0

I was thinking in develop a mobile app, integrated with and old Web App.

My first idea is use PhoneGap (with the new support on VS 2013) and REST WebApi Service.

The idea is to have my web app with registration, login, etc (using ASP.NET Identity). And the Mobile app with registration, login, etc (using a wrapper or something like ASP.NET Identity with token authentication) Basically mirror the functionality of the web app on my mobile app (only with the authentication and authorization differences).

So far so good.

But searching on the net I don't find any good example to integrate with my asp.net identity module. At the moment I know the mobile App's doesn't support cookie, so the idea is use the "token authentication". But I cannot find a good example to implement this and complement with my web app user database.

There is a tutorial or sample project like my requirement? And what is the best approach to develop this?

Thanks in advance.

HolloW
  • 720
  • 11
  • 21
  • send credentials via REST service, retrieve the token and store it locally, in localStorage for example and then in each request add the token stored in localhost. – Marcin Mikołajczyk Jul 18 '14 at 06:25
  • 1
    On a recent project I was able to use the built-inn vanilla "bearer" token authentication in MVC 5 along with a Cordova app. Log in and you get a token back in the reply. Store the token in localStorage and just include it in the headers of REST requests from your app. Sorry, don't have time to write a good answer at the moment. – Matt J. Jul 24 '14 at 05:57
  • @MattJ. So.. you only use the authentication with Google/Microsoft/Facebook login? Without the custom registration from ASP.NET Identity? – HolloW Jul 24 '14 at 12:24
  • Used both custom registration with .Net and Facebook too. But ended up creating my own token which I passed around as a parameter with each rest call rather than the "bearer xxxx" in the header. Kind of unconventional but worked and offered more control. Sorry, I just looked at the code to see if there was anything worth sharing here, but it's too tightly integrated with other stuff. – Matt J. Jul 25 '14 at 05:13

3 Answers3

3

You could also go the native route. Make custom cordova plugins that you marhshal your api calls through.

http://cordova.apache.org/docs/en/3.5.0/guide_hybrid_plugins_index.md.html#Plugin%20Development%20Guide

Your native code would then make any necessary adjustments to the headers collection before sending the request.

android:

DefaultHttpClient client = new DefaultHttpClient();
HttpPost httpPost = new HttpPost("[your-api-url]");
httpPost.setHeader("[header-name]", "[header-value]");
HttpReponse httpReponse = client.execute(httpPost);

InputStream reponseInputStream = httpReponse.getEntity().getContent();

iOS:

NSMutableURLRequest* request = [[[NSMutableURLRequest alloc] initWithURL:url] autorelease];

[request addValue:@"[header-name]" forHTTPHeaderField:@"[header-name]"];
Thomas Bates
  • 677
  • 4
  • 15
2

I have come across this exact scenario, but I chose to build the client using Xamarin for iOS. I am assuming you want some hands-on examples, so here they are:

1. Persisted storage for Accounts on the Mobile App

https://components.xamarin.com/view/xamarin.auth

2. The Client Wrapper (make this a Portable Class Library)

https://github.com/nbusy/NBusy.SDK/tree/master/src/NBusy.Client

Basically, when you login, the AccountStore keeps the token (whatever kind you are using on the server side for the API, i.e. Basic Authentication, Bearer Token, etc.) on a local encrypted storage and it is used by the Client PCL on every call made to the API.

I have the full working solution for this but I cannot make it public. I hope these hints will help you towards finding the right solution.

Corneliu Serediuc
  • 404
  • 3
  • 7
  • @Cornelie Serediuc Good info, but I don't want to use Xamarin. I know it, but at this moment I try to simplify and do it with phoneGap, my idea is simple and can be accomplished with it. In any case, there is a chance to share your code with me? of course I will not public, its just for take an good example. Thanks. – HolloW Jul 23 '14 at 12:23
  • @HolloW - Which part of the code is interesting for you? The Token generation used with the ASP.NET Identity by the API? Or the client Wrapper? – Corneliu Serediuc Jul 23 '14 at 12:42
  • @Cornelie Serediuc The two parts, if you can gave me a simple example of this two, with the registration, login and simple method call of another form it will be amazing. – HolloW Jul 23 '14 at 13:08
  • @HalloW - It's a lot of code to post in. Here is great tutorial that should get you started: [link](http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/). Let me know if it helps. If it doesn't, I will provide further information. – Corneliu Serediuc Jul 23 '14 at 13:44
  • I already read that tutorial. In any case, do you know another with a simple implementation of a client with phonegap using token? I think with these I have a good starting point. – HolloW Jul 24 '14 at 12:22
  • Unfortunatelly, I haven't used PhoneGap before. I would suggest to use [Basic Authentication](http://www.asp.net/web-api/overview/security/basic-authentication) token, as it is not necessary to do another round trip to the server to get the token. You have an implementation for a C# client at the address above. All you need to do is use the client with the AuthorisationToken as parameter. – Corneliu Serediuc Jul 24 '14 at 14:35
  • Ok, I will try to do that. I will upvote your answer, but please if you have time to make a small sample with your code will be amazing. – HolloW Jul 25 '14 at 14:01
1

I have used Asp.net as the server side and Phonegap as the client side for several times. Firstly, you're correct, You could not use cookie in Phonegap APP. Phonegap provides something else to store the local data. How to store local data in Phonegap

There are usually 2 ways to implement authentication as for my experience.

1 As mentioned by Marcin:

Post the input login data to server->Server sends back a Token key(available for a period of time)->Store the token key somewhere(such as localstorage,websql)->Post the Token next time for authentication

2 Oauth mode:

When a user click login button, a window pops up. In the window, it's one link of you existing site. You could input your login information in this window(not in Phonegap app but actually in the page of your site). If valid, the window will get a url which with token key back to you(such as "abc.com?token=a2E4w"). Pass the token as a parameter of each your API and check if it is valid in every request. To store the Token key, you could use the thing mentioned in point 1.

Note that the second point will be more safe I think because "the login information" and "the input action" both happen out of Phonegap app.

Jack He
  • 1,683
  • 3
  • 18
  • 29
  • Good information. Do you have any sample of this 2 kinds of implementation? or at least one of them? – HolloW Jul 21 '14 at 11:41
  • @HolloW Sorry, I do not have demos for these 2 for now. – Jack He Jul 23 '14 at 01:25
  • @HolloW Regarding to the first one, I think the implementation should not be hard for you. Regarding to the second one, I think you could check some related tutors about Oauth such as Facebook,Twitter. – Jack He Jul 23 '14 at 01:31
  • How do you generate the token on the server on the first case? Do you know a good practice or is a simple hash with expiration time? – HolloW Jul 23 '14 at 12:00
  • @HolloW I found a excellent answer here. That may resolve your doubt. http://stackoverflow.com/questions/14643735/how-to-generate-a-unique-token-which-expires-after-24-hours – Jack He Jul 24 '14 at 01:42