Hans Karlsen (talk | contribs) m (Hans moved page Logging in with code to Log in with code: Confused spelling) |
Hans Karlsen (talk | contribs) No edit summary |
||
| Line 30: | Line 30: | ||
} | } | ||
} | } | ||
When we expose Rest Services we now also check for the common basic authentication in the "Authentication" header of the request. The standard says that you can send "basic user:pwd" but user user:pwd must be base64 coded. | |||
When you use the selfVM.RestGet etc methods you can supply a user and pwd and if set we will add these as a basic auth header for simplicity. This makes it very easy to communicate securely between turnkey apps - but also with most other available rest-implementations. | |||
Revision as of 12:48, 30 August 2019
Turnkey use MVC for the login form. This form make use of the __RequestVerificationToken that helps MVC avoid attacks where an old posted form is used again.
You will need to supply a valid RequestVerificationToken when logging in from code.
The easiest way to get a valid RequestVerificationToken is to screen scrape it from the login page.
The code below download the Login page, finds the RequestVerificationToken.
Then the code make a post with the needed parameters for login including the screen scraped __RequestVerificationToken
private void Button_Click_1(object sender, RoutedEventArgs e)
{
var client = new HttpClient();
var loginform = client.GetAsync("https://raptor3ny/TurnkeyWebAppGeneric/Account/Login").Result;
var loginformcontent = loginform.Content.ReadAsStringAsync().Result;
var part1=loginformcontent.Substring(loginformcontent.IndexOf("<input name=\"__RequestVerificationToken\""), 1000);
part1 = part1.Substring(part1.IndexOf("value="));
part1 = part1.Substring(part1.IndexOf('"') + 1);
part1 = part1.Substring(0,part1.IndexOf('"'));
var content = new MultipartFormDataContent();
content.Add(new StringContent("hans@karlsen.se"), "EMail");
content.Add(new StringContent("123456"), "Password");
content.Add(new StringContent("false"), "RememberMe");
content.Add(new StringContent(part1), "__RequestVerificationToken");
var result = client.PostAsync("https://raptor3ny/TurnkeyWebAppGeneric/Account/Login", content).Result;
if (result.StatusCode == System.Net.HttpStatusCode.OK)
{
// Login successfull
}
}
When we expose Rest Services we now also check for the common basic authentication in the "Authentication" header of the request. The standard says that you can send "basic user:pwd" but user user:pwd must be base64 coded.
When you use the selfVM.RestGet etc methods you can supply a user and pwd and if set we will add these as a basic auth header for simplicity. This makes it very easy to communicate securely between turnkey apps - but also with most other available rest-implementations.