A4.01 Security: Authentication (Wpf) - chempkovsky/CS2WPF-and-CS2XAMARIN GitHub Wiki

Security has two aspects: Authentication and Authorization

Authentication

Authentication implemented using OAuth 2.0 Bearer Token Usage. Executing 00000-ContextLevelBatch.json generates a basic ready to use implementation of such authentication. Please consult 12,13,14 and 15 articles to clarify how to use "ContextLevelBatch"-script.

  • Authentication consists of:
    • CommonServicesPrismModule\AppGlblLoginSrvc\AppGlblLoginService.cs to call backend Web Api services
    • CommonServicesPrismModule\AppGlblSettingsSrvc\AppGlblSettingsService.cs to hold Bearer Token which is returned after login. (It's AuthInfo-property and UserName-property)
    • CommonServicesPrismModule\AppGlblSettingsSrvc\AppGlblSettingsService.cs to define http headers for other requests to backend services. (It's getAuthInfoHeader()-method)
    • CommonServicesPrismModule\UserControls\ChngpswdUserControl.xaml-page to change password
    • CommonServicesPrismModule\UserControls\LoginUserControl.xaml-page to login
    • CommonServicesPrismModule\UserControls\LogoutUserControl.xaml-page to logout
    • CommonServicesPrismModule\UserControls\RegisterUserControl.xaml-page to register
    • `PrismDemoApp\Views\MainWindow.xaml' application component which has global menu item

picture

Bearer Token usage note:

CommonServicesPrismModule\AppGlblSettingsSrvc\AppGlblSettingsService.cs-service is available to any generated component and service. For instance:

    public class LitCountryViewService: ILitCountryViewService
    {
        protected IAppGlblSettingsService appGlblSettings = null;
        protected string serviceUrl = null;
        protected HttpClient client = null;
        public LitCountryViewService(IAppGlblSettingsService agstt) {
            this.appGlblSettings = agstt;
            this.serviceUrl = this.appGlblSettings.GetWebApiPrefix("LitCountryView") + "litcountryviewwebapi";
            this.client = this.appGlblSettings.Client;
        }

On the other hand, AppGlblSettingsService resets "Authorization" after each login and logout operation:

public dynamic AuthInfo
        {
            get
            {
                return _AuthInfo;
            }
            set
            {
                if(_AuthInfo != value)
                {
                    _AuthInfo = value;
                    if(_AuthInfo == null)
                    {
                        Client.DefaultRequestHeaders.Authorization = null;
                    } else if ((AuthInfo.token_type == null) || (AuthInfo.access_token == null))
                    {
                        Client.DefaultRequestHeaders.Authorization = null;
                    } else
                    {
                        Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(AuthInfo.token_type, AuthInfo.access_token);
                    }
                }
            }
        }