Development on Various Platforms
12.6K views | +2 today
Follow
Development on Various Platforms
Your new post is loading...
Your new post is loading...
Rescooped by Ertunç Efeoğlu from JavaScript for Line of Business Applications
Scoop.it!

End to end web app with Django-Rest-Framework & AngularJS [Part 3 ]

End to end web app with Django-Rest-Framework & AngularJS [Part 3 ] | Development on Various Platforms | Scoop.it

In the 2 previous posts we built a backend API with DRF and a client with AngularJs.
In this part, we will add authentication and permission to our app. We will add some restrictions on who can edit and delete posts.

* Authenticated users can create blog posts
* Posts are tied to their author (edit/delete permissions)
* Posts are read only for unauthenticated users

 

 

A REST API allows your users to interact with your website from anything that can send an HTTP request. In this post we will create a RESTful api in Django using the Django-Rest-Framework. And we will access this api using a client developed under AngularJS.

To utilize the API developed in Django, we are going to use $http & $q services in Angular. The $httpservice is a core Angular service that facilitates communication with the remote HTTP servers via browser’s XMLHttpRequest object or via JSONP. $q is promise implementation that comes with Angular.


Via Jan Hesse
more...
No comment yet.
Rescooped by Ertunç Efeoğlu from JavaScript for Line of Business Applications
Scoop.it!

Simple Signup and Login with Firebase and Knockoutjs

Simple Signup and Login with Firebase and Knockoutjs | Development on Various Platforms | Scoop.it

In this tutorial you will learn how to set up an effective registration and authentication process for your web app using Firebase, knockoutjs and Twitter Bootstrap.... and..... that's it. No backend mysql database, apache web server, ubuntu linux or ruby scripting is required. You just need to know javascript. You don't even need to know nodejs, npm or requirejs. There really is no back end and it is simple to build.

Knockout uses a MVVM (Model-View-ViewModel) pattern. We are starting with the view which is the body of the index.html file. This is quite straight forward. Twitter Bootstrap is called in through the class attribute of our input and div tags to make our page look nice. Knockout is called in through the data-bind attribute of our input tags and buttons. When the user keys in her user name and password, we want this data to go into application memory (the Model of MVC) and then on to the Firebase servers. Our View gives is the basic entry points that are required.

The View Model is the magic wiring between the View and application memory. We need to wire 3 things to start with ...


Via Jan Hesse
more...
No comment yet.
Rescooped by Ertunç Efeoğlu from .Net & Web Development
Scoop.it!

Basic HTTP authentication in ASP.NET Web API using membership provider

Basic HTTP authentication in ASP.NET Web API using membership provider | Development on Various Platforms | Scoop.it

 

In this blog post I am going to show how to provide Basic HTTP authentication in a Web API project by extending framework’s AuthotrizeAttribute.

ASP.NET Web API is a great tool to create lightweight, HTTP-based APIs for your internet and mobile applications. In most scenarios you will need to provide some kind of authentication and authorization mechanism to restrict and isolate resources exposed by your services. Security in ASP.NET Web API is deferred to the hosting infrastructure. When running within IIS, authorization mechanism runs on top of an existing ASP.NET security system, meaning you can leverage existing features like … good ‘ol membership and role providers.

 

 

 

 


Via William delmas
more...
No comment yet.
Rescooped by Ertunç Efeoğlu from JavaScript for Line of Business Applications
Scoop.it!

Django/Ember Authentication is Easy

Django/Ember Authentication is Easy | Development on Various Platforms | Scoop.it

As I’ve previously explained, one of the biggest hurdles to jump when getting started with Ember is authentication. Not anymore! I’ve put together a simple architecture that provides session-based authentication in a relatively small amount of code.

If you Google “Ember authentication” you’ll likely get a handful of SO posts and an even smaller handful of blog posts almost all of which implement some kind of token-based authentication, usually relying on Rails or Node for authentication. This requires you to perform a back-and-forth exchange with the server to authenticate credentials and receive a token. You probably have to store the token in some kind of manually made cookie or local-based storage, and you have to remember to consistently provide the token whenever you access a restricted resource.

Session-based authentication is a lot easier! First, the server-side mechanics for session-based auth are entirely built in to Django. Second, because the majority of the work is done server-side, there is little required of you in Ember. Finally, using session-based auth instead of token-based auth makes SSL a little less of a necessity since you’re not flinging naked tokens around with every request.

REST purists might argue that session-based authentication is technically not “stateless.” The trade-off depends on project requirements and personal preference. For single-page web applications, I can’t think of any practical downsides.

 


Via Jan Hesse
more...
No comment yet.
Rescooped by Ertunç Efeoğlu from JavaScript for Line of Business Applications
Scoop.it!

(better) Authentication in ember.js

(better) Authentication in ember.js | Development on Various Platforms | Scoop.it

The basic approach is still the same as in our initial implementation - we have a /session route in our Rails app that the client POSTs its credentials to and if those are valid gets back an authentication tokentogether with an id that identifies the user’s account on the server side.

This data is stored in a "session" object on the client side (while technically there is no session in this stateless authentication mechanism, I still call it session in absence of an idea for a better name). The authentication token is then sent in a header with every request the client makes.

* The client "session"
* Logging in
* Logging out
* Authenticated routes


Via Jan Hesse
more...
No comment yet.