NetTalk Central

Author Topic: Authentication and Web Services  (Read 3881 times)

astahl

  • Sr. Member
  • ****
  • Posts: 308
    • View Profile
    • Email
Authentication and Web Services
« on: February 27, 2015, 07:34:39 AM »
Hi Bruce,

Reading the documentation on web services and authentication, I would like to have a web service that would receive a username and password. From my understanding if the authentication is successful I would only have to set p_web.SetSessionLoggedIn(1) and any other params needed. If they are inactive then based on the timeout settings they would be automatically logged out.

So my question is, do they need the session ID to call any of the web services as long as they have not been logged out?

Ashley

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11251
    • View Profile
Re: Authentication and Web Services
« Reply #1 on: February 27, 2015, 07:48:40 AM »
Hi Askley,

yes, if you wanted them to login and stay logged in then they would need to pass the sessionID with each request.

I'm going to be doing a webinar on authentication as part of the API series on ClarionLive - but it's a few weeks before we get to that one.

cheers
Bruce

astahl

  • Sr. Member
  • ****
  • Posts: 308
    • View Profile
    • Email
Re: Authentication and Web Services
« Reply #2 on: February 27, 2015, 08:17:37 AM »
Hi Bruce,

Ok so once logged in I can retrieve the session id and pass that back to them?


Ashley

urayoan

  • Full Member
  • ***
  • Posts: 222
    • View Profile
    • AZ Rock Radio
Re: Authentication and Web Services
« Reply #3 on: February 27, 2015, 10:33:22 AM »
In my case trying to do the same i send the session id as part of the authentication validation.
SessionToken = p_web.SessionID

Then before call any NetWebServiceMethod i set the SessioID i validate if it is logged in

p_web.SessionID = SessionToken
IF p_web.GetSessionLoggedIn() = 1
  Some Code
ELSE
  p_web.AddServiceError(1,'WebServiceMethodCall','','LoggedIn','user Not Logged In')
END

Don't know yet if there's a better way but it works for me.

Bruce

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 11251
    • View Profile
Re: Authentication and Web Services
« Reply #4 on: March 01, 2015, 11:39:02 PM »
Hi Ashley,

You could send back the session ID as a field, but it's already being sent back as part of the header (as a cookie). So the client could just parse the header and include the cookie with the next request.
If you are using a NetWebclient then this is a simple property setting;

net.OptionAutoCookie = true

Alternatively you could add a local variable to the RETURNS list (ie on the ReturnsTab) and then in the ServiceMethod routine you could set

SessionID = p_web.SessionID()

Sending as the cookie is best, because that matches up to the way a browser would work - and thus less effort for you, but if they're not sending via a cookie then you need to do what Ura suggested on the way in.

Cheers
Bruce

Cheers
Bruce