[CLOSED] Cookies

Page 2 of 3 FirstFirst 123 LastLast
  1. #11
    Ok - for test case you need two (same) applications and two cookie domains
    let's say
    http://localhost/firstapplication
    http://computername/secondapplication

    then in first application change the url of direct method using beforequest event


    function beforeAjaxRequest(con, options, eOpts, params,request) {
    		request.url = "http://computername/secondapplication/default.aspx";
    	}
    then you need two direct methods ( on both)

    [DirectMethod]
    public void AuthenticateMe(){
         FormsAuthentication.SetAuthCookie("username", createCookie);
    }
    
    [DirectMethod]
    public bool IsAuthenticated(){
         return HttpContext.Current.Request.IsAuthenticated;
    }
    Finally call first method in firstapplication, that should call direct method on second application ( because of changed url) and should return cookie, then call second method - the cookie is not sent to the second method

    That should describe raughly the idea, if you want examples I can create zip file with both

    Z
  2. #12
    Hello @Zdenek!

    I am afraid sharing cookies across different domains is not possible at all. You'd need to pass them as parameters. This is not an Ext.NET nor ASP.Net limitation. See this generic question about cookies: Stack Overflow - Cross-domain cookies.

    Hope this helps. And this maybe responds that other question we moved away, right? The stack overflow questions shows how to handle this situation with a central "cookie-domain" too.
    Fabrício Murta
    Developer & Support Expert
  3. #13
    Ok, let's forget about two applications, maybe I oversaw something silly

    II have complete application, unfortuantelly your forum uploader is saying me

    Basically I have two methods like

    	[DirectMethod]
    	public void Login()
    	{
    		FormsAuthentication.SetAuthCookie("TestUser",true);
    //		Response.Redirect("~/");
    	}
    
    	[DirectMethod]
    	public string AuthenticatedName()
    	{
    		return HttpContext.Current.User.Identity.Name;
    	}
    and those are called using
    function btnTestAuthentication_click() {
    		Ext.net.DirectMethods.AuthenticatedName({
    			complete: function (success, result) {
    				
    				alert('logged as ' + result);
    			}
    		});
    	}
    	function btnLogin_click() {
    		
    		Ext.net.DirectMethods.Login({
    			complete:function() {
    				Ext.Msg.alert('logged in');
    			}
    		});
    	}
    why after Login method, the AuthenticatedName does not returns authenticated name?
    Last edited by fabricio.murta; Dec 15, 2016 at 2:27 PM. Reason: remove project/website link
  4. #14
    Hello @Zdenek!

    Sorry, we are not allowed to rely on shared zipfiles for projects/samples. All that we can discuss should be reduced to simplified samples on the forums. From past experience we decided for good that only sample codes posted in [code][/code] tags should be used in forum inquiries, as always the test cases could be reduced to simple runnable samples with just a couple source files.

    We had to edit your original post above to remove the link, hope you understand.

    But I'll exceptionally try to show you how this sample could be represented here in the forum thread. Will come back to you (hopefully) in a short while.
    Fabrício Murta
    Developer & Support Expert
  5. #15
    Hello again @zdenek!

    I believe this is exactly the necessary to reproduce your issue:

    <%@ Page Language="C#" %>
    
    <!DOCTYPE html>
    <script runat="server">
        [DirectMethod]
        public void Login()
        {
            FormsAuthentication.SetAuthCookie("TestUser", true);
        }
    
        [DirectMethod]
        public string AuthenticatedName()
        {
            return "user: " + HttpContext.Current.User.Identity.Name;
        }
    </script>
    
    <html>
    <head runat="server">
        <title></title>
        <script type="text/javascript">
            function btnLogin_click() {
                App.direct.Login({
                    complete: function () {
                        Ext.Msg.alert('logon', 'logged in');
                    }
                });
            }
    
            function btnTestAuthentication_click() {
                App.direct.AuthenticatedName({
                    complete: function (success, result) {
                        Ext.Msg.alert('auth', 'logged as ' + result);
                    }
                });
            }
        </script>
    </head>
    <body>
        <form id="form1" runat="server">
        <div>
            <ext:ResourceManager runat="server" />
            <ext:Container runat="server" FullScreen="true">
                <Items>
                    <ext:Button runat="server" Text="login" OnClientTap="btnLogin_click();" />
                    <ext:Button runat="server" Text="check auth" OnClientTap="btnTestAuthentication_click();" />
                </Items>
            </ext:Container>
        </div>
        </form>
    </body>
    </html>
    Does not look too long a single page example, does it? Please confirm if this is really a test case good enough to reproduce your issue so we can proceed with diagnosis about the issue.
    Fabrício Murta
    Developer & Support Expert
  6. #16
    Hello
    thanks for sample

    NOte that whole purpose of the bit longer sample was to introduce oyu what I'm trying to achieve ( in relation with parallel thread about native applications), I sent you bit wider sample.
    I guess you can hardly provide snippet for complete "native" application

    I can confirm that your sample is perfect for reproducing of the problem

    And I can say you even more - if I use exactly same sample (OnButtonCLick instead of OnButtonTap of course) on Ext.NET (full - means not mobile) it works as expected

    Thanks
    Z
  7. #17
    Hello @ZDenek!

    Glad I could illustrate you how a simplified sample should look like -- and that the sample actually reflected what you wanted to highlight.

    Now you raised an interesting argumentation. You said the same example worked just fine in Ext.NET (non mobile)? You mean, when you click the second button the response is logged as user: TestUser?

    If that's the case then I'm sure you have a webforms setting on your Ext.NET project that you don't in the Ext.NET Mobile project that's effectively disabling user identity handling like we are trying to use.

    I can say that with confidence because none of my test projects has auth set up, and both Mobile and classic Ext.NET behave exactly the same. Returns logged as user: -- no TestUser in the end.

    This indicates the problem is not with Ext.NET at all, but the project setting. Can you compare your mobile and non-mobile projects regarding authentication settings? I believe you will find lines in Web.config file that set up the website so that your approach works on the non-mobile project.

    Looking forward for your feedback.
    Fabrício Murta
    Developer & Support Expert
  8. #18
    OK, my face become bit red - so silly mistake, thanks for pointing out

    But - we are getting to the final question. I took a lesson from your "sample approach" and hopefully this is how you can reproduce my original problem:

    presuming that you have IIS application called "mobileSample"
    apsx page ( similar to your one)

    <%@ Page Language="C#" %>
    
    <!DOCTYPE html>
    <script runat="server">
        [DirectMethod]
        public void Login()
        {
            FormsAuthentication.SetAuthCookie("TestUser", true);
        }
    
        [DirectMethod]
        public string AuthenticatedName()
        {
            return "user: " + HttpContext.Current.User.Identity.Name;
        }
    </script>
    
    <html>
    <head runat="server">
        <title></title>
    
        <script type="text/javascript">
        	function beforeRequest(con, options, eOpts, params, request) {
        		request.url = "http://kilkelly/mobileSample/default.aspx";
    	    }
    
    	    function btnLogin_click() {
    		    App.direct.Login({
    			    complete: function () {
    				    Ext.Msg.alert('logon', 'logged in');
    			    }
    		    });
    	    }
    
    	    function btnTestAuthentication_click() {
    		    App.direct.AuthenticatedName({
    			    complete: function (success, result) {
    				    Ext.Msg.alert('auth', 'logged as ' + result);
    			    }
    		    });
    	    }
        </script>
    </head>
    <body>
        <form id="form1" runat="server">
        <div>
            <ext:ResourceManager runat="server" >
    	        <Listeners>
    		        <BeforeAjaxRequest Fn="beforeRequest"></BeforeAjaxRequest>
    	        </Listeners>
            </ext:ResourceManager>
            <ext:Container runat="server" FullScreen="true">
                <Items>
                    <ext:Button runat="server" Text="login" OnClientTap="btnLogin_click();" />
                    <ext:Button runat="server" Text="check auth" OnClientTap="btnTestAuthentication_click();" />
                </Items>
            </ext:Container>
        </div>
        </form>
    </body>
    </html>
    On line 24 please replace kilkelly with your computer name

    web.config shortened as much as I can

    <?xml version="1.0"?>
    <configuration>
      <configSections>
        <section name="extnetmobile" type="Ext.Net.Mobile.GlobalConfig" requirePermission="false"/>
      </configSections>
    	
    	<extnetmobile scriptMode="Debug" licenseKey=" ** Ext.NET Mobile License Key ** " />
    
    	<location path="default.aspx">
    		<system.web>
    			<authorization>
    				<allow users="*" />
    			</authorization>
    		</system.web>
    	</location>
    
    	<system.web>
        <compilation debug="true" targetFramework="4.6"/>
    	  <authentication mode="Forms">
    		  <forms loginUrl="LoginTo.aspx" cookieless="UseCookies"/>
    	  </authentication>
    	  
    	  
        <pages controlRenderingCompatibilityVersion="4.0">
          <controls>
            <add assembly="Ext.Net.Mobile" namespace="Ext.Net.Mobile" tagPrefix="ext"/>
          </controls>
          <namespaces>
            <add namespace="Ext.Net.Mobile"/>
          </namespaces>
        </pages>
      </system.web>
      <system.webServer>
    	  <httpProtocol>
    		  <customHeaders>
    			  <add name="Access-Control-Allow-Origin" value="*" />
    			  <add name="Access-Control-Allow-Methods" value="*" />
    			  <add name="Access-Control-Allow-Headers" value="X-Ext-Net,X-Ext-Net-Mobile,X-Requested-With" />
    		  </customHeaders>
    	  </httpProtocol>
        <validation validateIntegratedModeConfiguration="false"/>
        <handlers>
          <add name="DirectRequestHandler" verb="*" path="*/ext-mobile.axd" preCondition="integratedMode" type="Ext.Net.Mobile.ResourceHandler"/>
        </handlers>
        <modules>
          <add name="DirectRequestModule" preCondition="managedHandler" type="Ext.Net.Mobile.DirectRequestModule, Ext.Net.Mobile"/>
        </modules>
      </system.webServer>
      <runtime>
        <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
          <dependentAssembly>
            <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed"/>
            <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0"/>
          </dependentAssembly>
          <dependentAssembly>
            <assemblyIdentity name="Ext.Net.Utilities" publicKeyToken="2c34ac34702a3c23"/>
            <bindingRedirect oldVersion="0.0.0.0-2.5.0" newVersion="2.5.0"/>
          </dependentAssembly>
          <dependentAssembly>
            <assemblyIdentity name="Transformer.NET" publicKeyToken="e274d618e7c603a7"/>
            <bindingRedirect oldVersion="0.0.0.0-2.1.1" newVersion="2.1.1"/>
          </dependentAssembly>
        </assemblyBinding>
      </runtime>
    </configuration>
    now if you browse application using http://kilkelly/mobilesample (or whatever your PC name is) it works fine user is logged and username is displayed

    hovewer if you browse application using
    http://localhost/mobilesample the user is not retrieved back

    Even cookies always come from http://kilkelly/mobilesampel and are supposed to be read from here
    Last edited by fabricio.murta; Dec 16, 2016 at 7:21 PM. Reason: Edit away license key
  9. #19
    Hello @Zdenek!

    We appreciate your comply to the simple samples approach, but please don't share/paste your Ext.NET license key! I'm sure you did that by mistake, and I already edited it out of your post. Please be careful, it could have been instead of the key some secret from your company. Not good either way.

    Usually you can point an specific part of Web.config just by telling the context and pasting the block.

    For example, you can enable forms authentication in the former example to make it work by adding the following inside the <system.web> section of Web.config:

    <authentication mode="Forms">
      <forms name="SiteName" path="/" loginUrl="~/Login.aspx" />
    </authentication>
    This will also save you the risk of pasting sensitive information like Ext.NET license key or your database's connection strings! In the case you need license key as you want to simulate a "real world" website, so it would be pretty possible you would be sharing database "real world" credentials in such a case if you just copypasted the whole Web.config. :)

    About the question itself, I initially see the same old case of cross-domain cookies, which is not supported, but I'll give your test case an additional thought and will leave a more in-depth feedback here in a moment.

    Please understand the cookie cross-domain limitation is not really an Ext.NET limitation. Cross-domain cookies limitation is for Ext.NET what forms authentication is to Ext.NET too. I mean, Ext.NET works on top of them on your given usage scenario but Ext.NET does not control its behavior.

    I'll come back to you soon.
    Fabrício Murta
    Developer & Support Expert
  10. #20
    Hello!

    I've broken down to run your example as you suggested and indeed, and as expected, does not work. The bottomline is that it will work if and only if you figure out a way to use forms authentication cross-domain. Enabling CORS will just be one part of the process, but I believe you will have to set up a cookieless webforms authentication for this to work.

    Again, this points not to an Ext.NET limitation. I believe you'd need to use SSO in this case, like suggested in this (yet another) stackoverflow thread: Using Forms authentication cross domain.

    Unfortunately it is not something we can talk about supporting or not supporting in Ext.NET, the limitation is on the upper level transport.
    Fabrício Murta
    Developer & Support Expert
Page 2 of 3 FirstFirst 123 LastLast

Similar Threads

  1. Replies: 1
    Last Post: Jan 05, 2016, 2:49 PM
  2. [CLOSED] Cookies : Read value from key
    By matrixwebtech in forum 2.x Legacy Premium Help
    Replies: 3
    Last Post: Feb 23, 2015, 4:34 AM
  3. How to save user data in browser cookies
    By QuAzI in forum 2.x Help
    Replies: 1
    Last Post: Jun 05, 2014, 1:47 PM
  4. How to Set Cookies?
    By gdboy2002 in forum 1.x Help
    Replies: 5
    Last Post: Nov 30, 2011, 4:43 PM
  5. [CLOSED] Saving grid panel settings in cookies.
    By Jean-Pierre Poulin in forum 1.x Legacy Premium Help
    Replies: 2
    Last Post: Mar 24, 2010, 5:03 PM

Posting Permissions