[arvados-dev] API Authentication Options from C#

Tom Clegg tom at curoverse.com
Tue Jul 18 16:22:06 EDT 2017 

Hi Thomas,

Your application can give the user a link/redirect to a URL like this:

https://your-apiserver-host/login?return_to=https://your-application-host/any/desired/path

(Of course the "return_to" value should be suitably escaped.)

After a successful login, the user will be redirected to
https://your-application-host/any/desired/path?api_token=X, where X is
of course the newly issued token, and your application can take it
from there -- typically saving X in a session store and redirecting to
a cleaned URL so the api_token doesn't remain in the browser's
Location bar.

This is the same procedure Arvados Workbench uses, so it might be
helpful to refer to the Workbench code as examples. Here are some of
the relevant bits.

https://github.com/curoverse/arvados/blob/master/apps/workbench/app/controllers/application_controller.rb#L511

https://github.com/curoverse/arvados/blob/master/apps/workbench/app/models/arvados_api_client.rb#L232-L244

https://github.com/curoverse/arvados/blob/master/apps/workbench/app/controllers/application_controller.rb#L586-L597

--
Tom Clegg
Chief Architect
Curoverse


On Tue, Jul 18, 2017 at 3:52 AM, Albrecht, Tom <tom.albrecht at roche.com> wrote:
> Hi,
>
> I hope you point me in a direction to achieve an elegant authentication for
> my Arvados API application.
>
> I am developing a plugin for a third-party software to download data from
> our Arvados server. The software dictates the language and platform: C# /
> .net and Windows. I managed to access the data using .net's
> System.Net.HttpWebRequest class. What remains to be done is implementing an
> elegant authentication.
>
> As a workaround, I logged into the Arvados Workbench using my browser and
> copy-pasted the authentication token into my application. This works but is
> not as user-friendly as I would like it to be. So my question is how to
> achieve the authentication more elegantly without a web browser, for
> instance by passing username and password to the API up front or using some
> kind of single sign-on functionality available in .net.
>
> Do you have any suggestions?
>
> Best regards
>
> Thomas
>
>
> _______________________________________________
> arvados-dev mailing list
> arvados-dev at arvados.org
> http://lists.arvados.org/mailman/listinfo/arvados-dev
>

More information about the arvados-dev mailing list