Products

Evoq Content Overview Content Creation Workflow Asset Management Mobile Responsive Personalization Content Analytics SEO Integrations Security Website PerformanceEvoq Engage Overview Community Management  Dashboard  Analytics  Member Profile Gamification Advocate Marketing Community Engagement  Ideas  Answers  Discussions  Groups  Wikis  Events Mobile ReadyDNN Support PackagesEvoq: CMS FeaturesEvoq OnDemandCompare DNN's CMS Products

Solutions

Content Management SystemMulti-Channel PublishingDigital MarketingOnline Community ManagementIntranet Software SolutionOur CustomersPrime

Resources

Test DrivesSchedule A DemoDocumentation CenterWebinarsWhite PapersProduct ManualsRequest PricingData SheetsCase StudiesEvoq Preferred Products Content Management Ecommerce Forms Identity Management and Authentication Site Management Social Themes

Partners

DNN Partners Partner Directory Become a DNN Partner Partner Program Overview  Hosting  Implementation  ISV  Training  Competencies

Community

Participate Ask a Question Forums Community Showcase DNN MVP  Program Overview  Lifetime MVPs  Honorary MVPs Subscribe to DNN Digest Advisory Groups  Awareness Advisory Group  Developer Advisory Group  Partner Advisory Group  Technology Advisory GroupLearn Documentation Wiki Community Blog Video Library Project History Development RoadmapDownload DNN Store Language Packs Manuals Nightly BuildsSecurity Policies Security Center

Blog

About

News Press Releases News Coverage Press KitCareersContact DNN

QA

Ideas Test

New Community Website

Ordinarily, you'd be at the right spot, but we've recently launched a brand new community website... For the community, by the community.

Yay... Take Me to the Community!

Welcome to the DNN Community Forums, your preferred source of online community support for all things related to DNN.
In order to participate you must be a registered DNNizen
HomeHomeDevelopment and...Development and...Building ExtensionsBuilding ExtensionsModulesModulesBest way to send UserID to a WebAPI Best way to send UserID to a WebAPI
Previous
 
Next
New Post
12/11/2015 8:55 AM
 
Patrik Johansson


Joined: 8/5/2004
Posts: 333

We are about to implement a SPA app in JavaScritp/AngularJS that will use WebAPI to handle data transfer. This will be implemented using DNN (as a DNN module). Now, we also want to implement authentication in our Business Layer to validate who is supposed to access what. And to do this, we have to transfer the DNN User ID in a secure way. For obvious reasons, we can't just have a "int userID" as inparameter in the WebAPI as it wouldn't take much for someone to send in another UserID than they should. 

We consider using the DNN AuthCookie generated by DNN on login, but the problem is that as far as I know, that is only available on the same domain as DNN is running. This would require us to put the WebAPI as a childapplication to the DNN site, which will cause some problems as the root web.config of DNN will most likely interfere with the childapplication. 

I know that DNN has a Service Framework supposed to help out with WebAPIs that seem to be working fine. However, I am not sure if that would still work for a more complex WebAPI that in turn might call some external services like a WCF service to access the Business Layer or if it just works with a simple stand alone WebAPI controller? What would be other good solutions to solve this when using a client side application written in JavaScript? Is OAuth something worth looking into for this or is it overkill? Is it possible to set the DNN Auth cookie to a domainname that will work with subdomains as well, preferably without having to modify the code of DNN Core? 

Any help and comments are appreciated.  
 
New Post
12/12/2015 8:16 AM
 
Patrik Johansson


Joined: 8/5/2004
Posts: 333
An update to this. We did build a WebAPI implementing DnnApiController which also connected to our Back End through WCF and it seems like we got it to work fine.

As we want to do authentication in our Back End (Business Layer) we just want to use the UserID of the current DNN user (which is then used in the back office to look up permissions). This means that any user that is logged into the DNN portal is supposed to to be able to call all WebAPI functions. In that scenario, is it safe to just decorate our WebAPI controllers with something like below?

[AllowAnonymous]
[HttpGet]
public DataSourceResult GetAccommodationType(...)

and then in that do something like:

return UserController.Instance.GetCurrentUserInfo().UserID > 0 ? accommodationTypeList.AsQueryable().ToDataSourceResult(request) : new DataSourceResult();

What I can see, the DNN authentication cookie is always included no matter if we use client side technology like AngularJS or serverside like MVC/WebForms. Which seems logical as they run under the same domain. Does this mean we could skip ModuleID/TabID etc as we don't want to use that to determine user permissions anyway?
 
 Page 1 of 1
Previous
 
Next
HomeHomeDevelopment and...Development and...Building ExtensionsBuilding ExtensionsModulesModulesBest way to send UserID to a WebAPI Best way to send UserID to a WebAPI


These Forums are dedicated to discussion of DNN Platform and Evoq Solutions.

For the benefit of the community and to protect the integrity of the ecosystem, please observe the following posting guidelines:

  1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DNN.
  2. No vendor trolling / poaching. If someone posts about a vendor issue, allow the vendor or other customers to respond. Any post that looks like trolling / poaching will be removed.
  3. Discussion or promotion of DNN Platform product releases under a different brand name are strictly prohibited.
  4. No Flaming or Trolling.
  5. No Profanity, Racism, or Prejudice.
  6. Site Moderators have the final word on approving / removing a thread or post or comment.
  7. English language posting only, please.
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out
What is Liquid Content?
Find Out