web api, how to login correctly?

Question

web api, how to login correctly?

Navigation

#1 by (1 votes)

0

I'm developing an application that is a shortened version of a web system, this system was developed in PHP. For the application, I am developing in xamarin forms, however via web api I am trying to make the login screen, but when entering any login or password it is logging in, and this could not happen, it should log in only when entering user data saved in the database. Below my code:

LoginPage.xaml.cs

public partial class LoginPage : TabbedPage
    {

        public LoginPage()
        {
            InitializeComponent();
            NavigationPage.SetHasNavigationBar(this, false);

        }

        protected async void BtnLogin_Clicked(object sender, EventArgs e)
        {
            if (string.IsNullOrEmpty(emailEntry.Text))
            {
                await DisplayAlert("Erro", "Digite um nome de usuário válido", "Aceitar");
                emailEntry.Focus();
                return;
            }
            if (string.IsNullOrEmpty(senhaEntry.Text))
            {
                await DisplayAlert("Erro", "Digite uma senha", "Aceitar");
                emailEntry.Focus();
                return;
            }
            this.logar();


            App.Current.MainPage = new MainPageRoot();
        }

        private async void logar()
        {
            waitActivityIndicator.IsRunning = true;
            var loginRequest = new LoginRequest
            {
                Usuario = emailEntry.Text,
                Senha = senhaEntry.Text,
            };
            var JsonRequest = JsonConvert.SerializeObject(loginRequest);
            var httpContent = new StringContent(JsonRequest);
            var resp = string.Empty;

            try
            {
                var client = new HttpClient();
                client.BaseAddress = new Uri("http://ativoproject.ebasesistemas.com.br");
                var url = "http://ativoproject.ebasesistemas.com.br/login.php";
                var result = await client.PostAsync(url, httpContent);

                if (!result.IsSuccessStatusCode)
                {
                    await DisplayAlert("Erro", "Usuario ou senha incorretos", "Aceitar");
                    waitActivityIndicator.IsRunning = false;
                    return;
                }

                resp = await result.Content.ReadAsStringAsync();
            }
            catch (Exception ex)
            {
                await DisplayAlert("Erro", ex.Message, "Aceitar");
                waitActivityIndicator.IsRunning = false;
                return;

            }

            var user = JsonConvert.DeserializeObject<Colaborador>(resp);
            waitActivityIndicator.IsRunning = false;
            await DisplayAlert("Bem vindo","vc esta logado", "Aceitar");
        }
    }

Contributor.cs

 public class Colaborador
    {
        public int ColaboradorID { get; set; }

        public string Nome { get; set; }

        public string UserName { get; set; }

        public string Password { get; set; }

        public bool Inativo { get; set; }
    }

LoginRequest.cs

class LoginRequest
    {
        public string Usuario { get; set; }
        public string Senha { get; set; }
    }

And this is the system link on the web: link

api web-service xamarin-forms

asked by anonymous 14.02.2018 / 20:07

1 answer

Simulate event click tag list Span Remove posts from category specific wordpress

score 1 · Accepted Answer

Generally, the property tested on result.IsSuccessStatusCode actually refers to the communication itself, whether or not the request was successful.

If it fails, you need to inform the user that you can not communicate with the server. But if you were able to communicate with the server (as appears to be the case), you need to do a second verification step by analyzing the content of the response, which would be signaled by authentication or not (via message or a code) according to your rules (and the API agreement you are consuming) stating whether or not the authentication was done.

This information should be available in the result.Content.Result property.

In your case, you are deserializing to an object of type Colaborador in var user = JsonConvert.DeserializeObject<Colaborador>(resp); . It is probably a strategy where you consider success if a Colaborador is valid, and if it does not, it means that you did not authenticate (but you also do not know the reason, it may be the wrong password, it could be that the user is blocked, the user does not exist ...).

I suggest you consult your api contract or debug the result of this return property for some scenarios to learn how to handle.

I hope this helps.