Sunday, November 22, 2009
Secure Login to an API from Windows 7 Gadget
Recently I got an email from a reader asking for advice on login and session management with multiple html pages in a Windows 7 Gadget. Here is the problem and the workaround.
I'm trying to build a gadget which logs on the a HTTPS server and retrieves & shows data. I am trying to post login credentials to a server, but get an error 'access denied'.However, it is possible to change the settings of IE to allow cross-domain data access.But that's not ideal, users would need to change there settins which could be complex for them. I am wondering if there are alternate options for login, maybe you know any. Using a website instead of posting/retrieving data via an API might be a solution. It is way we can facilitate a secure login via HTTPS and show data (and stay in control). Also I was wondering if you there are ways to encrypt data within a Gadget. I believe this is not ideal, since a gadget can easily be reverse engineered.
Cross domain access is allowed in the Gadget, and you can create a REST based API (similar to Facebook/last.fm/flickr) for login to it. There are some javascript libraries which can be used for encryption, The best way would be to create a COM object in C++ or VB and let that handle the login/ encryption (see chapter 9 with MRU example ) part.
If you are creating your next windows 7 gadget and come across any problem, send me an email I would be happy to help.
Check out: The Best Windows Vista Tips and Tricks!
I'm trying to build a gadget which logs on the a HTTPS server and retrieves & shows data. I am trying to post login credentials to a server, but get an error 'access denied'.However, it is possible to change the settings of IE to allow cross-domain data access.But that's not ideal, users would need to change there settins which could be complex for them. I am wondering if there are alternate options for login, maybe you know any. Using a website instead of posting/retrieving data via an API might be a solution. It is way we can facilitate a secure login via HTTPS and show data (and stay in control). Also I was wondering if you there are ways to encrypt data within a Gadget. I believe this is not ideal, since a gadget can easily be reverse engineered.
The Possible Workaround
Cross domain access is allowed in the Gadget, and you can create a REST based API (similar to Facebook/last.fm/flickr) for login to it. There are some javascript libraries which can be used for encryption, The best way would be to create a COM object in C++ or VB and let that handle the login/ encryption (see chapter 9 with MRU example ) part.
If you are creating your next windows 7 gadget and come across any problem, send me an email I would be happy to help.
Labels: gadget, user query, windows 7
