Previously I used Context.User.Identity.Name to map connection,
but when I moved Hubs to Web Api it stopped working
(SignalR client and all Identity logic is in asp.net mvc app).
Any ideas?
Related
I am new to SignalR. I've a ASP.NET web form application & Web API project (Not Core), both are different projects. I need to get notification in web form app when there is any change in a table (SQL Server) like in Facebook. Web app is a user login based so I need to send notification to a specific user.
Should I use SignalR Self Host solution to get notification in website & mobile app or other solution?
I have a requirement to NOT allow the Web(MVC Core 2) layer to hit the DB and I have not had to separate .net identity into layers before and I was thinking of doing it like this but do not see anything posted with the latest core technology. I was planning on having IdentityServer4 with .NET Core Identity be the middle/App layer. The middle/App server will be behind the firewall. The web will only make server-side calls to the Identity server(no Ajax). I was using this tutorial http://docs.identityserver.io/en/release/quickstarts/6_aspnet_identity.html. After getting a working example, the MVC Web site wants to redirect to the identity server expecting the Identity server is public facing using cookies. My questions are:
1) How can I can I keep this server-side only no redirects or is there a better way to do it?
2) How can I reuse the 2factor and password management from the middle layer? Do I have to write wrappers for each server call like
var response = client;
PostAsync("http://localhost:xxxxx/account/LoginWith2fa", content).Result;
From here: https://forums.asp.net/t/1988569.aspx?Call+post+Api+from+controller+in+MVC+at+server+side
3) For the data layer, should this be a separate project from the auth server or is it bad practice to have the auth and data layer together?
We currently have an ASP.NET Core MVC app in combination with IdentityServer4 for authentication. The user authenticates via IdentityServer (with the HybridAndClientCredentials flow) to ADFS before it has access to the MVC application.
The SignInScheme on the MVC client is set to the values "Cookies".
We would like to extend our MVC app to host multiple Angular apps. Sometimes even more than 1 Angular app per MVC view.
The angular apps will call seperate ASP.NET Core Web API's on behalf of the user.
My question is how does the angular apps know that the user is already authenticated in the MVC application, retrieve the access token and call the API's on the user behalf?
I have been playing around with solution Scott Brady came up with but there seems no integration between the MVC app & Angular app. The Angular app will try to authenticate to identityserver and expect a callback on a particular page.
I am looking for a solution how to share the accesstokens between the MVC app and the angular apps but I am stuck. Any help is much appreciated.
If they have to sign in via the server-side hybrid flow already then the simplest way would be an endpoint in your MVC app that is cookie-secured that the client side app can call to get the access token.
Another approach is to use oidc-client-js and have the client side Angular app obtain its own token.
You could abstract this away from the client side app itself so it's easy to change the mechanism later if you need to. As it happens we use a combination of server side and client side flows and it works fine.
I have two projects:
An ASP.NET MVC 5.2 Application using ASP.NET Identity 2.2
A WCF Application SOAP XML service.
Note: The WCF service is not hosted by ASP.NET, nor is it running in ASP.NET compatibility mode. A requirement of this project is that it is interface based and ASP.NET compatibility mode does not appear to allow an interface based implementation.
The ASP.NET MVC Application calls the WCF SOAP XML service server side when a user makes a specific action request. However, the WCF service is accessed via the public Internet so in theory anyone could call it if they knew the address. I need to ensure that only ASP.NET Identity registered users who are Administrator role are able to call it. The WCF Application could directly access the database but it doesn't seem like it would be the best solution?
How can I check from the WCF service whether a user is authenticated and authorized in ASP.NET MVC 5.2 using ASP.NET Identity 2.2 using object passing? Which objects or properties should be passed and checked? Is there any other solution? Is it possible to check authentication/authorization with attributes in wcf?
Do you own both, are they in the same domain?
You could interact with a database behind the scenes to generate an auth token, then have the wcf service pass a url with the token back to the user. When the user goes to the site via the tokenized url it checks against the database from the perspective of the ASP app and authenticates. It's a bit asymmetric, but it would handle your use case without getting into domain restrictions.
I have old school web service and it is configured to impersonate the caller. Works with no problem. Now I am thinking about adding another more higher level ASP.NET (non-wcf) web service which would be calling the original web service.
The question is - will the client identity flow across two hops as in client (1)-> new web service (2)-> old web service) or there will be issues?
I believe unless the new ASP.NET web service impersonates the client, the identity will not flow to the second web service. If there is no impersonation then windows identity of the worker process will be sent to the old service. With impersonation, new service code will run under same user as that of client and then using DefaultCredentials, you can call the old web service.