Note: these tuturials are for WebSync 2 only.
If you are using WebSync 3, you want our WebSync 3 tutorials.
If you are using WebSync 3, you want our WebSync 3 tutorials.
WebSync 2 Tutorials
On-Demand:
Server:
On-Demand: Advanced
Take full control over your data by using private keys in conjunction with a WebSync proxy.
With private keys, you can require that your server be used as the "middle-man" for any relevant
WebSync requests while leaving the heavy-duty lifting for the WebSync servers themselves. This puts
you in the driver's seat for any sort of permissions or access control you may want to implement.
Note that this tutorial is specific to .NET (C#), but the principles are the same for any language.
For PHP, the proxy used in this tutorial is available as part of the
WebSync On-Demand PHP download.
Prerequisites
- You have completed the WebSync On-Demand: Basic tutorial.
- You have completed the WebSync On-Demand: Proxies tutorial.
Configuring your project
Before you can start coding, you need to have the correct project references.
- Add a reference to
FM.WebSync.Core(available as part of the WebSync On-Demand .NET download).
Configuring the client
To start, the client has to send connect requests to the proxy and include some user credentials
for us to authenticate.
-
Modify the HTML page created in the WebSync On-Demand: Basic tutorial.
- Add a
urlproperty to theconnect()call and specify the path to the proxy. - Add an
extproperty to theconnect()call and specify an object withemailandpasswordproperties.
- Add a
client.connect({
...
url: '/RequestProxy.aspx', // your proxy path
ext: {
email: 'jsmith@isp.com',
password: 'websync'
},
...
});
The data in
ext will be available in the proxy for authentication.
Performing authentication in the proxy
Since you already have a proxy up and running, adding authentication is a breeze.
-
Modify the proxy created in the WebSync On-Demand: Proxies tutorial.
- Pass in your private key as the second parameter to
Proxy.Invoke(). - Define an
Extclass for the purpose of deserialization. - Iterate over the messages and check the
extproperty.
- Pass in your private key as the second parameter to
[DataContract]
private class Data
{
[DataMember(Name = "text")]
public string Text { get; set; }
}
[DataContract]
private class Ext
{
[DataMember(Name = "email")]
public string Email { get; set; }
[DataMember(Name = "password")]
public string Password { get; set; }
}
protected void Page_Load(object sender, EventArgs e)
{
ProxyCallback callback = new ProxyCallback((args) =>
{
foreach (Message message in args.Messages)
{
if (message.IsPublish()) // type detection
{
// deserialize, modify, then reserialize the data
Data data = JSON.Deserialize<Data>(message.Data);
data.Text = data.Text.ToUpperInvariant();
message.Data = JSON.Serialize(data);
}
if (message.IsConnect()) // type detection
{
// check for null credentials
if (string.IsNullOrEmpty(message.Ext))
{
message.Successful = false;
message.Error = "No user credentials supplied.";
continue;
}
// deserialize credentials
Ext ext = JSON.Deserialize<Ext>(message.Ext);
// verify password
if (ext.Password != "websync")
{
message.Successful = false;
message.Error = "Invalid password.";
}
}
}
});
Proxy.Invoke(
callback,
"22222222-2222-2222-2222-222222222222" // your private key
);
}
Any requests that go through this proxy will now undergo verification that
the supplied password equals "websync". This is trival, of course. In a real
scenario, you would likely load up a user record based on the email and check
the individual password.
Configuring your domain
There is one final step, and that is to lock down any connect requests that slip
around your proxy.
- Visit the Portal and opt to require the private key for connect requests.
Only requests that use your private key (i.e. through your proxy) will now be allowed.
Testing
Open the page in a few browsers. Try changing the client password and refreshing the page to see
the access denied.