Auto log On using Basic Authentication to site (Sharepoint 2010)

Hello everyone, I am looking to use appery.io with the likelihood purchasing one of the upgraded plans but am wondering if it is possible to do the following:

The app will have links to various pages in our site which uses basic authentication and I would like the user to be automatically logged in to the site when the user click on a link in the app based on some stored credentials. I see that it is possible to authenticated over using a simple link or rest service to https://username:password@, but is there a more secure way? I saw the post http://devcenter.appery.io/documentat... but am having trouble figuring out how that ties in with the documentation provided so any help in emplementing this would be greatly appreciated. Also what would be the best way to store the credentials locally so the user does not need to enter them in every time they use the app and click on a link to our site. (site is sharepoint 2010 based). Thank you in Advanced
1 person has
this question
+1
This topic is no longer open for comments or replies.
  • Hello.

    Yes, you can store your user credentials in LSV(local storage value) please see more about LSV here: http://www.w3schools.com/html/html5_w...

    But the way you found to pass credentials is not good fit for you. Cause of that's just a rest service calling. And you have links to your own site.

    So we can suggest you to pass "https://username:password@" through links to your web site.

    Regards.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated happy, confident, thankful, excited indifferent, undecided, unconcerned kidding, amused, unsure, silly

  • Thanks, would you happen to have any additional resource information on how I would utilize basic authentication with crypto-js, based on your example here http://devcenter.appery.io/documentat...

    or is that not even applicable to my situation.

    I would like to prompt user for U:P once store it locally using the LSV method you linked to, then pass those credentials to getAuth function oulined in your example which when then pass the header information over to the website to authenticate the user to the site. Once authenticated I assume that I can use simple links (no credentials included in url) over to our site without the user being prompted every time.

    Thanks for your help in advanced
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated happy, confident, thankful, excited indifferent, undecided, unconcerned kidding, amused, unsure, silly

  • Hi Cpos.

    It's easy to use basic autentification with appery.io

    In accordance to RFC http://tools.ietf.org/html/rfc2617 when basic auth need request should have "Authorization" header.

    So there is no "login" request. You can accept to any web page/resource with basic auth.

    Please follow these steps to implement basic autentification to your web resource:

    1 Open "App settings". Navigate to "External resources" and add following url: http://prntscr.com/3lodbi/direct



    http://crypto-js.googlecode.com/files/2.5.3-crypto-min.js



    2 Create new JS asset. And fill it with following JS. http://prntscr.com/3loeg6/direct



    function getAuth() {
    //You should replace "user:password" string with your values.
    var bytes = Crypto.charenc.Binary.stringToBytes("user:password");
    var base64 = Crypto.util.bytesToBase64(bytes);
    return "Basic " + base64;
    }



    3 Create REST service. And call it "getInfoWithBasic".

    4 Set "getInfoWithBasic" with following settings(see screen shot):

    http://prntscr.com/3lofgx/direct

    5 Navigate to "Request" tab and add "Authorization" parameter. Check "Header" option: http://prntscr.com/3log6e/direct

    6 Add datasoruce with service "getInfoWithBasic" on the "data" tab of the page and call it "getInforWithBasicDataSource". http://prntscr.com/3lohdb/direct

    7 Click "Edit Mapping". Open "Request tab" and click "Add JS" on "Authorization" field. http://prntscr.com/3lohqp/direct

    8 JS Editor will appear. Populate it with following code: http://prntscr.com/3loi5k/direct



    return getAuth();



    9 Open "EVENTS" bottom panel. And add "Complete" event handler to your datasource. And populate it with following code: http://prntscr.com/3lok18/direct



    //This is just a test code that's show you response from the server.

    console.log("Response from server with basic auth = " + jqXHR.responseText);

    alert("Response from server with basic auth = " + jqXHR.responseText);



    10 Add button to the page. And set "Click" event handler with action -> invoke service "getInforWithBasicDataSource". http://prntscr.com/3lokr4/direct

    11 Run your app on this page in chrome browser. And open "net" tab of browser debuger.

    12 Click on Button. And you will get the alert with server response. http://prntscr.com/3loljj/direct

    13 Close alert and open request in "Net" tab of the debugger. http://prntscr.com/3lomhv/direct

    That's all.

    Regards.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated happy, confident, thankful, excited indifferent, undecided, unconcerned kidding, amused, unsure, silly

  • I’m thankful
    Thanks for the help.

    One thing I dont understand is how do get the response to instead open up a browser window (inAppBrowserService, window.open _blank) instead of the jqXHR.ResponseText?

    Also would it be possible to have one service that accepted multiple URLs as well have a way to pass the Username:Pass to the JS string from LSV(local storage values)? I apologize for all of the questions just trying to get a handle on this

    Ideally, if possible, I would like the app to authenticate in the background (using LSV U:P) and then simply have https links over to the various pages (same domain) that open up in an inAppBrowser window already authenticated in for that session.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated happy, confident, thankful, excited indifferent, undecided, unconcerned kidding, amused, unsure, silly

  • Hi Cpos.

    1. Sorry but your first question is not clear.

    When you use service you have "success" and "complete" event handlers.
    Inside these handlers you can access "data" and "xhr" variables respectively.

    2. Yes you can change dynamically URL of the service. Just add to the part of the url "{parameterName}" and then pass this parameter in the service.

    Please take a look here for details: http://devcenter.appery.io/documentat...

    Note: you don't need to pass "Username:Pass" in to the URL. Cause of these credentials sends via "Authorization" header. Please read again previous message. If you don't understand something don't hesitate to ask about it.

    3. Yes, it should be possible. But i guess you don't have to use inappbrowser for these goals. Just service which is get token. And then use this token in other services.

    Please start to develop this authorization processing. And if you would have any problems we will help you just ask it.

    Regards.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated happy, confident, thankful, excited indifferent, undecided, unconcerned kidding, amused, unsure, silly