C# Web-Based Application Example

At a minimum, any web applications that you want to integrate with BarTender Cloud must provide support for users to sign in and sign out. This topic demonstrates how to make the necessary changes to a sample generic C# application (called "CodeFlow") to support sign-in and sign-out operations and interact directly with BarTender Cloud, and it provides code snippets that demonstrate how to connect to endpoints for the Librarian API. These changes enable the application to support authentication and the identity provider that is responsible for creating your access token.

The goal of this example is to help you successfully use your own web application to authenticate and make a call to the BarTender Cloud REST API.

The CodeFlow application is a generic C# web application that was configured to interact with the BarTender Cloud REST API. This model-view-controller (MVC) sample application was built using Microsoft Visual Studio 2022 and .NET Core 8.0.

When you decompress this file, you will find a standard MVC web application. After you open the solution file in Visual Studio, you can compile and run it to confirm that everything is working.

ClosedExample Requirements

To use this example, the following actions are required: 

  • Have Microsoft Visual Studio 2022 and .NET Core 8.0 installed.

  • Download the CodeFlow sample application project from the following web page:

    https://help.seagullscientific.com/BarTenderCloud/Content/Samples/CSharpSampleApplication/CodeFlow.zip

  • Register the application with BarTender Cloud and have access to your application ID and secret. For more information about how to register the application, refer to Authentication.

    For the purposes of this example, specify the following registration parameters: 

    • Login URI: https://localhost:44200

    • Callback List: https://localhost:44200, https://localhost:44200/callback

    • Logout URLs: https://localhost:44200/logout

ClosedUpdate the appsettings.json File

The CodeFlow project’s appsettings.json file must be updated so that it can provide the information that is needed when the web application and its users are authenticated.

To do this, copy the following lines of code, and then update the ClientID and ClientSecret values with the values that you received when you registered the application with BarTender Cloud.

Copy 
  "BarTenderCloudCluster": "https://am1.bartendercloud.com",
                    "ClientId": "<your client id goes here>",
                    "ClientSecret": "<your client secret goes here>",
                    "Audience": "https://BarTenderCloudServiceApi",
                

Note:  "BarTenderCloudCluster" refers to the specific regional BarTender Cloud data center that the web service will interact with. Possible values include but are not limited to the following:

  • https://auth.am1.bartendercloud.com/.well-known/openid-configuration

  • https://auth.eu1.bartendercloud.com/.well-known/openid-configuration

  • https://auth.ap1.bartendercloud.com/.well-known/openid-configuration

Paste the updated lines of code into the appsettings.json file as shown.

The ClientID and ClientSecret values are read by the startup.cs file when it configures your service.

The BarTenderCloudCluster value informs code in startup.cs of the internet location that can provide additional configuration information that is used by the application.

The Audience value identifies the suite of APIs with which is application is expected to interact.

ClosedImportant Terms and Definitions

The following terms are used throughout the example:

  • Audience: The determiner of the target interfaces of the access token. An analogy might be that the access token is your company ID badge. The audience that is embedded within the token determines which doors you can open.

  • Authorization server: A web service that is responsible for authenticating a user when they sign in and for issuing a secure Java Web Token in response.

  • ClientID: A unique identifier for your web application that is used with the authorization server to differentiate one application from another. It is important to not disclose this value publicly.

  • ClientSecret: A long unique string that is used to prove ownership of the ClientID. As with the ClientID, the value should not be shared publicly. Together with the ClientID, the ClientSecret allows your web application to share information securely with the authorization server.

  • Java Web Token (JWT): A signed object that represents an access token. When a user successfully signs in to BarTender Cloud, an access token is created. A web application provides this token when it tries to make a REST call to a BarTender Cloud API. Services that implement the BarTender Cloud API leverage this access token to identify the user on whose behalf an API is being called.

ClosedBackground Reading

Authentication within BarTender Cloud is provided by using the OAuth protocol together with OpenID Connect (OIDC). For more information about these technologies, visit the following web page:

https://developer.okta.com/blog/2019/10/21/illustrated-guide-to-oauth-and-oidc