I'm trying to develop many projects under one solution on asp.net and I want to be authenticated just on the first project (Demarrage) then having authenticated immedialtly in the others projects. I'm using Windows authentication.Project Overview Link
As far as I know, if you enable the IIS windows auth and use IE or Chrome to access the web application. The browser will auto store the windows credenticial and use it to login in. That means you just need to login in once and it could access other web application.
If you want to enable a SSO for both windows auth and other auth mode. I suggest you could consider using identity server. The Identity server is an OpenID Connect and OAuth 2.0 framework. It could Single sign-on (and out) over multiple application types and it support windows auth.
Details about how to use it with windows auth, you could refer to below article:
http://docs.identityserver.io/en/latest/topics/windows.html
Related
We have a .NET Core web application with an AngularJS SPA front-end. We also have a Power BI Report Server with a few dozen Paginated Reports (SSRS). We would like for the web app users to be able to view/save/print the reports from the web app, without having to authenticate again into the Power BI Report Server. We also don't want to maintain two user lists (one for the web app, and one for the PBIRS). I have been told that they want us to use a single service account for PBIRS, and have the web app authenticate in to PBIRS, and serve up the reports to the user.
Unfortunately, Microsoft's official SSRS Report Viewer control (which allows you to enter authentication info), only supports Web Forms, which is not compatible with .NET Core. I have tried a few .NET Core wrappers for it, but I was not able to get them working.
Then I had another idea. Can I have my .NET code create a client, authenticate into PBIRS, and maybe get an authentication cookie, then somehow attach that cookie to the user's browser, so that if the user goes directly to the PBIRS, the cookie is valid and they are authenticated in as the service account user? How can I do this?
These two servers might be in different subdomains, but I think they will be in the same domain. I need to verify this. I think it might not be possible at all if they are on different domains, correct?
We have a webforms (.net 4.5) application which uses membership for user authentication which we host ourselves. Our clients have Active Directory and ADFS which they host in their own networks, they require our software to use single sign on authenticating against their ADFS server. I'm looking for steps on how to implement this so we can continue to use our normal membership login but use SSO where available.
There's a lot of info out there and I honestly don't know where to start. Cheers.
I wrote up something very similar to this:
OWIN : ASP.NET MVC application with multiple authentication options
Basically, use the OWIN Identity stacks to support whatever protocols you want.
Note that this application (RP in ADFS speak) still needs to be configured on the ADFS side.
I am completely a novice about Asp.net and Azure platform. I created a simple web application in VS2013 and deployed it to Azure web application. When I try to open my url (xxx.azurewebsites.net) it shows me a login page that my local application does not consist.
I digged some info about it, but due my knowledge level of web development and Azure platform, I did not understand the problem. It seems Azure Active Directory should be used, but I am not certain about it.
My question is, is there a way to skip the login page? If not, how can I define credentials to my application to be accessed?
Thank you.
As far as I know, Visual Studio 2013 offers several authentication options (No Authentication, Individual User Accounts, Organizational Accounts and Windows Authentication) for the Web Forms, MVC, and Web API templates.
According to your description, it seems that you select Organizational Accounts option for your application, which will configure the application to use Windows Identity Foundation (WIF) for authentication based on user accounts in Azure Active Directory (Azure AD, which includes Office 365) or Windows Server Active Directory. If you don’t want authentication for your application, please choose No Authentication option when you create the project.
I have an application built in .NET (C# and ASP.NET). We offer our own register/login login, but a client that just signed up with us requested support for ADFS since that's the authentication service they use across their company. This is brand new to me.
How can I add support for ADFS on my application? I'm guessing my client will provide the new users a link to click that I'll have to process for the SSO?
What would my client need to do on their end? (i.e. add groups and assign our future users to those groups?)
What .NET (or 3rd party) libraries can I use?
Thank you!
You could do this with OpenID Connect OWIN but ADFS 3.0 doesn't support this. So you need WS-Fed (WIF).
The easiest way to do this is with VS.
Create a new ASP.NET project and for "Change Authetication" select the on-premises option.
Use the On-Premises Organizational Authentication Option (ADFS) With ASP.NET in Visual Studio 2013.
Obviously ADFS needs to be configured. You need to find out what attributes the application requires in the form of claims.
Code sample which is similar for Azure AD - Integrating a web app with Azure AD using WS-Federation.
I have two authenticate users in two ways:
If they are an internal user we authenticate through Windows' active directory
If they registered with the site they authenticate through Forms Authentication
In MVC 3/4 I was able to accomplish this by implementing a custom membership provider and custom role provider.
Is the same possible in MVC 5 using OWIN and Identity and how can it be done?
In essence a mixed mode is a forms authentication with a windows authentication entry point, once the user gets passed it, the normal forms authentication flow takes place.
Enabling Windows Authentication in Katana
Katana does not currently provide OWIN middleware for Windows Authentication, because this functionality is already available in the servers
So for windows authentication to work, I have to rely on one of the provided hosts, either IIS or Self-host (System.Net.HttpListener).
I made a solution that makes it look like an external provider, mapping windows identities as external logins.
Source code : https://github.com/MohammadYounes/MVC5-MixedAuth