I am new to GraphQL and seeking your help. Right now, We have React application which will talk to REST API which is developed in .NET Core. Now, we are going to introduce GraphQL between Client and REST API server.
I could not consume .NET REST API in GraphQL (resolver) using either fetch API or AXIOS because of Windows authentication. .NET Core is protected by Windows authentication with help of NTLM. What needs to be done to make API from GraphQL.
Do we need to captured Windows authenticated user information in GraphQL and pass to .Net Core API.
Have you tried httpntlm module?
https://www.npmjs.com/package/httpntlm
Related
I'm testing out ServiceStack to see how much faster the development is with this product rather than with Asp.Net Core's Web API or similar products.
I have successfully set up Service Stack with my own configuration of IdentityServer4 and everything runs fine.
My confusion is whether working with IdentityServer4 means I am required to now maintain a Web Api project along with ServiceStack? What's the reason the API is there?
I can see that I can make direct calls to the endpoints (requiring Authentication, roles, etc.) and that works in conjunction with IdentityServer4.
Would love some insight on why the Web Api project is needed and whether I can just completely get rid of it, as I was under the impression ServiceStack was a replacement for WCF/Web Api?
ServiceStack's mvcidentityserver project template that's used in the documentation of ServiceStack's integration with IdentityServer4 was an enhanced version of Identity Server's "OpenID Connect Hybrid Flow Authentication and API Access Tokens" example project that used to be maintained at https://github.com/IdentityServer/IdentityServer4.Samples/
The project template contains Auth integration examples with ServiceStack, MVC & Web API. The Web API examples were inherited from the existing IdentityServer's example project, which is optional and can be completely removed.
I have deployed an Angular 8 application and a Nest JS application using Heroku. Both deployments use https.
There is no authentication in the Angular application, so I don't need an authenticated user/password to call the API. I just want to make sure that the only calls that the API accepts are those from the Angular app (and rejects direct calls from people using some sort of REST client)
How can I ensure that only my Angular application can call my Nest JS API?
I need to call API's created using google cloud endpoint framework from my node.js applications. How I will be able to complete auth process and call the above APIs? Is it possible from node.js application to access the API's?
According to the official documentation, Cloud Endpoints Framework is a web framework for the App Engine standard (only) Python 2.7 and Java 8 runtime environments. It doesn’t support Node.js (nor PHP, Go) runtime environments.
=========================================================================
EDIT:
The answer to your initial question (“Is it possible from node.js application to access the API's”) is yes.
Your client application does not need to be in Python or Java, it can be on any language such as Node.js.
Regarding authentication, for the backend app (GAE), the flow would be the following:
You can authenticate the access to the Endpoints by creating a Service Account on Google Cloud Platform.
In the API Decorator, add the Service Account and public cert link.
In the API Decorator, add the SA as audience also.
Finally, on your Node.js application (client side), request Authentication by requesting the JWT token:
1.Create a JWT with the same audience set before on the API Decorator and sign it with the service account's private key.
2.Send the signed JWT in a request to the API.
Below you have some examples of the call request. I didn’t find examples in Node.js, they are in Python, but you can translate them to Node.js since the flow is basically the same:
1.JWT Authentication request GCP official documentation.
2.Accessing an API requiring Authentication (Python Client)
3.Github Google-Client-JWT Sample.
I am building an Website and API for a school project.
The website is being made in Node.jswhile the API is built in .netCore version 2.1 with JWT authentication.
The API is working properly and if i use Postman to access the api with the token it works, but how i do it with my website?
I will use the api information to show it using JavaScript.
After some research i didn't found anything.
Any idea how can i do it?
I doubt if using Node.js as a client application is a good approach since it is more commonly used as a backend server. I would suggest you use some js Frontend Framework such as Angular or React.
Is there a way to test my App service api app & Authentication using tool such as Fiddler? I used to be able to do this for Mobile Service by passing the token in the request header (x-zumo-auth). But now with App Service, it's no longer working or available.
Reason I ask is that my client won't be limited to those platform or will they be developed using those languages/SDK so I need a way to make REST API calls.
I am not sure about Fiddler, but I have used the Google Chrome Postman extension to do this kind of thing before and it works really well. It is free and you can get it from here (you'll need chrome installed): https://chrome.google.com/webstore/detail/postman/fhbjgbiflinjbdggehcddcbncdddomop