security - calling my web api from jquery securely -


i have simple question may point out complicated answer :(

i have web api works fine. want set authentication/authorization. need work on platforms, jquery. naturally don't want send username , password along pipeline in plain text this:

function getallcategories() {     var credentials = $.base64.encode('r3plica:mypassword');     var authtype = "basic " + credentials;      $.ajax({         url: "http://localhost:18904/api/categories",         type: "get",         beforesend: function (xhr) {             xhr.setrequestheader("authorization", authtype);         },         success: function (data) {             alert('success!');         },         error: function () {             alert('error');         }     }); }

so have been looking @ other alternatives. alternative use 3 legged oauth? hoping pass query string key/value api , let handle can't find step step process doing that. seems complicated.

so, know of can do? have read loads , tried implement loads of stuff.

i managed working: http://codebetter.com/johnvpetersen/2012/04/04/moving-from-action-filters-to-message-handlers/ can tell though, need encrypt string (username) prior sending api using public key , api decrypt using private key , authorize you.

so 2 questions simple :)

  1. can use above link , call jquery (i.e. not using 3rd party libraries)
  2. if not, best way go securing api can called directly jquery.ajax call?

just clarify, using ssl api

cheers in advance,

/r3plica

for websites (where user can sourcecode) generate through php authenticationtoken , put javascript. token changes every page reload.

for example:

<script type="text/javascript">var authtoken = '<?=gentoken();?>'</script> [...] $.ajax( [..]     beforesend: function (xhr) {         xhr.setrequestheader("owntoken", authtoken);     },

and check token serverside.


Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

c++ - qgraphicsview horizontal scrolling always has a vertical delta -

Image
i've subclassed qgraphicsview custom canvas used in cad application. i've reimplemented qgraphicsview::wheelevent check keyboard modifiers control key and, if control key pressed, zoom. i'm trying implement horizontal scroll when user holds shift , uses wheel. the problem i'm having horizontal scrolling always scrolls 0.279. not huge problem, hugely annoying , points else being wrong. so, here questions: is right way implement horizontal scrolling? if not, is? how eliminate delta of 0.279? thanks in advance. code , sample output below void myview::zoom(int delta) { double factor = pow(1.2, delta/abs(delta)); this->scale(factor, factor); } void myview::scrollhorizontal(int level) { qpointf center = maptoscene(viewport()->rect().center()); qdebug() << "center: " << center.x() << ", " << center.y(); centeron(qpointf(center.x() - level, center.y())); } void myview::wheelevent(qwheeleve...
Read more