jquery - MVC Authentication and Antiforgery token with Durandal SPA template -


some areas of spa need open users, , areas require authentication. in these areas, it's data loaded via ajax want protect.

i have authentication service (see below), add dependency in durandal main.js. service called:

authentication

in main.js call

authentication.handleunauthorizedajaxrequest(function () {         app.showmessage('you not authorized, please login')         .then(function () {             router.navigateto('#/user/login');         });     });

it warns user not authorized, , navigates user login view/viewmodel can enter details , try logging in.

some questions come mind when building authentication viewmodel:

  • are there obvious concerns i'm doing?
  • is how i'm 'meant' things in durandal?
  • am re-inventing wheel? couldn't see within durandal.

most people seem creating seperate cshtml pages; 1 login (if user not authenticated), , usual index.cshtml there reasons me switch method?

my login action on server-side 'user controller' has [validateantiforgerytoken] attribute need send well.
have 'antiforgery' service (see below) add dependency in main.js viewmodel file (also in main.js).

antiforgery.addantiforgerytokentoajaxrequests();

this intercepts ajax requests (along content), , adds mvc antiforgerytoken value data. seems work want to. please let me know if there's errors/mistakes.

complete authentication service below.

// services/authentication.js define(function (require) {     var system = require('durandal/system'),     app = require('durandal/app'),     router = require('durandal/plugins/router');      return {         handleunauthorizedajaxrequests: function (callback) {             if (!callback) {                 return;             }             $(document).ajaxerror(function (event, request, options) {                 if (request.status === 401) {                     callback();                 }             });         },          canlogin: function () {                      return true;         },         login: function (userinfo, navigatetourl) {             if (!this.canlogin()) {                 return system.defer(function (dfd) {                     dfd.reject();                 }).promise();             }             var jqxhr = $.post("/user/login", userinfo)                 .done(function (data) {                     if (data.success == true) {                         if (!!navigatetourl) {                             router.navigateto(navigatetourl);                         } else {                             return true;                         }                     } else {                         return data;                     }                 })                 .fail(function (data) {                     return data;                 });              return jqxhr;         }     }; });  // services/antiforgery.js define(function (require) {     var app = require('durandal/app');      return {         /*  intercepts ajax requests (with content)             , adds mvc antiforgerytoken value data             controller actions [validateantiforgerytoken] attribute won't fail              original idea came http://stackoverflow.com/questions/4074199/jquery-ajax-calls-and-the-html-antiforgerytoken              use              1) ensure following added durandal index.cshml             <form id="__ajaxantiforgeryform" action="#" method="post">                 @html.antiforgerytoken()             </form>              2) in  main.js ensure module added dependency              3) in main.js add following line             antiforgery.addantiforgerytokentoajaxrequests();          */         addantiforgerytokentoajaxrequests: function () {             var token = $('#__ajaxantiforgeryform     input[name=__requestverificationtoken]').val();             if (!token) {                 app.showmessage('error: authentication service not find     __requestverificationtoken');             }             var tokenparam = "__requestverificationtoken=" + encodeuricomponent(token);              $(document).ajaxsend(function (event, request, options) {                 if (options.hascontent) {                     options.data = options.data ? [options.data, tokenparam].join("&") :     tokenparam;                 }             });         }      }; });

i prefer pass antiforgery token in header. way easy parse out of request on server because not intermingled form's data.

i created custom action filter check antiforgery token.

i created post on how this.


Comments

Post a Comment

Popular posts from this blog

asp.net mvc 3 - Using mvc3, I need to add a username/password to the sql connection string at runtime -

i see how build string using stringbuilders (sql/entity framework); do cause connection string used in dbcontext? example context: public class pophistorydbcontext : dbcontext { public dbset<pophistory> histories {get;set} } public class pophistoryrepository: ihistoryrepository { private pophistorydbcontext context = new pophistorydbcontext(); public iqueryable<pophistory> histories{ {return context.histories;} } } example usage in controller: public class historycontroller : controller { private ihistoryrepository repository = new pophistoryrepository(); var histories = h in repository.histories (h.modifytimestamp > today) select h; if (!string.isnullorempty(searchstring)) { histories = histories.where(h => h.dn.toupper().contains(searchstring.toupper())); } thank you
Read more

kineticjs - draw multiple lines and delete individual line -

i can draw multiple lines on canvas; added layer using drawscene dlayera1.add(line); line.getpoints()[0].x = mousepos.x; line.getpoints()[0].y = mousepos.y; line.getpoints()[1].x = mousepos.x; line.getpoints()[1].y = mousepos.y; moving = true; dlayera1.drawscene(); http://jsfiddle.net/user373721/xzead/1/ . is there way delete individual line? currently, you'll have modify points array this: line.getpoints()[0].splice(index, 1); since arrays modified reference, modifying returned array modifies "source of truth" points array attr
Read more

thumbnails - jQuery image rotate on hover -

any chance change image src on hover , count 10 , again first? this need, default thumb, flv-3.jpg ! <img src="/thumbs/e/b/d/6/d/ebd6d2d6d99e/ebd6d2d6d99e.flv-3.jpg" /> on mouse hover need change number flv-1.jpg flv-2.jpg flv-3.jpg flv-4.jpg etc.. up 10, , again , start number 1, when move mouse thumbs need default thumb flv-3.jpg this im use not solutions, var _thumbs = new array(); function changethumb(index, i, num_thumbs, path) { if (_thumbs[index]) { document.getelementbyid(index).src = path + + ".jpg"; preload = new image(); preload_image_id = (i + 1 > num_thumbs) ? 1 : + 1; preload.src = path + preload_image_id + ".jpg"; = % num_thumbs; i++; settimeout("changethumb('" + index + "'," + + ", " + num_thumbs + ", '" + path + "')", 800) } } function startthumbchange(index, nu
Read more