Home/ Questions/Q 8899061
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T00:45:53+00:00

I have developed a HTML/Jquery Mobile app which works by getting data from a

  • 0

I have developed a HTML/Jquery Mobile app which works by getting data from a REST web service I have written using MVC3. At the moment the service is open and all is well with the world. However I have to implement some kind of authentication to secure the service so I have users sign up via the mobile app. What I intend to do is use the [Authorize] attribute on my Controller or Actions to implement ASP.NET membership etc.
My question the is

  • How do I get the client which communicates via jquery to call this secure service
  • Is ASP.NET membership the best way to go about this or is there some other type of security I could implement

A tutorial or blog with some sample code would suffice and I will do well to post the solution here as soon as I get it right.

Thanks and feel free to ask any questions you might have about this.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Take a look at this Q&A which describes creating a custom AuthorizeAttribute for Web API that also authenticates the user using http basic authentication and grabbing the credentials from the HTTP header. Note that there is a different AuthorizeAttribute for ASP.NET Web API (System.Web.Http.AuthorizeAttribute) as opposed to the one for an MVC controller (System.Web.Mvc.AuthroizeAttribute). They have different behaviors. You do not want a call to a Web API being redirected to a logon page.

    The code on the client side would look something like this to call the REST web service.

       getAuthorizationHeader = function (username, password) {
    var up = $.base64.encode(username + ":" + password);
    authType = "Basic " + up;
    return authType;
   },


    $.ajax({
        url: _url,
        data: _data,
        type: _type,
        beforeSend: function (xhr) {
            xhr.setRequestHeader("Authorization", getAuthorizationHeader(username, password));

        },
        success: ajaxSuccessHandler,
        error: ajaxErrHandler
    });

    The beforeSend event is used to put the credentials in the HTTP header. You still want to use HTTPS/SSL to make this secure. Just encoding the username/password is not enough security.

    • 0