GetDataContext());
var owner = repo.GetById(id);
if (owner is null)
{
return NotFound();
}
else
{
return Ok(owner);
}
}
catch (Exception ex)
{
return StatusCode(500, "Internal server error");
}
}
[HttpGet]
public IActionResult GetAll()
{
try
{
var repo = new Repository(GetDataContext());
var owners = repo.GetAll();
return Ok(owners);
}
catch (Exception ex)
{
return StatusCode(500, "Internal server error");
}
}
[HttpPost]
public IActionResult Test([FromBody]TestEntity testEntity)
{
return StatusCode(200);
}
}
I can call the first two methods, GetAll and GetById like this:
https:
and
https:
and they both return data. But this gives me a Not Found error
[HttpPost]
public IActionResult Test([FromBody]TestEntity testEntity)
{
}
called using Postman like this:
https:
Questions
First, I'm not even sure I have the controller methods set up right. I don't really understand when/why to use the various attributes such as [FromBody] & [FromQuery]. I'm slowly learning by I may have it wrong here.
If I'm passing an object, as opposed to say an int, what should the method signature look like? Do I use FromBody or FromQuery? My Google searches return many different results. What would the correct syntax look like?
Second, the way I'm passing params, seperated by '/' seems wrong. Shouldn't the call to the API look something like this?
https:
Am I doing something wrong here?
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
Kevin Marois wrote: called using Postman like this:
https:
Aside from the syntax error in your JSON (no quotes around the name value), that doesn't look like a valid POST request to me.
In Postman, the method should be set to POST , and the JSON should be in the body, not the URL.
Send parameters and body data with API requests in Postman | Postman Learning Center[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
OK, but do I have the method set up correctly?
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
The method looks OK, although you shouldn't really need the [FromBody] attribute.
For ASP.NET Core:
Route data and query string values are used only for simple types.
If you're still using WebAPI 2 in .NET Framework:
To force Web API to read a simple type from the request body, add the [FromBody] attribute to the parameter:
In either case, your parameter is not a "simple type", so it should be bound from the request body by default.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
OK, but even when I pass it in Postman from body, it still fails to find it. I'm not sure what's wrong
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
OK, so I'm still having some issues.
I created a new API and enabled Swagger. I added this controller method to the default out of the box WeatherForecastController:
[HttpPost("GetPersonInfo/{entity}")]
public IActionResult GetPersonInfo(PersonEntity person)
{
return StatusCode(200, $"{person.Id}: {person.Name}");
}
When I run it, and click the Try It Out button, I enter
{
"id": 135,
"name": "Jack Smith"
}
in the Body field and click Execute, and it works. I get back
135: Jack Smith
But when I go to Postman, and fill in the sample Json in the Body tab
{ "id": 135, "name": "Jack Smith"}
and call it
https:
I get a 404.
That's the URL right out of swagger and the body I used. Any idea what this doesn't work in Postman?
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
modified 21-Apr-24 18:39pm.
|
|
|
|
|
Kevin Marois wrote: [HttpPost("GetPersonInfo/{entity}")]
Assuming you're passing the JSON in the POST body, you shouldn't have the {entity} parameter as part of the route template.
Given the current route template, it looks like you're trying to pass the request body in the URL, which is the wrong thing to do.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I'm trying to learn ASP.Net MVC Core API. I think I'm doing the routing wronge.
I have a UserController:
namespace Falcon.API.Controllers
{
[Route("api/user")]
[ApiController]
public class UserController : _ControllerBase
{
public UserController(IConfiguration configuration) :
base(configuration)
{
}
[HttpGet("getById/{id}")]
public IActionResult GetById(int id)
{
try
{
var repo = new Repository(GetDataContext());
var owner = repo.GetById(id);
if (owner is null)
{
return NotFound();
}
else
{
return Ok(owner);
}
}
catch (Exception ex)
{
return StatusCode(500, "Internal server error");
}
}
[HttpGet]
public IActionResult GetAll()
{
try
{
var repo = new Repository(GetDataContext());
var owners = repo.GetAll();
return Ok(owners);
}
catch (Exception ex)
{
return StatusCode(500, "Internal server error");
}
}
[HttpGet("login/{username}/{password}")]
public IActionResult Login(string userName, string password)
{
try
{
var repo = new UserRepository(GetDataContext());
var owner = repo.Login(userName, password);
if (owner is null)
{
return NotFound();
}
else
{
return Ok(owner);
}
}
catch (Exception ex)
{
return StatusCode(500, "Internal server error");
}
}
}
}
When I call it, I'm doing this:
public async Task Login(string userName, string password)
{
UserEntity results = null;
var url = $"https:// localhost:5001/api/User/Login/{userName}/{password}";
using (var httpClient = new HttpClient())
{
using (var response = await httpClient.GetAsync(url))
{
string apiResponse = await response.Content.ReadAsStringAsync();
results = JsonConvert.DeserializeObject(apiResponse);
}
}
return results;
}
This works. It calls the GetAll
https:
This works when calling GetById
https:
This does NOT work. I get a not found
https:
Can someone tell me what's wrong?
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
When you step through the Login code, what happens? The problem has to lie inside your repo.Login method, so that's the place you should be looking.
|
|
|
|
|
I guess what I'm asking is - isn't this the wrong way to pass params?
var url = $"https:// localhost:5001/api/User/Login/{userName}/{password}";
If so, that means I've set something up incorrectly. But I don't really know what.
In theory, theory and practice are the same. But in practice, they never are.”
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
|
|
|
|
|
Passing the credentials in the URL of a GET request is a very bad idea. You should only ever use a POST request.
With a GET request, you will end up with the credentials stored in plain-text in every log between you and the user, and in the browser history.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Hi forum,
What is currently the best method, in terms of security as well as scalability and least complexity, to store user uploaded documents on a shared hosting platform?
Is it to store the uploaded documents in a secure folder(s) location with a reference pointer (file path) in the database?
Or store the documents in the database itself (blob datatype)?
Or use a nosql "document store" version of the database?
The documents uploaded will be:
Mix of sensitive information (ex. containing a living person's date of birth) as well as historical, non-sensitive information
Varying in size from 1 page or image to several dozen
Varying in document type, mainly from .pdf, image files (.png, .jpeg, etc), .doc or .txt text files (there will be no audio or video file types)
The number of documents stored in the first year is estimated between 100 and 500, with about 1000 to 1200 additional each of the next couple of years.
If/when the site outgrows a shared hosting environment, other hosted solutions will be explored.
Other info:
PHP version 8.3.2
MySQL version 8.3.0 (InnoDB type used)
Thanks in advance!
modified 7-Mar-24 15:05pm.
|
|
|
|
|
I suggest you to stick with the former approach (storing files in a filesystem).
Storing large files in DB creates a lot of overhead when scanning table, inserting new rows, etc since such records span across multiple physical pages.
As a rule of thumb consider database for a structured data and filesystem or arbitrary unstructured files.
When it comes to NoSQL storages, most of the time you still expect the data there to conform to some schema. Their main use case is leverage horizontal scaling due to relaxed transactional guaranties (you can read more on a topic "CAP theorem" if you want to).
|
|
|
|
|
Thanks for the reply and information/suggestion. I appreciate it!
|
|
|
|
|