Requesting a User to Authenticate
Last updated
Last updated
To separate the concerns, your app should not directly deal with user authentication. Rather than that, it should have a view that blends in an authentication view from another app that deals with that.
Below instruction shows how to provide an authentication notice that blends in the authentication form from the app.
When your app decides that the view cannot be presented without authentication, it redirects to its own "Unauthenticated" view.
For example: /your-app/partial/unauthenticated?return_uri={?}
The getURI
is the URI requested in the original GET request.
Then define a new handler for the "Unauthenticated" partial.
The "unauthenticated" view model could be associated with a "Unautheticated.html" which defines a warning message about not being authenticated. The main purpose for this partial is to provide the mapping to the authentication view coming from the app using a predifined token.
It should be mapped to a token userform-return
, which is understood in other apps
This message should be defined inside "Unauthenticated.Html" file which has to be set as the Html
property for "unauthenticated" partial view.
That view is clever! Depending on SignInFormAsFullPage
setting it will decide whether to display the login form right in this view, or redirect to a standalone page that only has the login form.
If app is not running, the user will only get a message about not being authenticated.
But if app is running, it shows its own view blended with the "Unauthenticated" warning message from the "Unauthenticated.Html" file.
You can have other apps than that do something in this view, but they will be competing for attention.
After successful log in, app redirects back to the return_uri
in your app, so you can present to originally requested view.