By Daniel Du
In previous post, I introduced a new API to enable publishers to check the entitlement with user’s userid and appId. For a web service, the easiest way is to ask users login your web service with Autodesk ID, you do not need to maintain your own user system. As described in previous post, you need to specify “Sign in with Autodesk account” when publishing your web service on Autodesk Exchange.
Now let’s create an example web service, which enable users login with their Autodesk ID and check whether he has entitlement to use this web service. In this sample I will use ASP.NET MVC to create my web service. To enable user login with Autodesk ID, I need to use OAuth, please refer to this sample on github for the details. If you have not read this sample, I would suggest you to stop here and download the sample and run it at your side first.
In this sample, let’s move on, when Authentication is successful, we can get the user’s userID, and then we can check his entitlement with APIs as we introduced in previous post.
public ActionResult AuthenticationSucceed(OAuthResult result)
{
//ViewBag.userId = result.oauth_user_guid;
//return View(result);
return RedirectToAction("CheckEntitlement", "License", result);
}
Now let’s look at the CheckEntitiement action of License control:
public ActionResult CheckEntitlement(OAuthResult result)
{
//get the appId from web.config
string appId = ConfigurationManager.AppSettings["thisAppId"] == null
? ""
: ConfigurationManager.AppSettings["thisAppId"];
bool entitled = IsEntitledUser(result.oauth_user_guid, appId);
if (entitled)
{
ViewBag.Message = "you are entitled to use this app.";
UserInfo usrInfo = new UserInfo();
usrInfo.IsLoggedIn = true;
usrInfo.UserType = LoginType.AutodeskId;
usrInfo.UserId = result.oauth_user_guid;
usrInfo.UserName = result.oauth_user_name;
return RedirectToAction("index", "Home", usrInfo);
}
else
{
ViewBag.Message = "you are not entitled to use this app. " +
"please buy it from Autodesk Exchange store.";
}
return View();
}
private bool IsEntitledUser(string userId, string appId)
{
RestClient client = new RestClient(Constants.AUTODESK_EXCHANGE_URL);
RestRequest req = new RestRequest(Constants.CHECK_ENTITLEMENT_ENDPOINT);
req.Method = Method.GET;
req.AddParameter("userid", userId);
req.AddParameter("appid", appId);
IRestResponse<EntitlementResult> resp= client.Execute<EntitlementResult>(req);
if (resp.Data != null && resp.Data.IsValid)
{
return true;
}
else
{
return false;
}
}
public const string AUTODESK_EXCHANGE_URL = "https://apps.exchange.autodesk.com";
public const string CHECK_ENTITLEMENT_ENDPOINT = "webservices/checkentitlement";
And here are some model classes you may need to run this code snippet in your project:
namespace DummyService.Models
{
public class OAuthResult
{
public string AccessToken { get; set; }
public string AccessTokenSecret { get; set; }
public string oauth_user_name { get; set; }
public string oauth_user_guid { get; set; }
public string scope { get; set; }
public string oauth_problem { get; set; }
public string oauth_error_message { get; set; }
public string sessionHandle { get; set; }
}
public class EntitlementResult
{
public string UserId { get; set; }
public string AppId { get; set; }
public bool IsValid { get; set; }
public string Message { get; set; }
}
public enum LoginType
{
AutodeskId,
CustomerUserId
}
public class UserInfo
{
public LoginType UserType { get; set; }
public string UserId { get; set; }
public string UserName { get; set; }
public bool IsLoggedIn { get; set; }
}
}
With this code snippet, we can check user’s entitlement after he logged in with Autodesk account, you can check user’s entitlement periodically or even check for entitlement for every single web service call if you prefer a strict license protection. Hope it is helpful for you. All source code has been posted to github.
Comments
You can follow this conversation by subscribing to the comment feed for this post.