Reputation: 2670
Starting Session through Ajax
I have developed a data monitoring portal for my corporation developed on ASP.NET MVC 4 (I will call it Portal A). We have an arrangement with another company to integrate this data monitoring portal with the company's own online portal (say Portal B).
Now they want to use some of the user interface of Portal A, which will save them time developing their own UI in Portal B. The two portals interact with a WebApi integrated in my portal (Portal A) that furnishes the required data to Portal B. Portal A and Portal B have their own independent data apart from the login credentials of admins. Both databases contain the exact copy of the other.
Both Portal A and Portal B use variables in Session scope. The problem is that; say a user logs into Portal B, now I want to create a session in Portal A using the credentials coming through Portal B via Ajax so the user don't have to login to Portal A again. I gave a shot via WebApi / Ajax.
I have created an API in Portal A just for this purpose:
[RoutePrefix("monitoring/auth")]
public class UserCheckController : ApiController
{
[EnableCors("*", "*", "*")]
[Route("login/{username}/{password}/{token}")]
[System.Web.Http.HttpGet]
public User UserLogin(string username, string password, string token)
{
User login = new User();
login.UserName = username;
login.Password = password;
if (ValidateUser(login, token) == true)
{
HttpContext.Current.Session[SessionName.UserObject] = login;
HttpContext.Current.Session[SessionName.CurrentToken] = token;
return login;
}
return null;
}
}
My jQuery code which calls this api is as follows:
$.ajax({
url: 'http://localhost:4004/monitoring/auth/login/Scott/tiger/THISISATOKEN',
type: 'GET',
contentType: 'application/json',
success: function (data) {
console.log("Login successfull");
console.log(data);
}
});
When I call the api via Ajax, I have seen in Debug mode that the variable is being assigned to the session and I get the data object JSON in console.
I have another function in the same API which checks the user's existence the code follows:
[EnableCors("*", "*", "*")]
[Route("isalive/{userId}/{username}/{token}")]
[System.Web.Http.HttpGet]
public bool IsAlive(int userId, string username, string token )
{
User user = HttpContext.Current.Session[SessionName.UserObject] as User;
string _token = HttpContext.Current.Session[SessionName.CurrentToken].ToString();
if (user == null)
{
return false;
}
return (id == user.UserId&& user.UserName.Equals(username) && _token.Equals(token));
}
jQuery:
$.ajax({
url: 'http://localhost:4004/monitoring/auth/isalive/97/Scott/THISISATOKEN',
type: 'GET',
contentType: 'application/json',
success: function (data) {
console.log("Checking for Session");
console.log(data);
}
});
The result comes out as false, because the user is null. I cannot access the session data created by the previous ajax. Is there a way to retain a session in Portal A between AJAX/WebApi and browser.
What is the best approach to solving this?
Upvotes: 2
Views: 397
Answers (2)
Reputation: 6136
It sounds like you're talking about a single sign-on solution. This is usually achieved with a federated authentication mechanism like OAuth, where the user authenticates with a service and in return is given a bearer token, this bearer token can then be replayed to the service that issued it to assert the validity of the users credentials.
In the scenario you describe, portal B would issue a token (perhaps an encrypted username) to the client in response to a successful login attempt. The client using Portal B would then supply that token in calls to Portal A, Portal A would then present that token to Portal B via server-to-server call to test the validity of the token, and begin an authenticated session.
I should add that a real-world OAuth implementation entails a little more complexity than is described here and there are a number of associated security concerns.
Upvotes: 3
Reputation: 1
to ensure the session variable can be accessed, session_start() must be declared at files that are called, and the file triggers
Upvotes: 1
Related Questions
- session in asp.net
- How to access session variable in asp.net mvc?
- session cleared on second ajax call
- How to use session in apicontroller in asp.net mvc 4
- Populate a Session Variable directly through AJAX in .NET MVC
- Using Ajax method call in Asp.net application
- Keep ASP.Net session alive during Ajax calls
- Session state with jQuery/Ajax and ASP.NET web service
- Access to session when making ajax call to Asp.net MVC action
- ASP.NET MVC Session using jQuery