Windows phone BackgroundTransferRequest with authentication

StackOverflow https://stackoverflow.com/questions/20996708

Pergunta

I want to use BackgroundTransferRequest object to download some large documents but I can't find out how to put credentials like username and password to access the documents. I have ASP.NET MVC 3 controller which give me documents.

Foi útil?

Solução

You should be able to use basic HTTP auth. I don't have much experience with BackgroundTransferRequest object, but it looks like it allows you to set request headers. So, for basic http auth you need to add a header "Authorization: Basic xxxxx" where xxxxx is base64 encoded userid:password. You obviously would have to configure IIS to use basic auth with your MVC app

Sending credentials in the URL is a very bad idea, because they are passed in clear text. Every piece of infrastructure between the phone and web server will see and log your credentials. There is a good chance these web logs will end up indexed by Google. Sending password in the header is protected by SSL, assuming you are using it.

Even sending the password in the header not ideal, since you'll have to store the credentials on the phone somewhere. If the phone is not trusted, you are asking for problems down the road.

Outras dicas

You can only download data that can be aquired using a GET request. The only way of proividing some "security" would be making the server to accept username and password in URL as GET parameters.

Licenciado em: CC-BY-SA com atribuição
Não afiliado a StackOverflow
scroll top