Because of security reason it is not allowed to access web browser client's device file from the web application. Is it possible to get an access after getting permission from client user? How one can achieve this?
Note: Web application is written in NodeJS.
You can create a client side application using NodeWebkit. It has been renamed nw.js it allows you to create a desktop application which can make the standard HTTP, etc... requests to your server. You can also wrap your application in order to make it a downloadable mobile app.
Related
We are using AEM as content service and exporting AEM content into mobile application. For example below api will be used in mobile application and Mobile application will build the presentation layer.
/content/we-retail/us/en/products/women/shirts/jcr:content/root/content-tile.model.json
Here I basically want to authenticate AEM API before I serve the json response. In essence, I want to only accept requests from mobile applications. I should the request If anyone else calls AEM. Can anyone tell me what are ways we can protect the AEM APIs
At dispatcher level you can add this path accessible for validated user. Mobile application developer pass the credential when they invoke the api.
I've got a LOB UWP application which I want to distribute via the web using the web-based sideloading experience. This is fairly simple using the VS deployment tools which output an HTML file and the required resources. My goal is to publish the assets to an Azure web app and turn on Easy Auth so that only people from my org can reach the installer landing page.
This works fine for restricting access to the html page, but the links which point to the actual installer file fail. I'm guessing it's a mime type issue where the auth middleware doesn't know how to handle an Http request with auth information for a non-standard file type:
I'd appreciate any guidance or suggestions
Microsoft confirmed over on techcommunity.microsoft.com that this is not possible as of yet, but that a solution to support this scenario is on their backlog:
You're correct - the problem is that App Installer is making its own
auth request without the inherited web auth tokens. Sending
authenticated requests is currently not supported today but this is an
item in our backlog and we're working to address this issue.
I have a website hosted on azure. The website is expected to get opened only from the UWP application and should be prevented to get open from browser directly. I was checking deep linking Web-to-App approach. Are there any other options to do this?
The only way you could do this would be to setup some kind of client authorization mechanism in a way that the app would add some additional request headers to with authentication information that the server would check to verify that the client is indeed the app.
You should look into IdentityServer4 documentation, as they show how such functionality can be implemented. You could implement this yourself or use IdentityServer4 or some other tool in the respective language you use on your backend.
I'm planning on making an android application that sends user data to a web server and stores it temporarily in a database. Now I've never worked with databases or web servers before, but after reading a bunch of tutorials and a few days of hacking away I managed to get a node.js server with mongodb up and running on the openshift platform.
Right now anyone can interact with the database just by sending a GET request or even just pulling up the url in a browser. Is there a way to prevent that by happening or would I have to maybe encrypt the data myself before storing it?
You describe a typical web application using REST APIs. To secure it, do two things:
Deploy your REST APIs (or the entire site) using HTTPS instead of HTTP. This provides end to end encryption so your sensitive data cannot be viewed while in transit
Add an authentication and authorization mechanism, so that only authenticated endpoints can access your REST APIs.
Help me..
I'm implementing a web application in my local server and after i will publish my application to download and can use every one.So I need to give a social experience to user with my web application(user can update his fan pages through my web application). So i created a facebook application. But I'm still in problem what is site url in application. This is not for my own web site. This is for all download users. Then how can I create a facebook application to achieve this.
With a facebook Canvas App, site url is where the actual application is hosted.
So, if your web application was fully functional at http://example.com/facebook, that would be the site URL.
I created a facebook app last year and it's a web based application that is wholly contained within my webserver, the site url points to it's landing page.
I think you want to make this application downloadable like wordpress framework so that others can host the application on their server and use it.
So probably best way is to have a admin section like in wordpress, user who download and implement you application on his or her server can provide their own application access token.
Insted of hard-coding your own access code into your download application framework
In admin section create a tab to register your application with facebook, which will redirect user to the facebook.com/developer where he/she can register their application and after registration they can put their access token back in you application framework admin section. you can store this details in some table and fetch it where ever you need it for authentication.
hope this logic helps for you.