问题
I was thinking in develop a mobile app, integrated with and old Web App.
My first idea is use PhoneGap (with the new support on VS 2013) and REST WebApi Service.
The idea is to have my web app with registration, login, etc (using ASP.NET Identity). And the Mobile app with registration, login, etc (using a wrapper or something like ASP.NET Identity with token authentication) Basically mirror the functionality of the web app on my mobile app (only with the authentication and authorization differences).
So far so good.
But searching on the net I don't find any good example to integrate with my asp.net identity module. At the moment I know the mobile App's doesn't support cookie, so the idea is use the "token authentication". But I cannot find a good example to implement this and complement with my web app user database.
There is a tutorial or sample project like my requirement? And what is the best approach to develop this?
Thanks in advance.
回答1:
I have come across this exact scenario, but I chose to build the client using Xamarin for iOS. I am assuming you want some hands-on examples, so here they are:
1. Persisted storage for Accounts on the Mobile App
https://components.xamarin.com/view/xamarin.auth
2. The Client Wrapper (make this a Portable Class Library)
https://github.com/nbusy/NBusy.SDK/tree/master/src/NBusy.Client
Basically, when you login, the AccountStore keeps the token (whatever kind you are using on the server side for the API, i.e. Basic Authentication, Bearer Token, etc.) on a local encrypted storage and it is used by the Client PCL on every call made to the API.
I have the full working solution for this but I cannot make it public. I hope these hints will help you towards finding the right solution.
回答2:
You could also go the native route. Make custom cordova plugins that you marhshal your api calls through.
http://cordova.apache.org/docs/en/3.5.0/guide_hybrid_plugins_index.md.html#Plugin%20Development%20Guide
Your native code would then make any necessary adjustments to the headers collection before sending the request.
android:
DefaultHttpClient client = new DefaultHttpClient();
HttpPost httpPost = new HttpPost("[your-api-url]");
httpPost.setHeader("[header-name]", "[header-value]");
HttpReponse httpReponse = client.execute(httpPost);
InputStream reponseInputStream = httpReponse.getEntity().getContent();
iOS:
NSMutableURLRequest* request = [[[NSMutableURLRequest alloc] initWithURL:url] autorelease];
[request addValue:@"[header-name]" forHTTPHeaderField:@"[header-name]"];
回答3:
I have used Asp.net as the server side and Phonegap as the client side for several times. Firstly, you're correct, You could not use cookie in Phonegap APP. Phonegap provides something else to store the local data. How to store local data in Phonegap
There are usually 2 ways to implement authentication as for my experience.
1 As mentioned by Marcin:
Post the input login data to server->Server sends back a Token key(available for a period of time)->Store the token key somewhere(such as localstorage,websql)->Post the Token next time for authentication
2 Oauth mode:
When a user click login button, a window pops up. In the window, it's one link of you existing site. You could input your login information in this window(not in Phonegap app but actually in the page of your site). If valid, the window will get a url which with token key back to you(such as "abc.com?token=a2E4w"). Pass the token as a parameter of each your API and check if it is valid in every request. To store the Token key, you could use the thing mentioned in point 1.
Note that the second point will be more safe I think because "the login information" and "the input action" both happen out of Phonegap app.
来源:https://stackoverflow.com/questions/24759150/mobile-app-authentication-and-authorization-with-asp-net