How to set variable scope to the browser in asp.net core web api?

Question

User-1134842450 posted

Hi

I want to create variable and make its scope to the browser so every user enter my asp.net core web api through his own browser sets the variable as he needs. i tried to use the static variable but it lives in the scope of the program lifetime and when user sets the variable and other user sets the same variable the previous user sees the value of the variable being set by the other user which is big problem i want every user sets the variable for his own and the variable being reset as he leave the website or close the browser tap or the browser itself.

Iam using asp.net core web api 3.1

Answer 1

User753101303 posted

Hi,

Maybe https://docs.microsoft.com/en-us/aspnet/core/fundamentals/app-state?view=aspnetcore-3.1#session-state or a database?

Beyond your immediate technical need knowing the purpose of this value could perhaps help to suggest alternate approach. You are trying to roll your own authentication?

Answer 2

User-1134842450 posted

The purpose of this value is that i have a asp.net core web api and 2 applications consume this web api one application sets this value and the other application gets this value the other application is standalone application which every user will access the web api will setup this application in his machine so i want this variable to be at the scope of the browser of the user who accessing the web api so the value of the variable be at the scope of this user only and other users dont get affected by this value i tried to use session state but the problem is if one applications set the session state in the web api the other application gets null when accessing this session state.

Answer 3

User753101303 posted

So it is NOT scoped to the browser. Depending on how long you need this it could be stored in a database and cached in memory. Or just a static variable but rather than being a single value it would be for example a dictionary so that you can keep a distinct value for each user.

Answer 4

User-1134842450 posted

Thank you its a good idea that i use dictionary for a static variable but what is the unique value that i can get from the user who enters the web api through browser so that i can put it in dictionary.

Thank you in advance.

Edit: I want this dictionary be volatile as the user closes the browser tap or the browser itself this dictionary value related to this user be erased.

Answer 5

User475983607 posted

Browsers access Web API through JavaScript or a through an MVC/Razor Page whihc in turn calls a Web API endpoint.   It does not make sense for a browser's address bar to contain a Web API URL.  

The easiest method is using a standard authentication cookie.  This approach requires the Web API and Web Application are in the same application.  All of the built-in security works.  Closing the browser expires the cookie If the cookie is not configure to persisted.  This design does not work well if the Web API is shared by other applications.  

A standard shared API approach is using JSON Web Token (JWT)  to pass user information from a client to a Web API endpoint.   JWT is an encoded signed string that contains information about the user making the request.   The secured resource knows how to validate the token and extract the tokens information.  In your scenario, the JWT can cache the "scoped variable" or the JWT can contain a key to get the dictionary value.  The key could be the user's Id for example.  The ASP.NET Core framework comes with libraries for creating and validating JWTs.

The next approach is similar to the first but rather than accessing Web API URLs directly, the requests go to an Action or Razor Page.  The Action or Razor Page calls the API.  In this scenario you can still take advantage of an authentication cookie or use Session to cache the scoped variable.  The Action or Razor Page gets the cached value (Scoped Variable) and passes it to Web API.

Answer 6

User-1134842450 posted

Yeah browser access the web api through angular and the web api and angular are in the same application but there is other application that gets the value that angular sets i want to allow anonymous users to pass the variable not authenticated users only i just want to get unique information related to the machine thats entering the website and pass the variable to the web api with this unique information and the other application that is in client machine gets this information and use it i wish to get the machine name of the user entering my website but i don't know if it is possible.

Answer 7

User-474980206 posted

The closest you can get is stroking a unique identifier in local storage on the browser. This identifier will be tried to the browser and website. As long as all applications share the same domain name they can share the same local storage. 

you could also use a non expiring cookie.

Answer 8

User753101303 posted

And if you still need further help i meant really the final goal regardless of any technical consideration ie something like :

"I want to show on my internal B web site in nearly real time how many users are currently browsing my public A site."

not "I want to pass a variable from one site to another etc..." or "I wish to get the machine name" which is still a description of how you are trying to achieve your unknow goal.

Answer 9

User-1134842450 posted

I found that the closest approch is to use a static dictionary and put key for every user enters my website i don't want to save anything in the cookies or browser i want everything be volatile when the user exits the website this static dictionary related to him be erased now my problem is to get a unique key that identifies the user and how to detect if browser tap or browser itself is closed in angular or asp.net core.

Answer 10

User-1134842450 posted

The website is not published yet its on my local machine every thing is on my machine the angular and web api and the applications that the client will install and its only one website the angular and web api compined together as one application and the other application the client will install on his machine and i don't want to get the count of users entering my website I am only want to get the identifier for this user so the static variable will be unique to this user.

I think my goal is clear there is application on the client speaking to the web api sending and getting informations from the web api the problem as i descriped is if two users use this website the information get shared between them the applications thats on the user machine get manipulated by the other user and vice versa what i want is that application be unique to the user that entering the website.

Answer 11

User475983607 posted

algebgeo

I found that the closest approch is to use a static dictionary and put key for every user enters my website i don't want to save anything in the cookies or browser i want everything be volatile when the user exits the website this static dictionary related to him be erased now my problem is to get a unique key that identifies the user and how to detect if browser tap or browser itself is closed in angular or asp.net core.

You misunderstand.  The client must cache data in order to identify itself.  A session cookie is a good option as the cookie expires when the browser is closed.  The application should be designed to handler multiple tabs gracefully. User should be able to open and close tabs without causing problems.

I think my goal is clear there is application on the client speaking to the web api sending and getting informations from the web api the problem as i descriped is if two users use this website the information get shared between them the applications thats on the user machine get manipulated by the other user and vice versa what i want is that application be unique to the user that entering the website.

You have to understand that this problem has been solved.  The standard is a login that returns an authentication cookie to the browser.

Answer 12

User-1134842450 posted

I get you but the variable is not important to keep it is only a state of condition the actions that user make in the website that being read by the application thats on the user machine. the problem of using cookies it willnot solve the problem if the user closed the browser and the cookies expires the dictionary that holds his values willnot be erased in the web api so i want to detect tap or browser closing to erase this value.

public static Dictionary<string, CameraHandles> UserDict = new Dictionary<string, CameraHandles>();

        [HttpPost("check")]
        public void PostCheck([FromBody]int[] isRunning)
        {
            if (!UserDict.ContainsKey(Request.HttpContext.Connection.LocalIpAddress.ToString()))
                UserDict.Add(Request.HttpContext.Connection.LocalIpAddress.ToString(), new CameraHandles() { IsRunnig = isRunning });
            else
                UserDict[Request.HttpContext.Connection.LocalIpAddress.ToString()].IsRunnig = isRunning;
        }

        [HttpGet("check")]
        public int[] GetCheck()
        {
            return UserDict.GetValueOrDefault(Request.HttpContext.Connection.LocalIpAddress.ToString()).IsRunnig;
        }

Iam using Request.HttpContext.Connection.LocalIpAddress to identify the user entering the website i don't know if this is right or not but i am open to other solutions.

Answer 13

User475983607 posted

Oh I see.  The code will not work on a remote web server.  

Answer 14

User-1134842450 posted

Yeah and i cannot authenticate user for only sending a variable that is not related to the user information or important to keep and this variable keep changing it indicates the user actions on the website. Iam open to any idea or solution to get user identifier better than this because as you said it willnot work at all once published.

Answer 15

User753101303 posted

algebgeo

I think my goal is clear there is application on the client speaking to the web api sending and getting informations from the web api the problem as i descriped is if two users use this website the information get shared between them the applications thats on the user machine get manipulated by the other user and vice versa what i want is that application be unique to the user that entering the website.

This is still a technical description of how you try to solve your problem. I meant really a description someone not knowing about programming would do ie something such as :

"I  have a web site A and want to keep track of users to show on some other site B how many users are currently browsing my site"

Edit: for now it seems you want to track events on a web site ? You could reigister the sessionid, event description, event datetime in a list and then  the other api will jusrt read this possibly filtering out outdated events.

I would not try to detect closing the browser (a user could have left anyway your site in a tab since yesterday and still not use it any more). You also have things like Google Analytics or Application Insiights that allows to track events to see how users are browsing your site.

Answer 16

User-474980206 posted

there is no notification if the user closes the browser, or just navigates to a different site. the closest you can come, is expiration time on the id, and have the app poll sending the id to update the expiration.

the ipaddress will work for a local network, but not on the internet. on the internet most users are behind a shared nat transalated ipaddress. (for example everyone from an office typically will have the same ipaddress).

 

Answer 17

User-1134842450 posted

PatriceSc

This is still a technical description of how you try to solve your problem. I meant really a description someone not knowing about programming would do ie something such as :

"I  have a web site A and want to keep track of users to show on some other site B how many users are currently browsing my site"

Edit: for now it seems you want to track events on a web site ? You could reigister the sessionid, event description, event datetime in a list and then  the other api will jusrt read this possibly filtering out outdated events.

I would not try to detect closing the browser (a user could have left anyway your site in a tab since yesterday and still not use it any more). You also have things like Google Analytics or Application Insiights that allows to track events to see how users are browsing your site.

Sorry for my bad questions Iam really new to asking questions its my third question on this forum and on any forums.

Yeah maybe the solution is to use sessions but when i used the sessions i found out that the sessionId is changing on every request to the web api. I want something simple it is just a variable being sent from web api to the client application this variable opens or close a device on the client machine. i just want a simple approch to make this variable unique to aspecfic user.

Answer 18

User753101303 posted

Still a bit hard to get if you want to track a single browsing session on your site or multiple sessions from the same computer (it won't be really the user itself). Also "this variable opens or close a device on the client machine"  seems something that won"t work ???

Edit: ah got it, you are the guy which tries something unclear with a camera and apparently being sure that https://en.wikipedia.org/wiki/IP_camera or controlling the camera from the browser won't work.

As it seems you don"t even have authentication I'm not sure how you could know which camera should be turned on. This is for home monitoring ie the user installed something at home and you want to show turn the home camera on or off when the user is connected to your web site ???

Exactly as someone hiring a developer have to explain what he wants, it is easier to help if we know what you are trying to do and we have gone thorugh twenty or more posts still without a clear understanding of what you are trying to do or if it is even just possible.

The camera you are trying to switch on is really not tthe webcam found on the computer who is browsing your web site ???

For example if https://jsfiddle.net/417dc9ug/ shows a "videoinput" device you could use the webcam to capture a video.

Answer 19

User-1134842450 posted

Yeah its me who wants to use the camera on web app i listen to your advise and made a program as service and the problem appeared as i descriped the problem can be simplified as if two clients and one server and the two clients want to share variable between each other at the server.