PDA

View Full Version : [CLOSED] Cookies



Zdenek
Dec 12, 2016, 12:55 PM
Hello

Is there a way how to add additional cookie to direct method call?

And how to read Cookies ? Ext.util.Cookies is not present

Thanks
Zdenek

fabricio.murta
Dec 12, 2016, 3:27 PM
Hello @Zdenek!

I think Sencha just forgot to move the class to Core (common to Classic and Modern) and the feature went missing. But rather, it probably didn't happen because there will be changes necessary in order for the class to work with the modern API.

I see this open thread in Sencha since july 2015: Ext.util.Cookies belongs to classic toolkit (https://www.sencha.com/forum/showthread.php?302794).

There's a chance just copypasting the class from Ext.NET (not mobile) would work just fine. You can find the Ext.util.Cookie in a separate file under src/Build/Ext.Net/extjs/extjs-sources/classic/classic/src/util/Cookies.js in the Ext.NET source package.

Worth a try?

Zdenek
Dec 12, 2016, 3:32 PM
OK
is there a chance to add cookie to direct method request?

(basically I want to read cookies from one domain and send those to another domain)

Thanks

fabricio.murta
Dec 12, 2016, 3:51 PM
Hello Zdenek!

Wouldn't that be a matter of fetching the cookie and passing it to the direct method as parameter? And for a direct event encapsulated with the form with ExtraParameters?

Zdenek
Dec 12, 2016, 9:39 PM
Well - that something else I would say - for example for Formsauthentication - cookie must be present already before it touch any handler

fabricio.murta
Dec 12, 2016, 11:59 PM
Well, I don't see any problem using cookies server-side with Ext.NET Mobile. But I wonder what's the scenario you are in and in which way you want to use cookies. Maybe if you give an example on how you are using it we can help you figure out how to handle it. Still, maybe it is a good shot before to just try to import Ext.util.Cookies as pointed above.

Zdenek
Dec 13, 2016, 7:39 AM
OK
probably there is easier soution to that

[b]EDIT: Original post moved to new thread under: Tying a Ext.NET Mobile application to an Ext.NET application (http://forums.ext.net/showthread.php?61659)

fabricio.murta
Dec 13, 2016, 1:48 PM
Hello @Zdenek!

So, the original question was about using cookies on Ext.NET Mobile, right?..

I believe your last post deviated to something else. Something like "Tying a Ext.NET Mobile application to an Ext.NET application". Am I right with this assumption? If so, would you mind if we moved your last post to a new thread? And then (again, if I am correct that the subject is changing -- maybe I misunderstood something) you leave a response here for the actual problem we discussed about just using cookies with Ext.NET.

Your follow-up seems very interesting and challenging, and seems you are partly done with it. We would love to try and help you figure it out!

Zdenek
Dec 13, 2016, 1:54 PM
Hello
Sure my last post is above scope of this and more threads will come - but ok - let's try to get this answered first

So is there a way how to send additional cookie ( as a cookie not as a parameters) together with particular direct method call from client? (in ext.net.mobile)

fabricio.murta
Dec 13, 2016, 2:29 PM
Hello @ZDenek!

I don't think, again, there are problems using cookies in code behind at all. Can you please provide a test case on how you are using it? I can access Request.Cookies["cookie_name"] with no issues from here.

Zdenek
Dec 13, 2016, 2:40 PM
Ok - for test case you need two (same) applications and two cookie domains
let's say
http://localhost/firstapplication
http://computername/secondapplication

then in first application change the url of direct method using beforequest event



function beforeAjaxRequest(con, options, eOpts, params,request) {
request.url = "http://computername/secondapplication/default.aspx";
}

then you need two direct methods ( on both)


[DirectMethod]
public void AuthenticateMe(){
FormsAuthentication.SetAuthCookie("username", createCookie);
}

[DirectMethod]
public bool IsAuthenticated(){
return HttpContext.Current.Request.IsAuthenticated;
}

Finally call first method in firstapplication, that should call direct method on second application ( because of changed url) and should return cookie, then call second method - the cookie is not sent to the second method

That should describe raughly the idea, if you want examples I can create zip file with both

Z

fabricio.murta
Dec 13, 2016, 2:57 PM
Hello @Zdenek!

I am afraid sharing cookies across different domains is not possible at all. You'd need to pass them as parameters. This is not an Ext.NET nor ASP.Net limitation. See this generic question about cookies: Stack Overflow - Cross-domain cookies (http://stackoverflow.com/questions/3342140).

Hope this helps. And this maybe responds that other question we moved away, right? The stack overflow questions shows how to handle this situation with a central "cookie-domain" too.

Zdenek
Dec 15, 2016, 2:41 PM
Ok, let's forget about two applications, maybe I oversaw something silly

II have complete application, unfortuantelly your forum uploader is saying me

Basically I have two methods like



[DirectMethod]
public void Login()
{
FormsAuthentication.SetAuthCookie("TestUser",true);
// Response.Redirect("~/");
}

[DirectMethod]
public string AuthenticatedName()
{
return HttpContext.Current.User.Identity.Name;
}


and those are called using


function btnTestAuthentication_click() {
Ext.net.DirectMethods.AuthenticatedName({
complete: function (success, result) {

alert('logged as ' + result);
}
});
}
function btnLogin_click() {

Ext.net.DirectMethods.Login({
complete:function() {
Ext.Msg.alert('logged in');
}
});
}

why after Login method, the AuthenticatedName does not returns authenticated name?

fabricio.murta
Dec 15, 2016, 3:31 PM
Hello @Zdenek!

Sorry, we are not allowed to rely on shared zipfiles for projects/samples. All that we can discuss should be reduced to simplified samples on the forums. From past experience we decided for good that only sample codes posted in
tags should be used in forum inquiries, as always the test cases could be reduced to simple runnable samples with just a couple source files.

We had to edit your original post above to remove the link, hope you understand.

But I'll exceptionally try to show you how this sample could be represented here in the forum thread. Will come back to you (hopefully) in a short while.

fabricio.murta
Dec 15, 2016, 4:17 PM
Hello again @zdenek!

I believe this is exactly the necessary to reproduce your issue:



<%@ Page Language="C#" %>

<!DOCTYPE html>
<script runat="server">
[DirectMethod]
public void Login()
{
FormsAuthentication.SetAuthCookie("TestUser", true);
}

[DirectMethod]
public string AuthenticatedName()
{
return "user: " + HttpContext.Current.User.Identity.Name;
}
</script>

<html>
<head runat="server">
<title></title>
<script type="text/javascript">
function btnLogin_click() {
App.direct.Login({
complete: function () {
Ext.Msg.alert('logon', 'logged in');
}
});
}

function btnTestAuthentication_click() {
App.direct.AuthenticatedName({
complete: function (success, result) {
Ext.Msg.alert('auth', 'logged as ' + result);
}
});
}
</script>
</head>
<body>
<form id="form1" runat="server">
<div>
<ext:ResourceManager runat="server" />
<ext:Container runat="server" FullScreen="true">
<Items>
<ext:Button runat="server" Text="login" OnClientTap="btnLogin_click();" />
<ext:Button runat="server" Text="check auth" OnClientTap="btnTestAuthentication_click();" />
</Items>
</ext:Container>
</div>
</form>
</body>
</html>


Does not look too long a single page example, does it? Please confirm if this is really a test case good enough to reproduce your issue so we can proceed with diagnosis about the issue.

Zdenek
Dec 15, 2016, 5:58 PM
Hello
thanks for sample

NOte that whole purpose of the bit longer sample was to introduce oyu what I'm trying to achieve ( in relation with parallel thread about native applications), I sent you bit wider sample.
I guess you can hardly provide snippet for complete "native" application

I can confirm that your sample is perfect for reproducing of the problem

And I can say you even more - if I use exactly same sample (OnButtonCLick instead of OnButtonTap of course) on Ext.NET (full - means not mobile) it works as expected

Thanks
Z

fabricio.murta
Dec 16, 2016, 7:03 PM
Hello @ZDenek!

Glad I could illustrate you how a simplified sample should look like -- and that the sample actually reflected what you wanted to highlight.

Now you raised an interesting argumentation. You said the same example worked just fine in Ext.NET (non mobile)? You mean, when you click the second button the response is logged as user: TestUser?

If that's the case then I'm sure you have a webforms setting on your Ext.NET project that you don't in the Ext.NET Mobile project that's effectively disabling user identity handling like we are trying to use.

I can say that with confidence because none of my test projects has auth set up, and both Mobile and classic Ext.NET behave exactly the same. Returns logged as user: -- no TestUser in the end.

This indicates the problem is not with Ext.NET at all, but the project setting. Can you compare your mobile and non-mobile projects regarding authentication settings? I believe you will find lines in Web.config file that set up the website so that your approach works on the non-mobile project.

Looking forward for your feedback.

Zdenek
Dec 16, 2016, 7:36 PM
OK, my face become bit red - so silly mistake, thanks for pointing out

But - we are getting to the final question. I took a lesson from your "sample approach" and hopefully this is how you can reproduce my original problem:

presuming that you have IIS application called "mobileSample"
apsx page ( similar to your one)



<%@ Page Language="C#" %>

<!DOCTYPE html>
<script runat="server">
[DirectMethod]
public void Login()
{
FormsAuthentication.SetAuthCookie("TestUser", true);
}

[DirectMethod]
public string AuthenticatedName()
{
return "user: " + HttpContext.Current.User.Identity.Name;
}
</script>

<html>
<head runat="server">
<title></title>

<script type="text/javascript">
function beforeRequest(con, options, eOpts, params, request) {
request.url = "http://kilkelly/mobileSample/default.aspx";
}

function btnLogin_click() {
App.direct.Login({
complete: function () {
Ext.Msg.alert('logon', 'logged in');
}
});
}

function btnTestAuthentication_click() {
App.direct.AuthenticatedName({
complete: function (success, result) {
Ext.Msg.alert('auth', 'logged as ' + result);
}
});
}
</script>
</head>
<body>
<form id="form1" runat="server">
<div>
<ext:ResourceManager runat="server" >
<Listeners>
<BeforeAjaxRequest Fn="beforeRequest"></BeforeAjaxRequest>
</Listeners>
</ext:ResourceManager>
<ext:Container runat="server" FullScreen="true">
<Items>
<ext:Button runat="server" Text="login" OnClientTap="btnLogin_click();" />
<ext:Button runat="server" Text="check auth" OnClientTap="btnTestAuthentication_click();" />
</Items>
</ext:Container>
</div>
</form>
</body>
</html>


On line 24 please replace kilkelly with your computer name

web.config shortened as much as I can


<?xml version="1.0"?>
<configuration>
<configSections>
<section name="extnetmobile" type="Ext.Net.Mobile.GlobalConfig" requirePermission="false"/>
</configSections>

<extnetmobile scriptMode="Debug" licenseKey=" ** Ext.NET Mobile License Key ** " />

<location path="default.aspx">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>

<system.web>
<compilation debug="true" targetFramework="4.6"/>
<authentication mode="Forms">
<forms loginUrl="LoginTo.aspx" cookieless="UseCookies"/>
</authentication>


<pages controlRenderingCompatibilityVersion="4.0">
<controls>
<add assembly="Ext.Net.Mobile" namespace="Ext.Net.Mobile" tagPrefix="ext"/>
</controls>
<namespaces>
<add namespace="Ext.Net.Mobile"/>
</namespaces>
</pages>
</system.web>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Methods" value="*" />
<add name="Access-Control-Allow-Headers" value="X-Ext-Net,X-Ext-Net-Mobile,X-Requested-With" />
</customHeaders>
</httpProtocol>
<validation validateIntegratedModeConfiguration="false"/>
<handlers>
<add name="DirectRequestHandler" verb="*" path="*/ext-mobile.axd" preCondition="integratedMode" type="Ext.Net.Mobile.ResourceHandler"/>
</handlers>
<modules>
<add name="DirectRequestModule" preCondition="managedHandler" type="Ext.Net.Mobile.DirectRequestModule, Ext.Net.Mobile"/>
</modules>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed"/>
<bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Ext.Net.Utilities" publicKeyToken="2c34ac34702a3c23"/>
<bindingRedirect oldVersion="0.0.0.0-2.5.0" newVersion="2.5.0"/>
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="Transformer.NET" publicKeyToken="e274d618e7c603a7"/>
<bindingRedirect oldVersion="0.0.0.0-2.1.1" newVersion="2.1.1"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>

now if you browse application using http://kilkelly/mobilesample (or whatever your PC name is) it works fine user is logged and username is displayed

hovewer if you browse application using
http://localhost/mobilesample the user is not retrieved back

Even cookies always come from http://kilkelly/mobilesampel and are supposed to be read from here

fabricio.murta
Dec 16, 2016, 8:33 PM
Hello @Zdenek!

We appreciate your comply to the simple samples approach, but please don't share/paste your Ext.NET license key! I'm sure you did that by mistake, and I already edited it out of your post. Please be careful, it could have been instead of the key some secret from your company. Not good either way.

Usually you can point an specific part of Web.config just by telling the context and pasting the block.

For example, you can enable forms authentication in the former example to make it work by adding the following inside the <system.web> section of Web.config:



<authentication mode="Forms">
<forms name="SiteName" path="/" loginUrl="~/Login.aspx" />
</authentication>


This will also save you the risk of pasting sensitive information like Ext.NET license key or your database's connection strings! In the case you need license key as you want to simulate a "real world" website, so it would be pretty possible you would be sharing database "real world" credentials in such a case if you just copypasted the whole Web.config. :)

About the question itself, I initially see the same old case of cross-domain cookies, which is not supported, but I'll give your test case an additional thought and will leave a more in-depth feedback here in a moment.

Please understand the cookie cross-domain limitation is not really an Ext.NET limitation. Cross-domain cookies limitation is for Ext.NET what forms authentication is to Ext.NET too. I mean, Ext.NET works on top of them on your given usage scenario but Ext.NET does not control its behavior.

I'll come back to you soon.

fabricio.murta
Dec 17, 2016, 3:15 AM
Hello!

I've broken down to run your example as you suggested and indeed, and as expected, does not work. The bottomline is that it will work if and only if you figure out a way to use forms authentication cross-domain. Enabling CORS will just be one part of the process, but I believe you will have to set up a cookieless webforms authentication for this to work.

Again, this points not to an Ext.NET limitation. I believe you'd need to use SSO in this case, like suggested in this (yet another) stackoverflow thread: Using Forms authentication cross domain (http://stackoverflow.com/questions/10632551).

Unfortunately it is not something we can talk about supporting or not supporting in Ext.NET, the limitation is on the upper level transport.

fabricio.murta
Jan 03, 2017, 10:39 PM
Hello @Zdenek!

Do you still need help with this or may we close this thread? Been some time already and no feedback from you here...