Authentication of user for offline app

Question

I have simple jQuery Mobile site created using asp.net mvc 2 and uses basic forms authentication to grant access to the site.

The application is a simple work diary that allows a regional manager to view details about the current issues assigned to a regional team.

When a mobile connection is available the app works very well but due to lack of signal we need to investigate the possibility of making the core of the application available offline. I have been researching the possibility of taking the app offline using html 5 but cannot find any information on authenticating users.

The app is very basic and essentially has two different list screens that drill into the job details.

1. Login    
    1.1 Job List    
        2. Job Details

    1.2 Team Diary    
        2. Job Details

I believe that it would be easy enough to create an offline version of the data that would allow browsing of the diary when a connection is not available but I cannot find any information about a site that requires authentication before it gets to the pages that are allowed to be taken offline.

The content is not sensitive data but obviously the client does not want anyone to be able to browse the work diary on what is a public facing website.

What is the preferred way of authenticating users in a site that could potentially be used offline?

Answer 1

I'm retooling an MVC3 site for offline use and I am running into some of the same issues.

One thing you need to watch out for is that the browser attempts to download all the files listed in the cache.manifest immediately. This causes a problem if the user is not logged in yet and you have a classic redirection to a login page if the user is not authenticated. You will need to open up a "static" view of these pages to public access and let your JavaScript determine if the user is logged in or not before attempting to retrieve/send updates. This will allow the static non-content pages to be downloaded by the browser and allow your JavaScript to manage the content as necessary.

My app uses a method borrowed from Jim Lehmer to detect online connectivity.

Once we find we are connected I created a little Action in my Account controller that nicely returns whether the user is authenticated or not:

    public JsonResult IsAuthenticated()
    {
        return Json(new { Request.IsAuthenticated }, JsonRequestBehavior.AllowGet);
    }

Hope that helps!

Answer 2

Ah. I see what you're asking now. I would suggest as follows.

When the user first accesses the application, it checks for existence of local data (the correct local data?), and if that local data exists, then assume the user has access to the system. Now check for an internet connection, if it exists ask for proper credentials, if no connection work offline. Thus they can work happily offline.

Once that user regains a connection to the internet, before syncing local with remote, ask the user for their credentials. In the case that they originally had internet connectivity, the application will no doubt store some token of their proper authentication and can sync without question. Otherwise, ask for a password now.