A4.02 Security: Authentication (Xamarin) - chempkovsky/CS2WPF-and-CS2XAMARIN GitHub Wiki
Security has two aspects: Authentication and Authorization
Authentication
Authentication implemented using JwtBearer Bearer Token. Executing "00000-ContextLevel...Batch.Xamarin.json" -- "00050-ContextLevel...Batch.Xamarin.json" generates a basic ready to use implementation of such authentication. Please consult 12,13,14 and 15 articles to clarify how to use "ContextLevelBatch"-script.
- Authentication consists of:
CommonServicesPrismModule\AppGlblLoginSrvc\AppGlblLoginService.cs
to call backend Web Api servicesCommonServicesPrismModule\AppGlblSettingsSrvc\AppGlblSettingsService.cs
to hold Bearer Token which is returned after login. (It'sAuthInfo
-property andUserName
-property)CommonServicesPrismModule\AppGlblSettingsSrvc\AppGlblSettingsService.cs
to define http headers for other requests to backend services. (It'sgetAuthInfoHeader()
-method)CommonServicesPrismModule\Views\ChngpswdUserPage.xaml
-page to change passwordCommonServicesPrismModule\Views\LoginUserPage.xaml
-page to loginCommonServicesPrismModule\Views\LogoutUserPage.xaml
-page to logoutCommonServicesPrismModule\Views\RegisterUserPage.xaml
-page to register- `PrismDemoApp\Views\MainFlyoutPage.xaml' application component which has ready to use menu items:
Bearer Token usage note:
CommonServicesPrismModule\AppGlblSettingsSrvc\AppGlblSettingsService.cs
-service is available to any generated component and service. For instance:
public class LitCountryViewService: ILitCountryViewService
{
protected IAppGlblSettingsService appGlblSettings = null;
protected string serviceUrl = null;
protected HttpClient client = null;
public LitCountryViewService(IAppGlblSettingsService agstt) {
this.appGlblSettings = agstt;
this.serviceUrl = this.appGlblSettings.GetWebApiPrefix("LitCountryView") + "litcountryviewwebapi";
this.client = this.appGlblSettings.Client;
}
On the other hand, AppGlblSettingsService resets "Authorization" after each login and logout operation:
public IBearerTokenModel AuthInfo
{
get
{
return _AuthInfo;
}
set
{
if(_AuthInfo != value)
{
_AuthInfo = value;
if(_AuthInfo == null)
{
Client.DefaultRequestHeaders.Authorization = null;
} else if ((AuthInfo.token_type == null) || (AuthInfo.access_token == null))
{
Client.DefaultRequestHeaders.Authorization = null;
} else
{
Client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(AuthInfo.token_type, AuthInfo.access_token);
}
}
}
}