Log in with code
m (Hans moved page Logging in with code to Log in with code: Confused spelling)
No edit summary
Line 30: Line 30:
       }
       }
     }
     }
When we expose Rest Services we now also check for the common basic authentication in the "Authentication" header of the request. The standard says that you can send "basic user:pwd" but user user:pwd must be base64 coded.
When you use the selfVM.RestGet etc methods you can supply a user and pwd and if set we will add these as a basic auth header for simplicity. This makes it very easy to communicate securely between turnkey apps - but also with most other available rest-implementations.

Revision as of 12:48, 30 August 2019

Turnkey use MVC for the login form. This form make use of the __RequestVerificationToken that helps MVC avoid attacks where an old posted form is used again.

You will need to supply a valid RequestVerificationToken when logging in from code.

The easiest way to get a valid RequestVerificationToken is to screen scrape it from the login page.

The code below download the Login page, finds the RequestVerificationToken.

Then the code make a post with the needed parameters for login including the screen scraped __RequestVerificationToken

   private void Button_Click_1(object sender, RoutedEventArgs e)
   {
     var client = new HttpClient();
     var loginform = client.GetAsync("https://raptor3ny/TurnkeyWebAppGeneric/Account/Login").Result;
     var loginformcontent = loginform.Content.ReadAsStringAsync().Result;
     var part1=loginformcontent.Substring(loginformcontent.IndexOf("<input name=\"__RequestVerificationToken\""), 1000);
     part1 = part1.Substring(part1.IndexOf("value="));
     part1 = part1.Substring(part1.IndexOf('"') + 1);
     part1 = part1.Substring(0,part1.IndexOf('"'));
  
     var content = new MultipartFormDataContent();
     content.Add(new StringContent("hans@karlsen.se"), "EMail");
     content.Add(new StringContent("123456"), "Password");
     content.Add(new StringContent("false"), "RememberMe");
     content.Add(new StringContent(part1), "__RequestVerificationToken");
     var result = client.PostAsync("https://raptor3ny/TurnkeyWebAppGeneric/Account/Login", content).Result;
     if (result.StatusCode == System.Net.HttpStatusCode.OK)
     { 
       // Login successfull
     }
   }

When we expose Rest Services we now also check for the common basic authentication in the "Authentication" header of the request. The standard says that you can send "basic user:pwd" but user user:pwd must be base64 coded.

When you use the selfVM.RestGet etc methods you can supply a user and pwd and if set we will add these as a basic auth header for simplicity. This makes it very easy to communicate securely between turnkey apps - but also with most other available rest-implementations.

This page was edited more than 9 months ago on 03/26/2024. What links here