Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm trying to implement ADFS Login on a MVC application.
The ADFS service is from a third party company and the only thing I got from them is the Metadata URL. I've tried a lot of examples from internet, but any of them is working.
Can someone please tell me how I should do this, if I need something more besides the metadata link(?) or give me the link to a good tutorial to implement ADFS login.
I don't know a lot about ADFS services or authentication and this is my very first time asking something here.
To use ADFS, the client side must implement WS-Federation, SAML 2.0 or OpenID Connect.
OIDC is ADFS 4.0 only.
There is a NuGet OWIN WS-Fed package as well as one for OIDC.
The easiest way to do this in VS for a new MVC project is "Change Authentication" / "Work or School" / select "On-Premises" from the drop down.
Then enter the parameters from the metadata.
They will have to add your application to ADFS as a Relying Party.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I had an app that used an MVC template, prescaffolded with authentication (the one with bootstrap). I am migrating the project over to Web API and a React Client, but I still need this same functionality. The MVC authentication used SQL Server. I really want to do all I can the same, unless something better is possible. How can I implement authentication/authorization with Web API? I guess I can store the password in React's state/props, and then maybe pass that into the HTTP calls?
You can generate token using web api and then store it on react front-end in local storage. And whenever you do http call put that token in authorization header and match it from web api backend.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I want to create a website which will allow user to login with his/her Facebook credentials. Now, my website would allow user to post some content (text plus images) and also if user posts it on my website, it should also be posted on a page (which is also created and owned by me).
Is it possible to do that? If yes, can anyone point to any resource which explains how to do it?
Yes it is very easy task, you must rely on some facebook SDK, more precise, you need to choose a library that offers wrapping classes around FB Graph Api i.e. Api Client.
This being said, check the following links as a start and continue developing according to your application requirements.
https://github.com/facebook-csharp-sdk
https://www.nuget.org/packages/Facebook
P.S: the library you choose must support OAuth, and you should read more about this protocol.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I have created an asp.net MVC web API application which uses JWT token to authorise the users after normal login.
I am able to implement it correctly but I have following concerns regarding security:
If someone copies the token of valid user and tries to access the api
(my current implementation not able to identify it).
How to detect if someone logins from two different machines?
What are the other things needed to be included in JWT token generation? (I have now used userid in my current implementation)
I need some guidance.
Thanks In advance!!
Copying the token is not easy as you will store it in local storage of browser. It will be more secure than stealing cookie.
You can add one more claim : Mac Address. Then on each request compare the Mac Address of Request with Mac of Claim.
Use a long random string, it should be enough. I would recommend 25 characters as standard. Don't store the key in web.config. Your token is as secure as the secrecy of your key.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 years ago.
Improve this question
I am building a restful web service api using ASP.NET WebAPI. I'll be consuming it with MVC as a web application and eventually in a mobile app. I want to make the api standalone and not couple it with the MVC application.
I am having trouble figuring out how the authentication should be structured. I need the api to be consumable only from a specific sources(the web app and the mobile app). However, I dont know how to link the authentication in the WebAPI with the MVC one. New users should register in the MVC and their auth info should be supplied to the WebAPI. I'm using the Individual accounts Identity system for the project.
In short, how to use the same authentication for both the Api and the Client? Should they be deployed to the same domain?
I recently did something similar.
I think you have 2 issues here:
You want to only accept Web API requests from known sources.
You want to authenticate the user.
For number 1:
You want to add authentication to the Web API Request. This could be basic authentication, but it shows the call is coming from a known application. By using this, you know where the call is coming from. Despite what you read, Basic Authentication is ok, but only if the call is over a TLS (HTTPS) connection . Otherwise the call could be seen and the authentication could be used in a replay attack.
For number 2:
You could have a method that the user can call, such as a login request, where the user can be authenticated and, if successful, issue them with a token. JWTs (Javascript Web Tokens) are one token that you can use. Then the token can be sent with each subsequent call. However, please bear in mind that they can be a pain to use!
It depends on how tight your security needs to be. It might be that basic authentication, along with TLS might be enough for you.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
How to put single sign on using adfs 2.0 (active directory federation services) give me the steps with examples..i use visual studio 2010 and linq for coding and my project is based on school management system.
If there is another way to put single sign on in my project with using concept of active directory then also tell me that method.with suitable example.
Is it possible to install adfs on local server.?
i try to install it on virtual private server but i fail.due to operating system version problem.
if it is possible then give me details about it.
Thanks in advance.!
Probably the shortest possible instruction would be
install ADFS 2 on one of your servers, configure it to use your Active Directory
Install WIF runtime and WIF SDK 4.0 on your dev machine (this assumes you use VS2010)
http://www.microsoft.com/en-us/download/details.aspx?id=17331
http://www.microsoft.com/en-us/download/details.aspx?id=4451
create an empty web application
set authentication mode to "Windows", add authorization rule that prevents unauthenticated users (deny users="?")
add an STS reference (right click on references and pick "Add STS Reference"), point to your ADFS metadata (https://your.adfs.address/FederationMetadata/2007-06/FederationMetadata.xml)
Go to ADFS and add a Relying party trust - provide the address of your appliaction (https://your.application.address)
However, most of these steps involve multiple actions where things go wrong. Do not be discouraged, in case of issues just ask questions.