Hi,
I am trying to add online appointment booking functionality to an existing website which is built using Umbraco. And using a third party web api service to implement this booking functionality. This web-api provider also handles the login part to authenticate the user and returns the XSRF-TOKEN which i need to use(implicitly) to call their other APIs. So far i am able to get this token and add it to DefaultRequestHeaders (inside the same controller)like:
So now the real problem is how to manage/handle this token so the logged user can get authenticated to use other GET, PUT,POST requests?
I'm new to webAPI and MVC authentication so detailed explanation to the solution will be appreciated.
Can you guide me to implement this in a proper way please?
Thanks in advance.
I am trying to add online appointment booking functionality to an existing website which is built using Umbraco. And using a third party web api service to implement this booking functionality. This web-api provider also handles the login part to authenticate the user and returns the XSRF-TOKEN which i need to use(implicitly) to call their other APIs. So far i am able to get this token and add it to DefaultRequestHeaders (inside the same controller)like:
C#:
public class AccountController : SurfaceController
{
HttpClient client;
CookieContainer cookies = new CookieContainer();
string token;
public AccountController()
{
HttpClientHandler handler = new HttpClientHandler();
handler.CookieContainer = cookies;
client = new HttpClient(handler);
client.BaseAddress = new Uri("url");
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new
MediaTypeWithQualityHeaderValue("application/json"));
}
public async Task<bool> ValidateLogin(LoginModel model)
{
HttpResponseMessage responseMessage = await client.PostAsJsonAsync("url", model);
Uri uri = new Uri("url");
IEnumerable<Cookie> responseCookies = cookies.GetCookies(uri).Cast<Cookie>();
token = responseCookies.FirstOrDefault(x => x.Name == "XSRF-TOKEN").Value;
if (!String.IsNullOrWhiteSpace(token))
{
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("X-XSRF-TOKEN", token);
client.DefaultRequestHeaders.Add("X-XSRF-TOKEN", token);
return true;
}
return false;
}
public async Task<ActionResult> GetUserDetails()
{
HttpResponseMessage responseMessage = await client.GetAsync("url");
if (responseMessage.IsSuccessStatusCode)
{
MyViewModel model = new MyViewModel();
var responseData = responseMessage.Content.ReadAsStringAsync().Result;//Getting an unauthorised response back here since the token is not handled as required
model.UserDetails = JsonConvert.DeserializeObject<MyViewModel>(responseData);
model.Appointments = await GetAppointmentsByUser();
return PartialView("_UserDetails", model);
}
return CurrentUmbracoPage();
}
private Task<object> GetAppointmentsByUser()
{
//Code
}
I'm new to webAPI and MVC authentication so detailed explanation to the solution will be appreciated.
Can you guide me to implement this in a proper way please?
Thanks in advance.
Last edited by a moderator: