android - How to use security (Authentication & Authorization) in ASP.NET Web Api -

-

i developing android application use sql server(database) store application's data. in addition, application use asp web api send , receive xml or json between client , server.

i confused how make application authentication securely , how keep user logged in without need keep sending user's credentials in http requests.

therefore, need recommendation how secure application , provide me tutorial links if possible.

  1. login (username, password shored in basicnamevaluepair) client (here android) access web api controller (perhaps /token if use samples asp.net web api website). if success, access token responsed , save in client (sharedpreference or database)
  2. then, need send access token (no need username, password anymore) request other api controllers.

of course, https should used here better security.

sample codes getting access token (login phase):

public static object getaccesstoken(string address, string grant_type, string username, string password) throws exception {     list<namevaluepair> params = new arraylist<>();     params.add(new basicnamevaluepair("grant_type", grant_type));     params.add(new basicnamevaluepair("username", username));     params.add(new basicnamevaluepair("password", password));      // making http request     httpresponse = makehttprequest(address, params);     if (httpresponse != null) {         statuscode = httpresponse.getstatusline().getstatuscode();         if (statuscode != httpstatus.sc_ok && statuscode != httpstatus.sc_bad_request) {             return httpresponse.getstatusline().tostring();         }          // json string (jsonstring) input stream (is)         getjsonfrominputstream();         if (jsonstring.isempty()) {             return null;         }         // parse json string json object         jobj = new jsonobject(jsonstring);     }     // return json object     return jobj; }

inside makehttprequest, request access token:

httppost.setheader("content-type", "application/x-www-form-urlencoded"); httppost.setentity(new urlencodedformentity(parameters));

Comments

Post a Comment

Popular posts from this blog

c# - Better 64-bit byte array hash -

-
i need hash algorithm produces 64-bit hash code ( long ) fewer collisions string.gethashcode() , fast (no expensive calls cryptographic functions). here's implementation of fnv still shows 3% of collisions after testing 2 million random strings. need number way lower. void main() { const string chars = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz!#@$%^&*()_+}{\":?><,./;'[]0123456789\\"; const int n = 2000000; var random = new random(); var hashes = new hashset<long>(); int collisions = 0; for(int = 0; < n; i++) { var len = random.next(chars.length); var str = new char[len]; (int j = 0; j < len; j++) { str[j] = chars[random.next(chars.length)]; } var s = new string(str); if(!hashes.add(get64bithash( s ))) collisions++; } console.writeline("collision percentage after " + n + " random strings: " + ((doubl
Read more

webrtc - Which ICE candidate am I using and why? -

-
[questions in bold below] i have setup kurento media server 5.1.3 in datacenter behind firewall running os ubuntu 14.04. has 2 network cards: 222.222.222.222 (eth0 - private ip) 111.111.111.111 (eth1 - public ip) attached below sdp (setremotedescription) when browser connected kurento media server type: answer, sdp: v=0 o=- 5487318114793304426 0 in ip4 0.0.0.0 s=kurento media server c=in ip4 0.0.0.0 t=0 0 a=group:bundle audio video m=audio 59068 rtp/savpf 111 0 c=in ip4 111.111.111.111 a=rtpmap:111 opus/48000/2 a=rtpmap:0 pcmu/8000 a=sendrecv a=rtcp:59068 in ip4 111.111.111.111 a=rtcp-mux a=ssrc:669011897 cname:user39019747@host-6e83e4c2 a=extmap:3 http://www.webrtc.org/experiments/rtp-hdrext/abs-send-time a=mid:audio b=as:20 a=ice-ufrag:ymdk a=ice-pwd:lylifk5ueqzpwm91ddj37e a=fingerprint:sha-256 ff:0f:81:8c:41:4e:b4:b6:c6:d8:36:f3:d6:5f:09:fd:5f:af:13:b3:9d:fc:12:66:ac:f3:56:d6:5b:0a:73:5d a=candidate:1 1 udp 2013266431 111.111.111.111 55239 typ host a=candidate:2 1 udp
Read more

php - Zend Framework / Skeleton-Application / Composer install issue -

-
i trying create zend framework application using skeleton in netbeans. when run composer install, following error message: "c:\php\php.exe" "c:\composer\composer.phar" "--ansi" "--no-interaction" "update" "--dev" using deprecated option "dev". dev packages installed default now. loading composer repositories package information updating dependencies (including require-dev) requirements not resolved installable set of packages. problem 1 - package requires php >=5.5 php version (5.4.42) not satisfy requirement. problem 2 - installation request zendframework/zendframework 2.5.1 -> satisfiable zendframework/zendframework[2.5.1]. - zendframework/zendframework 2.5.1 requires php >=5.5 -> php version (5.4.42) not satisfy requirement. done. apparently, zend framework only needs php 5.3+ contradicts above. need use php 5.4. my composer.json following: { "name": "
Read more