Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthentication$http digest authentication with credentials via DNN web api$http digest authentication with credentials via DNN web api
Previous
 
Next
New Post
9/29/2015 4:37 PM
 
Jerry Voelker


Joined: 9/29/2015
Posts: 1

I am trying to authenticate $http requests against our ASP.Net DotNetNuke (DNN) web api methods using an Ionic/Angular mobile app. I have spent a few days on this with little success and a deadline looming. I can access and receive web api data via [AllowAnonymous] methods, such as the following C# method:

    [HttpGet]
    [AllowAnonymous]
    public HttpResponseMessage HelloWorld(string testData)
    {
        return Request.CreateResponse(HttpStatusCode.OK, "Hello World: " + testData);
    }

...called using the following JS (not currently using promises but it will after I figure out the authentication piece):

loginService.helloWorld = function (data) {
    $http({
        method: 'GET',
        url: 'https://myworkdomain.com/DesktopModules/AcmeService/API/CoreService/HelloWorld',
        headers: {
            'Content-Type': 'application/json'
        },
        params: {
            testData: data
        }
    }).
    then(function (response) {
        console.log("success:", response)
    }, function (response) {
        console.log("error:", response)
    });
}

The problem comes when trying to access a secure web api method requiring user credentials, such as the following test method:

    [DnnAuthorize]
    [HttpGet]
    [HttpOptions]
    public HttpResponseMessage HelloWorldSecure()
    {
        return Request.CreateResponse(HttpStatusCode.OK, "Hello from HelloWorldSecure()");
    }

...called using the following JS (I've tried many variations of this but haven't yet found the correct one):

loginService.helloWorldSecure = function () {
    var req = {
        method: 'GET',
        url: 'https://myworkdomain.com/DesktopModules/AcmeService/API/CoreService/HelloWorldSecure',
        headers: {
            'Content-Type': 'application/json',
            'Authorization': 'Digest ' + btoa('myusername:mypassword')
        }
    }

    $http(req).
    then(function (response) {
        console.log("success:", response)
    }, function (response) {
        console.log("error:", response)
    });
}

I've placed the following in the ASP.Net (DNN) web.config file (I've seen it thrown about in my many Googling sessions):

< httpProtocol>
< customHeaders>
< add name="Access-Control-Allow-Origin" value="*"/>
< add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept"/>
< add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS"/>
< /customHeaders>
< /httpProtocol>

Initially, I was encountering HTTP Status Code 405 (Method Not Allowed), but annotating the web api methods with [HttpOptions] overcame that issue (not sure it is the correct way but it worked). Now the returned HTTP Status Code is 401 (Unauthorized). The solution is likely fairly simple but it has eluded me for the past several days. Any help is greatly appreciated!

Thanks,
Jerry

p.s. Returned headers via Chrome dev tools/Ionic Lab:

Request Headers:
Access-Control-Request-Headers:accept, authorizationAccess-Control-Request-Method:GETOrigin:http://localhost:8100Referer:http://localhost:8100/?ionicplatform=iosUser-Agent:Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) ionic-lab/1.0.0-beta.2 Chrome/43.0.2357.65 Electron/0.29.1 Safari/537.36

Response Headers:
Access-Control-Allow-Headers:Origin, X-Requested-With, Content-Type, AcceptAccess-Control-Allow-Methods:GET, POST, PUT, DELETE, OPTIONSAccess-Control-Allow-Origin:*Cache-Control:no-cacheContent-Length:61Content-Type:application/json; charset=utf-8Date:Mon, 28 Sep 2015 21:24:07 GMTExpires:-1Pragma:no-cacheServer:Microsoft-IIS/8.5WWW-Authenticate:Digest realm="DNNAPI", nonce="OS8yOC8yMDE1IDQ6MjU6MDcgUE0", opaque="0000000000000000", stale=False, algorithm=MD5, qop="auth", Basic realm="DNNAPI"X-AspNet-Version:4.0.30319X-Powered-By:ASP.NET

Response:
XMLHttpRequest cannot load https://myworkdomain.com/DesktopModul.... Invalid HTTP status code 401
 
New Post
9/30/2015 6:33 AM
 
Barry Waluszko


glanton.com
Joined: 5/5/2008
Posts: 152
Hi Jerry,

I don't see header like: ModuleId, TabId, RequestVerificationToken that are required for [DnnAuthorize]. Try to implement something similar to this:
var _sf = $.ServicesFramework(444); //444 is the current module id
var req = {
method: 'GET',
url: 'https://myworkdomain.com/DesktopModul...',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Digest ' + btoa('myusername:mypassword'),
'ModuleId': _sf.getModuleId(),
'TabId': _sf.getTabId(),
'RequestVerificationToken': _sf.getAntiForgeryValue(),
}
};

Reference:
http://www.dnnsoftware.com/wiki/servi...
 
New Post
9/30/2015 7:14 AM
 
cathal connolly


cathal connolly's Avatar

www.cathal.co.uk
Joined: 4/9/2003
Posts: 9676
please also be aware that the site must be using encrypted password for digest authentication to work - hashed passwords (the default since 7.1.0) will not work in a digest auth scenario (you can check this via the passwordFormat in web.config)
Buy the new Professional DNN7: Open Source .NET CMS Platform book Amazon US
 
New Post
7/3/2016 11:04 PM
 
Ainsof So'o


Joined: 4/17/2013
Posts: 8
Did anyone figure this out? I'm also stuck on the same problem
 
 Page 1 of 1
Previous
 
Next
HomeHomeDNN Open Source...DNN Open Source...Provider and Extension ForumsProvider and Extension ForumsAuthenticationAuthentication$http digest authentication with credentials via DNN web api$http digest authentication with credentials via DNN web api


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out