locked
Directions for building a distributed infrastructure including WP clients RRS feed

  • General discussion

  • Hi group, I'm sorry to post such a wide-range question, but I cannot find clear guidelines, and I must make some choices for my WP-related projects.

    I have to implement this scenario:

    • a server-side set of functions, exposed both as an (Azure-hosted) MVC4 web application AND as a set of WebApi actions. Some of these functions must be restricted to authenticated users.
    • a number of different clients, like: WP application, which should access the WebApi by providing the WP app user credentials; JavaScript clients in single page web apps, typically calling the server via jQuery ajax; browser extensions, like Chrome, which can be assimilated to the previous apps; WinRT and/or WPF desktop applications.
    • we would like to adopt Windows Identity Foundation and claims-based authentication, thus moving the authentication stuff out of our business and relying to 3rd party IPs like Hotmail or Google. Yet, we will use the authentication data provided by these IPs as the basis for our internal-use database with all the details for authorization. The user logs in using his preferred IP, and we simply associate the provided user identity with a set of authorization data used for our purposes.

    In previous projects I just used role-based authentication provided by the ASP.NET infrastructure, with HTTP(S) basic authentication and JavaScript clients. Now the problem is we have to enable cross-domain calls to my WebApi, for all the clients listed above, and we would like to know which is the suggested way for implementing all this using the MS stack at least for the server part. We suppose there should be some guidelines at least for a unified approach for WinRT, WinPhone and WPF clients against MVC and WebApi services, including cross-domain calls, Azure ACS and non-MS clients, JavaScript-based, but I'd like up-to-date suggestions about this.

    I know of JSONP, but it cannot be used cross-domain; I know of CORS, but it seems a good solution only for the cross-domain issue, implies the use of 3rd party components in the server part (mainly Thinktecture identity), and we would rather be able to authenticate via claims and tokens, externalizing the IP services. As for WIF, most of the samples are not up to date, and refer to WCF rather than WebApi (here too the only resource I found is a Thinktecture component for some flavor of WebApi/WIF). I would like a solution well-integrated with the ASP.NET MVC/WebApi stack, without having to resort to several third-party components, less or more recent and difficult to integrate. What would you suggest?

    Thanks to all!

    Saturday, March 16, 2013 4:29 PM