I have a problem authenticating against Sharepoint Project Web App, from my ASP.Net app. One of the last tricks in my pocket that could work is taking a web browser from Windows Forms package, and performing an auth in it. This browser will be hidden from the user, will use service account to authenticate and will populate some JSON from PWA once a day. I will emulate the normal authentication you go through if you login to PWA with your browser.
This feels a bad idea to me, but if I do not have any other options, I might go with it. The problem is that I can't really explain exactly why it is bad, thus my question.
What possible problems should I expect doing this? ASP.Net app will be hosted in Azure, we also do an auth on Azure.
Related
I am searching for hours now. I have a C# Blazor WASM SPA which get its data from a C# WebAPI (netcore 3.1). For authentication I use JWT at the moment.
I want to switch to a SSO-Solution. Since everything is running in company network, I would like to use Windows Authentication.
I managed to set up the API on IIS for Windows Authentication. But I am really stuck with the Blazor App...
I tried to set it up on IIS with WinAuth/Anonym and to use a simple GET-Request for Login, hoping that NTLM negotiation would pass the credentials from the browser to the API. Would be fine for me, if all further requests would use JWT. Even better if everything would work with WinAuth.
But whatever I try, I won't work. Does anybody has a tutorial or a least a concept I could use for the start?
Take a look at https://learn.microsoft.com/en-us/aspnet/core/blazor/security/webassembly/hosted-with-azure-active-directory?view=aspnetcore-3.1.
This article shows how to secure both a Blazor front-end and .NET Core back-end api.
Does anyone have experience setting up Azure AD on an ASP.NET 4.X website? I've registered my app in Azure and have been trying to follow the instructions here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
However, the following docs regarding SSO, etc. are written for ASP.NET MVC/Core applications.
I've tried using OWIN, and it kinda looks like it's working. I get a login prompt, enter my credentials, and pass through, but I had configured IIS 7 to use Windows Auth, so it might be picking up on that. (I've read that Azure authentication is done at the application level, not IIS, so my previous IIS settings might not be affecting anything.)
Does anyone have advice? I don't have experience adding authentication to a website and appreciate any help. Ideally, I was told I'd hit my organizations 365 login page, authenticate through it, and pass on to my website, but this isn't happening. I just get a standard popup login box. (It works, but I don't know if I'm authenticating through Azure.)
You can use Visual Studio 2019 Create a new ASP.NET (not Core) Web Application wizard. Choose any option that supports Authentication and set it to Cloud - Single or Multiple Organizations:
Here's a bit of a back story, feel free to skip to the problem below.
We have a handful of web applications exposed to the outside world (as opposed to ONLY on our internal business network) and these applications are using HTML5 for the offline capabilities. We also had IIS configured for Windows Authentication ONLY (no outside parties use our applications), thus we were issuing the challenge directly against our AD. With a recent update to Chrome for iOS, it broke the NTLM authentication (instead of prompting for use credentials, it just displayed a 401 unauthorized exception page) so we started looking at alternative solutions.
We figured we could leverage our current external ADFS/O365 access thus the user experience would be the same across all external facing applications (not just web apps).
We ended up adding OWIN to our WebForms app to use ADFS authentication and it works from a perspective of you can see the redirect to our external login page and then back to the web app. However, there is an additional problem. To get this to work, we had to DISABLE Windows Authentication in IIS and ENABLE Anonymous Authentication. Also, in the Web.Config in <system.web> we added <authorization><deny users="?" /></authorization>
PROBLEM
Since our applications are using HTML5 and are available offline, we are also using Web API to handle the push of data from the client device to the central system. When we moved to our "SSO type" solution, the POST methods in Web API started crashing. Turns out the line HttpContext.Current.User.Identity.Name stopped working.
How can I get the current authenticated [signed in] user when the user returns to the network and sync's their data? I'm not even sure what the best approach is here, I've tried a few different suggestions from SO and Google, but none seem to work. How does one get the current user in Web API with Owin using Federated Services?
I have an sql azure database. I need an silverlight application with username/password authentication by table from sql azure and makes some operations on data from azure database.
The first that come in my mind is to authenticate by creating a invisible form in aspx page that hosts my silverlight application and send a request from silverlight by calling javascript code and to validate on server side using asp.net membership provider. Other operations on database also would be done using javascript requests from silverlight.
The other ways that i know is using wcf web services, but i was confused in ways that i should do authentication, how to keep the session in cookie (that when i open this silverlight page in other tab not to authenticate another time authentication). I read also about windows identity foundation but i don't know if it is the best solution. Those approaches with wcf web services i would prefer more because i have no much experience with web development.
What are best practices to accomplish what i want to do and deploy the application to windows azure with not too much pain?
Sorry for my bad English, and thanks in advance.
I would suggest have an aspx login page which validate the credentials using membership.Let the silverlight redirect there and logged in. Once it is logged in and if your services are ASP net compatible you can call the services normally.ie it will add the cookies and all.
If you have the Out Of Browser mode you need to get the username and password in your SL app and authenticate using a web service method.
Identity foundation is really good is you are using different identity providers such as google,yahoo,FB,live etc...
For the authentication question - here is a tutorial on MSDN:
I'm building an app which is subscription based, users can login to a website an use it as they please. I would also like them to have the option to work with it outside of the browser and even offline. The app itself is not dependent on online resources, only the authentication is done via forms authentication.
What would be the best way for me to make offline authentication possible?
You could consider using WCF RIA Services for authorization and authentication with your own membership system.
Here is a brief example.