|
I'm fiddling with a small (very) web project that has a database, web api and client projects (Razor pages and later android using Xamarin).
Web API to database is secured by sql server authentication (userid and password)
I'm struggling to decide where the user authentication should be done.
Should the client pass the details to the API and get it authenticated or should the client get the user data from the API and do the do the authentication at the client?
Should the client use a web token or the user credentials to communicate to the API?
Enlightenment would be appreciated.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
Authentication needs to happen in the API, not the client. Otherwise, a rogue client could call the API and claim to be authenticated without actually authenticating.
The client should pass the user's credentials to the authentication endpoint, which should return an authentication token. All subsequent requests from the client should include that authentication token.
This article is for ASP.NET Core, but the flow should be similar for any back-end:
Secure your ASP.NET Core 2.0 API (part 1 - issuing a JWT)[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks for the link Richard.
[edit]
Excellent, succinct article on JWT and exactly what I was looking for (I have already done most of this but the article clarified the requirement nicely). Another link added to my codebase. Thank you.
[/edit]
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
modified 17-May-19 19:41pm.
|
|
|
|
|
hi i am new to html,
i would like to ask in regards to button position in line
eg:
.square{
height: 50px;
width: 50px;
background-color: powderblue;
}
<div class="board-row">
<button class="square">a</button>
<button class="square">
</button><button class="square"></button>
</div>
for the above simple code snippet, the button top is always not aligned whenever the button have no content.
why is this so? and how do i fix this?
|
|
|
|
|
Add vertical-align to your CSS rule to fix the problem.
.square {
height: 50px;
width: 50px;
background-color: powderblue;
vertical-align: top;
}
Original: Edit fiddle - JSFiddle[^]
Fixed: Edit fiddle - JSFiddle[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I just created a really simple Asp.Net Web API. I created it by using the Empty template with 'Web API' checked.
I then added a controller called Test with this in it:
[HttpGet]
public string Test()
{
return "Server is running";
}
I then run it and Chrome opens to http://localhost:49970. So far so good. I the enter http://localhost:49970/API/Test/Test in the browser and get
<Error>
<Message>
No HTTP resource was found that matches the request URI 'http://localhost:49970/API/Test/Test'.
</Message>
<MessageDetail>
No type was found that matches the controller named 'Test'.
</MessageDetail>
</Error>
What's wrong here???
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
The default API routing uses the HTTP method, not the action name. Try removing the final "Test" from the URL: http://localhost:49970/API/Test/
You can add extra routes to use the action name if you want:
routes.MapHttpRoute(
name: "ActionApi",
routeTemplate: "api/{controller}/{action}/{id}",
defaults: new { id = RouteParameter.Optional }
);
Routing in ASP.NET Web API | Microsoft Docs[^]
Alternatively, you could use attribute routing:
Attribute Routing in ASP.NET Web API 2 | Microsoft Docs[^]
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
We are building a site that has some text with parallax effect and the client wants us to duplicate the pixel size on the PSD she gave us. I was telling the team captain that we need to use Rem or CSS calc as it is not maintaining the same relative shape and positioning. The PSD shows 70px and the website shows 70px but it's not the same and they are not satisfied. Any ideas? It's wp with Jupiter x Theme.
|
|
|
|
|
I'm trying to render JUST a partial view (without re-rendering the entire page) in the existing page when I click a link.
I have the following in my home controller:
public ActionResult AppInfo()
{
return View();
}
public ActionResult AppInfoAbout()
{
return PartialView("_About");
}
public ActionResult AppInfoContact()
{
return PartialView("_Contact");
} I have the following in my AppInfo.cshtml
<!--
<div style="display:flex;flex-direction:row;">
<div style="width:150px;">
<a href="@btnLinkAbout" class="btn btn-primary aef-app-info about-btn">@aboutBtnText</a>
<br/>
<a href="@btnLinkContact" class="btn btn-primary aef-app-info contact-btn">Contact Us</a>
</div>
<div style="width:850px;">
<div id="siteInfoContent" >
<span>Click one of the buttons at the left of this box to view the associated content.</span>
</div>
</div>
</div> This is the jquery I'm using:
<script>
$('.aef-app-info').on('click', function(evt) {
evt.preventDefault();
evt.stopPropagation();
var $contentDiv = $('#siteInfoContent'),
url = $(this).data('url');
$.get(url, function(data) { $contentDiv.html(data); });
});
</script> If I run it with the javascript as presented, it renders the entire AppInfo view (without the selected partial view) in the siteInfoContent div. If I comment out evt.preventDefault(); , it renders just the desired content as if it were a whole new page.
What am I doing wrong?
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
I didn't know you can do with partial views in MVC.
I was curious so I looked around the internet and found this. Seems like a lot of work to get up and running.
Revisiting Partial View Rendering in ASP.NET MVC - Simple Talk
I would look at the script first. Double check your Url to make sure it's valid, then place a breakpoint in the controller and make sure it hits, then print the results to the console with console.log(response); . You may have to stringify the result to get it to print.
You can hit F12 in your browser and select console to view error messages (console.log) or network to view http request to help figure it out.
function d(id) {
var url = $(this).data('url');
$.post(url, { id: id })
.done(function (response) {
$("#siteInfoContent").html(response);
});
without an Id in the query string request
function d(id) {
var url = $(this).data('url');
$.post(url)
.done(function (response) {
$("#siteInfoContent").html(response);
});
And then check your CORS policy if you get a Http 404, permission denied.
If it ain't broke don't fix it
Discover my world at jkirkerx.com
|
|
|
|
|
Thanks, I'll look at it again when I get home (I didn't see this until this morning before I left for work).
It would be real handy if I can get this working.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Quote:
<a href="@btnLinkAbout" class="btn btn-primary aef-app-info about-btn">
url = $(this).data('url')
Your script is taking the URL from the data-url attribute on your link. But you don't seem to have a data-url attribute on your link.
I suspect you just want the href attribute instead:
$('.aef-app-info').on('click', function(evt) {
evt.preventDefault();
evt.stopPropagation();
var $contentDiv = $('#siteInfoContent'),
url = this.href;
$.get(url, function(data) { $contentDiv.html(data); });
});
Otherwise, you'll need to add the data-url attribute to your links:
<a href="@btnLinkAbout" data-url="@btnLinkAbout" class="btn btn-primary aef-app-info about-btn">@aboutBtnText</a>
<br/>
<a href="@btnLinkContact" data-url="@btnLinkContact" class="btn btn-primary aef-app-info contact-btn">Contact Us</a>
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
where can i get help to design a customised, kindly advise
ben
|
|
|
|
|
Google
If it's not broken, fix it until it is.
Everything makes sense in someone's mind.
Ya can't fix stupid.
|
|
|
|
|
Can I host my own website with my own computer?
I have a website which I had designed and developed. This website is for employee portal only within my office as well as branch offices. It should be easily accessed by all the employees in different branches office. My website should be running 24/7 in my own computer which acts as a server. There is no IIS or web hosting in my own computer. How to make the website easily access by all the employees including branch employees.
How would I go about doing that?
modified 23-Apr-19 7:46am.
|
|
|
|
|
Running the web server on your own machine is quite possibly the worst idea ever.
If you don't have a static IP at your office, your only real option is a web hosting company.
It sounds to me like you're trying to avoid doing user registration/login stuff.
You can make the site publicly available, and take steps to make sure only desired users can register, or after they register, validate them so they can logon.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
You can use a service like NoIP
https://www.noip.com/support/knowledgebase/getting-started-with-no-ip-com/
I've used them before, it works, but you will need to run web server software of some kind (like IIS).
You will have a lot of work ahead of you in terms of securing it and setting up the infrastructure. Also, you're highly likely to get any data on that computer completely pwned. You have been warned.
Have fun!
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
Eventually, Even I had thought of hosting my own website with the help of my laptop. But, the problem is the system must be on 24/7 with proper network configurations. If at any point of time, you lose the power connection, your website also stops running. What is the point of your website showing a 502 server error while your customer comes into your website?
Suggestion - Invest 2K per Year should not be of a much burden keeping Internet, UPS, Electricity in mind if you wish to host in your own system.
|
|
|
|
|
Okay, try this for size:
We have a flask web app that provides a back-end portal, managing authorisation, user login, resource allocation, other stuffTM.
We have a react dashboard that is used to slash and burn [slice and dice] through data held in Mongo to view results.
The API to read and write the data has been moved into the Flask component, I now want to add the js/react into it.
Has anyone done such stupidity and if so can they point the way out of this maze of twisty little passages, all alike?
veni bibi saltavi
|
|
|
|
|
Is it reasonable to put scripts in the cshtml page. Example I want to include tooltips on most pages and it requires the following script.
<script>
$(document).ready(function () {
$('[data-toggle="tooltip"]').tooltip();
});
</script>
I have placed it in the cshtml page and it works fine.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
Not sure, but it seems to be not reasonable at all... Imagine, you may want to use view, which does not need such of script...
I'd follow MSDN documentation, which states that it's better to use Sections.
So, in a layout:
@RenderSection("Scripts", false)
In a view:
@section Scripts {
<script type="text/javascript">
</script>
}
|
|
|
|
|
I found out why you don't put in the cshtml file - debug gets stuck on it and repeats for each page you have visited. It now resides in a Section at the end of each page.
Never underestimate the power of human stupidity -
RAH
I'm old. I know stuff - JSOP
|
|
|
|
|
I have two script partial views and a styles partial view.
_TopOfLayoutScripts.cshtml contains the standard framework scripts, such as jquery and jqeury-ui.
_StylesForLayout.cshtml contains all of the style stuff used throughout the app (bootstrap, jquery-ui and other stuff)
_BottomOfLayoutScripts.cshtml contains scripts that can be put at the bottom of the layout file (things that happen after the page has loaded).
This lets me restrict meddling to reasonably named files, AND allows me to use these partial views in additional layout pages. My main layout page has maybe 30 lines in it, and I haven't touched it in months.
".45 ACP - because shooting twice is just silly" - JSOP, 2010 ----- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010 ----- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
Thanks - had similar question.
|
|
|
|
|
Fatal error: Uncaught Error: Call to a member function prepare() on null in C:\xampp\htdocs\gco\core\classes\user.php:16 Stack trace: #0 C:\xampp\htdocs\gco\includes\login.php(15): User->login('rahul@yahoo.com', 'password') #1 C:\xampp\htdocs\gco\index.php(66): include('C:\\xampp\\htdocs...') #2 {main} thrown in C:\xampp\htdocs\gco\core\classes\user.php on line 16
this error happens in these line of code =
public function login($email,$password){
$stmt = $this->pdo->prepare("SELECT 'user_id' FROM 'users' WHERE 'email'=:email AND 'password'=:password");
$stmt->bindParam(":email",$email,PDO::PARAM_STR);
$stmt->bindParam(":password",md5($password),PDO::PARAM_STR);
$stmt->execute();
i dont have any idea why this happen in these lines of code.
modified 16-Apr-19 2:54am.
|
|
|
|