locked
How to share the web session in WinJS.xhr and WebAuthenticationBroker

    Question

  • Is is possible to share the same session between a windows store application (which calls services via WinJS.xhr) and the WebAuthenticationBroker?.

    I have a windows store application (HTML + Javascript) which calls REST services using Winjs.xhr in order to get data. And it also calls an external web service in order to authenticate. This web service implements the oauth2 protocol, so it calls the external webservices first (via WinJS.xhr) , which respond the google or facebook url that after that is used as StartUrl with the WebAuthenticationBroker.authenticateAsync method. The things is that the external webservice store data in the web session to check information at the end of the authentication process (the step in which the endURI of authenticateAsync is reached), but the sessionId in the first call (the one from Winjs.xhr, from the windows store application) is different from the one used in WebAuthenticationBroker (browser application), so the final check fail (it doesn't find the keys in the session because is a new one).

    Is there any way to share the sessionID used in WinJS.xhr and the one used in WebAuthenticationBroker?.

    Any help would be appreciated.


    claudia

    Tuesday, October 30, 2012 11:32 PM

Answers

  • Hi Claudia,

    To share session that means we need to manually hold the cookie returned by the certain HTTP requests and use them for sequential requests. However, so far the WinJS.xhr function (and the underlying XmlHttpRequest component) hasn't provided methods/properties for us to manipulate cookies. Therefore, sharing session is not supported via the WinJS.xhr call.
    As you said that your windows store app will call some REST services to retrieve data (which will redirect to other external services for authentication), then is the REST services also owned by your side (such as some services deployed on Windows Azure cloud service)? If so, I think you might consider encapsulating all the authentication and data retrieving code logic into the REST service's code. Because server-side service are built via standard .NET framework and can leverage richer classes so implement more complicated code. Another idea I can get is to create some custom Windows Runtime components via .NET code, but it would be much more complicated and still the .NET classes supported in Windows Runtime component are limited.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Putting communities in your palms. Launch the browser on your phone now, type aka.ms/msforums and get connected!


    Thursday, November 01, 2012 8:37 AM
    Moderator

All replies

  • Hi Claudia,

    To share session that means we need to manually hold the cookie returned by the certain HTTP requests and use them for sequential requests. However, so far the WinJS.xhr function (and the underlying XmlHttpRequest component) hasn't provided methods/properties for us to manipulate cookies. Therefore, sharing session is not supported via the WinJS.xhr call.
    As you said that your windows store app will call some REST services to retrieve data (which will redirect to other external services for authentication), then is the REST services also owned by your side (such as some services deployed on Windows Azure cloud service)? If so, I think you might consider encapsulating all the authentication and data retrieving code logic into the REST service's code. Because server-side service are built via standard .NET framework and can leverage richer classes so implement more complicated code. Another idea I can get is to create some custom Windows Runtime components via .NET code, but it would be much more complicated and still the .NET classes supported in Windows Runtime component are limited.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. Putting communities in your palms. Launch the browser on your phone now, type aka.ms/msforums and get connected!


    Thursday, November 01, 2012 8:37 AM
    Moderator
  • OK, I will change the rest service that it used in the authentication process so session sharing is not required. Thank you.

    claudia

    Thursday, November 01, 2012 10:23 AM