2

I have an android app that have a login form for student, and I want to check the student credential at web api depending on the stored data in sql server

I have searched the web and watch many videos that talking about many scenarios and nothing helped me.

All I want is a custom validation for my rest service (so I should send the credential for each request)

  • What should I do at asp.net web api service
  • how I can implement that at android application
asked Oct 2, 2014 at 15:08

2 Answers 2

3

Seems you didn't search for "Web API Token Based Authentication" ;) Anyhow what you need to implement is very simple. You need to use OAuth 2.0 Resource Owner Credentials Flow which means that you want to provide the username/password only once for a specific endpoint i.e(/token) and then you if the username/password valid you obtain something called Bearer Access Token. This token is valid for specified period and you can configure this in your Web API. Once you obtain the access token, you need to store it securely in your android app, then you keep sending it with each request to your web api protected end points using the Authorization header (Bearer scheme(. I've written very detailed post which covers your scenario 100%. Please check the post Token Based Authentication and let me know if you need further help.

answered Oct 4, 2014 at 0:08
Sign up to request clarification or add additional context in comments.

Comments

1

I have used basic authentication for security,so I should provide the base64 encoding of

username:password

in header for each request as the following

authorization: Basic 'encoded username:password

 httpGet.setHeader("Authorization", "Basic "+encodeUsernameAndPassword());

At the server side I have implemented message handler 

public class BasicAuthenticationHandler : DelegatingHandler
 {
 public readonly IAuthenticationService authService;
 public BasicAuthenticationHandler(IAuthenticationService service)
 {
 this.authService = service;
 }
 protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
 {
 AuthenticationHeaderValue authHeader = request.Headers.Authorization;
 if (authHeader == null || authHeader.Scheme != "Basic")
 {
 return Unauthorized(request);
 }
 string encodedCredentials = authHeader.Parameter;
 var credentialsBytes = Convert.FromBase64String(encodedCredentials);
 var credentials = Encoding.ASCII.GetString(credentialsBytes).Split(':');
 if (!authService.Authenticate(credentials[0], credentials[1]))
 {
 return Unauthorized(request);
 }
 string[] roles = null;//todo
 IIdentity identity = new GenericIdentity(credentials[0], "Basic");
 IPrincipal user = new GenericPrincipal(identity, roles);
 HttpContext.Current.User = user;
 return base.SendAsync(request, cancellationToken);
 }
answered Oct 7, 2014 at 16:40

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.