Help & Advice: Basic HTTP Authentication for API


#1

Hello all,
I am attempting to build my first Cordova App using Ionic. I am after some advice & help please.

The app I attempting to build requires authentication, to fetch data from a CMS. I have built a WebAPI that can return me the JSON I expect using Basic HTTP Authentication. All data that is needed for the app requires every request to talk back to the API and use Basic Authentication.

So my question is what is best practises for this sort of scenario. As I ideally want the user to login in once and then all further requests use the saved credentials for the further requests.

I can not use a service like 0Auth (as far as I know) with the custom DB connector as I am not in control of each and every CMS installation hence it needs to talk back to the CMS using a URL, username & password to verify it all the time.

So what are the recommended options I can do please?
Do I store a cookie, or the credentials in some LocalStorage perhaps?

I look forward to hearing from you all and getting advice on this.

Many Thanks,
Warren


#2

Hi @warrenbuckley,

I would under no circumstance store user credentials anywhere on the device. That is asking for trouble.

You might want to look at the following post:

http://ionicframework.com/blog/angularjs-authentication/

If you can’t use Oauth, then cookie authentication might be what you want.

Regards,


#3

i am using Token Auth check @nicraboy link


#4

Thanks for the answers guys.
I can’t create the API to use oAuth due to the CMS not currently implementing it (I am building an addon to the CMS)

I will read the blog post next. But I assume the auth cookie has a never expire or a very long expiry on it, so the user does not need to authenticate all the time?

I am looking at this module that is a HTTP interceptor to help deal with the auth

Hopefully this is still the most valid/correct approach.

Thanks,
Warren


#5

hey @warrenbuckley
what lang do you use for server side ?


#6

Hi @ItamarCohen I use ASP.NET for the ServerSide stack, with a C# WebAPI. I am looking into how to implement JWT with C# & WebAPIs currently.


#7

hi ,
i found this tut
http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/


#8

Hi thanks for that tutorial.
I managed to write some stuff that I needed for using JWT tokens for my app on the .NET stack.

I did not use the Microsoft NuGet package that the JWT.io site links to, as it’s massively complex in comparison to a single class file library I found that was written by someone from FireBase, Twilio.

So anyone looking to use JWT in C# I highly recommend this JWT library


https://github.com/johnsheehan/jwt/blob/master/JWT/JWT.cs