No announcement yet.
  • Filter
  • Time
Clear All
new posts

  • #16
    Originally posted by fpw23
    Hi Ledifni,

    I am curious how you are handling authentication and authorization. In .Net the standard way to do this is using forms auth cookies and securing individual pages, put if you page is html and using webserivces/rest pages how do you control access to them?


    I'm using ASP.NET Forms Authentication to control access to my web services. The application page itself is HTML, yes, and I don't control access to it. However, it's not really necessary to do so.

    The application page (.html) loads an initial screen that contains no protected resources. In order to load protected resources it has call ASP.NET pages (.aspx) which serve up JSON and/or XML instead of HTML. When XMLHttpRequest attempts to send a request to one of my ASP.NET pages, then if the user is not authenticated the application will receive HTML from the Login.aspx page (which it expects to receive only if the user is unauthenticated).

    Upon receiving the Login.aspx HTML, the application stops what it's doing, asks for a user name and password, and then sends a request to an unprotected ASP.NET page (still .aspx) which performs authentication and returns success or failure. Once the user has been authenticated and the authorization cookie set in the response, requests to protected ASP.NET pages will succeed and, instead of returning the Login.aspx HTML, will return the valid XML or JSON expected by the application, and from then on everything proceeds as usual.

    So login functionality has the following flow:

    1) Load the application page with its linked .js files
    2) Attempt to contact protected .aspx pages for application resources (causing ASP.NET to check authentication)
    2A) Login fails
    a. Prompt for username and password
    b. Send credentials to unprotected .aspx page for authentication
    c. Return to Step 2
    2B) Login succeeds
    a. Proceed to Step 3
    3) Process XML or JSON from protected .aspx pages and run application


    • #17
      Hi ledifni,

      We're curious too - to handle unauthenticated access, including timed-out sessions, did you use SmartClient's support for Relogin or roll your own approach?


      • #18
        Originally posted by Isomorphic
        Hi ledifni,

        We're curious too - to handle unauthenticated access, including timed-out sessions, did you use SmartClient's support for Relogin or roll your own approach?
        I used the Relogin feature. The basic principle is the same whether you use Relogin or not (basically, you either get the expected data in the response, an error, or a redirected "login required" response, and then your code reacts appropriately), but the built-in support saved me a lot of coding time. Thanks for that neat little feature, by the way :)


        • #19
          Generic Handlers (.ashx files) in .NET

          Hi everyone,

          I'm a .NET/SQL Server web developer, and I'm just getting started with Smartclient. It's EXACTLY what I've been looking for as a SOA alternative to "the evils" of server-side presentation code. I always implement all of my business logic in stored procedures (like in Oracle apps), and therefore I have little use for a "web tier" written in Java, PHP, or C#.

          I wanted to point out to anyone who might be interested that you don't need to use .aspx files with Smartclient. The beauty of REST and Smartclient is that they eliminate the need for any .aspx at all. To implement RESTful apps in .NET, I'm going to use .ashx files to return XML or JSON instead of .aspx files. This will greatly-reduce the amount of code I have to host and deal with on the web server. In fact, I believe that I'm only going to need one small page of C# code in a .ashx file to do what I want to do.

          Over the coming weeks I will be setting up my "thin-tier" architecture that enables Smartclient to communicate "almost-directly" with SQL stored procedures using JSON and XML. My goal is to minimize code running on the web server, and I'm convinced that Smartclient with AJAX will be the key.

          I will share my code with others here and I appreciate any related feedback or ideas that others might have. This is going to be my "dream" web architecture. No C#, Java, or PHP required, only Smartclient JS and SQL.

          Ron Hudson MCSD, MCDBA
          Huntington Beach, CA


          • #20
            Hi Ron

            Right now, I am using SmartClient against ASMX web services (using C#) against a SQL server 2005 back-end. This works pretty much "out of the box" with Smart Client but I am extremely interested in the approach you have outlined as I too would like to use a more RESTfull approach and utilise JSON as opposed to XML.

            Please keep me posted and feel free to contact me anytime should you wish to discuss any aspect of either approach.

            Best regards



            • #21
              WSDL vs JSON vs REST

              I'm still confused ... which to use
              I looked at asmx webservices and still having trouble to get it to work. Does anyone have a working example with webservice with all operations implemented.

              What are the advantages of using JSON with aspx or REST .. ?


              • #22
                Hi everyone,

                I've gone thru the Data Integration demo, wondering how SmartClient communicate with .NET and database server to perform the Fetch, Add, Update, and Remove operations.

                Can someone share/post the source code here.

                Thank you.



                • #23
                  Just implement an handler that processes the RESTDataSource requests and returns the required data format (either JSON or XML). Or hook up to existing WSDL web services.


                  • #24

                    I came across this post - I think some of the controls are amazing. The 3rd party controls I've used have all been server side, which has abstracted away the likes of JSON, REST, web services and the like.

                    I'd love to implement things like the the advanced filter and pivotgrids against a SQL server backend using Do you happen to have any samples that do something along those lines?