WebSync Tutorials - Frozen Mountain

WebSync 3 Tutorials


WebSync On-Demand Tutorials WebSync Server Tutorials
Basic
Subscribers
Proxies
Publishers
Advanced
Basic
Subscribers
Events
Advanced

WebSync On-Demand: Advanced

Take full control over your data with private keys and proxies. With private keys, you can require that your proxy be used as the "middle-man" for WebSync requests, putting you in the driver's seat for any sort of permissions or access control you may want to implement.

Prerequisites

  1. You have completed the WebSync On-Demand: Basic tutorial.
  2. You have completed the WebSync On-Demand: Proxies tutorial.

Configuring your project

Before you can start coding, you need to have the correct project references.

  1. FM.WebSync.Core (available as part of the WebSync On-Demand SDK)
  2. FM.WebSync.Core.Json (available in the WebSync On-Demand SDK)
  3. System.Runtime.Serialization (part of the .NET framework)

Configuring the client

The client connect calls have to be modified so they target the proxy and include some user credentials for us to authenticate. Before sending credentials over the wire in a production environment, be sure to set up SSL/HTTPS. 

client.connect({
    requestUrl: '/myproxy.aspx', // your proxy path
    meta: {
        username: 'johndoe', // fake user credentials for
        password: 'password' // us to authenticate
    },
    ...
});

Performing authentication in the proxy

Copy the proxy from the WebSync On-Demand: Proxies tutorial and modify the OnBeforeProxy code. 

[DataContract]
private class Credentials
{
    [DataMember(Name = "username")]
    public string Username { get; set; }
    
    [DataMember(Name = "password")]
    public string Password { get; set; }
}

protected void Page_Load(object sender, EventArgs e)
{
    Proxy.Invoke(new ProxyInvokeArgs()
    {
        DomainKey = "22222222-2222-2222-2222-222222222222" // your *private* key
        OnBeforeProxy = (args) =>
        {
            foreach (Message message in args.Messages)
            {
                if (message.IsConnect())
                {
                    // check for null credentials
                    if (string.IsNullOrEmpty(message.MetaJson))
                    {
                        message.Successful = false;
                        message.Error = "No user credentials supplied.";
                    }
                    else
                    {
                        // deserialize credentials
                        Credentials credentials = JSON.Deserialize<Credentials>(message.MetaJson);

                        // verify credentials (this could be replaced with a database query)
                        if (credentials.Username != "johndoe" || credentials.Password != "password")
                        {
                            message.Successful = false;
                            message.Error = "Invalid credentials.";
                        }
                    }
                }
            }
        }
    });
}

Any connect requests that go through this proxy will now undergo contrived credential verification. (In the real-world, the credentials would be checked against a database and not hardcoded.)

Configuring your domain

There is one final step - locking down any connect requests that might try to slip around your proxy. This prevents anyone from connecting without using your proxy first.

  1. Visit the Portal and opt to require the private key for connect requests.

Now only requests that use your private key (i.e. through your proxy) will be allowed.

Testing

Open the page in a few browsers. Try changing the client password and refreshing the page to see the access denied.