I am developing a web application using MVC 5, C#. This is a SaaS application where each company has its unique URL at signup and that URL will become the link to its own portal where its members or customers can go to sign up, login and much more. I would like to be able to give those companies the ability to do Custom Domain Mapping where they can use their own existing domain in lieu of their automatically generated portal URL. All my research has been unsuccessful so far, even though I know applications that have those capabilities.
Please, help with any idea on how I can approach this.
Related
I would like to write a SPA application in React that will communicate with the .net core API.
I think it would be easier to have two separate projects (API + UI) on different domains.
API should be protected, that only authenticated users could make requests.
In react i'd like to have login and registration forms that will allow me to register and login users, and also I would like to have social providers. I would like to create whole UI for managing users in react SPA, and saving this data using API.
I did a lot of research, and I'm a little confused.
I would really like to use Core Identity because it simply looks like made for it
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-5.0
it has a ready to go model of Users, Claims, Roles etc.
it has built in services for managing passwords, users, roles etc
it has features to customize authentication schemes, policies, roles etc,
there are lot of reasons why i think this is a good solution.
Unfortunatelly, on the documentation site there is an information that for SPA integration it works combined with Identity Server.
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-5.0
Last year I went throug every episode of this tutorial https://www.youtube.com/watch?v=Fhfvbl_KbWo&ab_channel=RawCodingRawCoding (btw. great tutorial), and I'm pretty sure, that I don't want to use Identity Server 4 for this scenario. As far as I know - this is the best solution when you want to have SSO for multiple applications, and you would like to provide one common way to authenticate user for all of it. And it has it's own UI for managing user registration, login and managing. This is not what I need - I just want to have it all written in React, cause I want all application to have the same mui theme without redirects to Identity Server.
But maybe I'm wrong, and Identity Server will work for me. But I found it to be quite lot of work to provide my own UI rather than MVC
(https://medium.com/#piotrkarpaa/using-spa-react-angular-ui-with-identity-server-4-dc1f57e90b2c)
For now I think, that I should use Identity Core on the backend, and communicate with it from React SPA with custom controllers like in here:
https://www.c-sharpcorner.com/article/authentication-and-authorization-in-asp-net-core-web-api-with-json-web-tokens/
Authenticating React SPA with API with JWT token - I think that this will work according to this example:
https://www.youtube.com/watch?v=FSUa8Vd-td0&ab_channel=Geek%27sLesson - but in here this is without Identity Core.
But I'm not sure that this is the best approach, and I don't know if I will be able to add Social Providers this way.
Also, I found serveral tutorials how to comine React App with .net core backend (and authentication) like this one:
https://www.red-gate.com/simple-talk/development/dotnet-development/integrate-create-react-app-with-net-core-5/
but I would like to have two separate applications, API and UI.
What is the best approach to achieve this goal?
EDIT:
Few months later, I already have SPA application, API and IS4. There is lot of problems to make Identity Server views (registration, login etc) look similar to SPA Application. (React app in MUI, MVC with bootstrap... ).
Now I think it was a bad decision, causing lot of problems:
2 way integration of users from API and Identity Server 4
changes in SPA layout, styles, colors - it all needs to be maintened on Identity Server 4 too
Bad user expirience - editing user profile on another application, on another domain with slightly different styles
Now I'm about to rewrite application, not to use Identity Server 4. Components for registration, login and editing user profile will be in SPA application, maintaining users will be done using API.
The only think I do not know is how can I use social providers with this aproach?
My question is still remaining without answer, can someone help me with providing proper solution?
Finally I found proper solution for me:
https://mahdikarimipour.com/blog/google-auth-for-react-with-aspnet-identity
thank you for your post: Mahdi Karimipour
I could really use some help. I'm newer to C# and ASP.Net MVC 5. I currently have an internal website that I've build that will run on IIS. The final component I need to work out is authorization. This has been surprisingly hard to find. The biggest issue I have found is that Microsoft has changed the way to handle this multiple times. It appears to me that membership, universal membership, and simple membership are no longer used and the way to do things now is with Identity. As I didn't know what I was looking for at first I looked into all of these at least some as I was under the impression that identity was a .Net Core thing. All of the blog posts and tutorials seems to deal with outside web sites that the user would log into. That isn't what I need. Also, most of the answers are really old, so I'm not sure if this is the modern way of doing things.
My shop currently uses ASP.NET MVC 5 (not core) and we have on premise active directory (AD). What I want to accomplish is to have all AD users have access to the site. Then have a page where I can grant select users admin privileges so they can manage their staff. I'm currently using a code first approach with Entity framework, which I'm also new to. I had planned to use the [Authorize] attribute to accomplish this, but again, I'm a bit lost in what I need to do to hook this all up.
So my questions is: Using code first with Entity Framework, how can I use AD for my authentication and Identity for my authorization when my site will run on IIS? Also, should I be using Identity?
My roles will be pretty simple. Probably Admin and Manager. Admin will have access over everything, Manager will have access over there section.
Any help is greatly appreciated. Thank you.
I'm having an issue with a website plus API I'm writing. These are in the same project, if that matters.
Reduced to its simplest form, it's a catalogue website and API. You have products in a database and pages which display product information. You also have other pages which allow editing this information and adding new products, etc.
There are three ways you can do this:
Anonymous users can list products and view public information about them on the website.
Signed-in users can list, view (including private info), edit, create and delete products on the website.
Users with a valid API key can list, view (including private info), edit, create and delete products using the API.
The problem I'm having is that the website uses AJAX calls to the API, and these only work if the user of the website is authenticated. Calling the API without an authentication cookie or an API key fails by design.
What would be the recommended way of identifying the unauthenticated website to the back-end API in a secure way that allows it to work?
The ideas I've had include:
A special API key for the website, but it would by necessity be visible to the world at large somewhere in the Javascript code and therefore something someone could use to access the API themselves and bypass any rate limiting I wanted to implement.
I considered setting something in the session on the web controllers which could then be verified in the API controllers, but I encountered issues where unauthenticated calls to the API redirect to the login page on the Account controller, which then sets the relevant session variable, which means subsequent API calls succeed whether legitimately authenticated or not. This seems like the most promising option, but I'm not familiar enough with ASP.NET Core's workings to make it robust.
You should use Jason Web Token Authentication, to implement one in your API please check the following the link:
https://medium.com/#adegokesimi/implementing-jwt-and-refresh-token-in-net-core-2-2-web-api-b21ef6de2a19
By using JWT authentication in the pipe line of your WebApi your problem will be solved.
Also, you can use a ASP.NET Core identity system for things like roles that can be implemented on specific controller methods, for example, "EDIT" can be allowed only to role admin, etc.
Kind regards,
.js
I'm building several App's or Modules (Each got its own Project or might be a solution) and I need to develop a central core module that acts as a configuration App as well as the main login portal and users management (Using the built-in Identity 2.0)
I need a hint or a road map on how I can allow that functionality so when a user requests a specific module (Might be on a completely another URL, Database or Machine), he'll be redirected to the login page and then return back to the requested url. Of course I need to not include the same login mechanics and controllers in each and every project.
PS: I still need to use the normal Identity User Role check in the Applications/Modules like usual.
I decided to go with IdentityServer4
There is a learning curve here but I decided to go ahead as it will be a better solution in the future.
I have an asp.net website with users login implemented. Now I want to add a blog to it with Wordpress.
The company that hosts the server I use said it is possible to create a folder for wordpress in the same server/internet domain as Windows supports php.
Now my question is: Is it possible to have Wordpress use my ASP.NET user authentication mechanism?
For instance, when a user wants to comment on a post (on Wordpress engine), I’d like that the post goes with the user name and picture that is on my asp.net user data implementation.
Otherwise the user would need to have two different logins on the same site (one for the ASP.NET part and another for the Wordpress part) which is bad from an usability / user experience perspective.
Maybe there’s a Wordpress plugin for this integration that I don’t know of. Or if it can be done by code, I’d appreciate your help also.
Thank you.