I have a server on the WebApi2, and I need get all active users on the server.
How to implement it?
I think, maybe, save customerId after logIn in the session storage.
But I don't know how to implement it.
Or maybe exists some best solutions for it.
Help me please, with this issue.
You can access session object using this kind of code.
Keep in mind that Web API provides REST services, and is from a design perpective not meant to access Session objects, as its purpose is to provide stateless methods.
This of course does not mean it is not technically feasible, as you can see on this SO answer.
Use this article Adding Session support to ASP.NET Web API for example
as the entering point to find out the best solution.
Related
I would like to add a password protected page to my WPF modernUI application and could use some help with it.
First of all I don't really have a clue how to handle this stuff correctly in my case.
My application is used on several machines. The protected page should be some kind of admin-page to edit a database that is used by the app.
My idea is, that there is only one Admin-account. But this account can be used from any machine. The admin should be able to change his password. So there must be some kind of encrypted password file on the server which can be accessed from any machine. I don't want to store the password within the application, as this would mean that the admin has to change his password on every machine.
So my question is: What is the best/safest solution for my idea? I'm just looking for hints as I don't have a clue what to search for.
The best Practise nowadays for distributed client applications who share a Database is indeed not to have direct access to the Database.
What you need is a WebService. A web service can be anything. It just has to be hosted somewhere. It can be an ASP.NET application, a WCF Service, or even something not .NET related like a PHP or Java application.
The communication between your application and your WebService depends on what you decide to use. Today a lot of people are using so called REST APIs which use either XML or JSON as data transfer format and use the HTTP protocol.
Its not hard to implement such an API since there are ton of Libs and Solutions out there.
You could use RestSharp for the communication at your client side. Which is straight forward and simple. You could also consume a WCF Service. Which is hosted in IIS somewhere.
However your Problem is nothing special and there are several solutions available. The decision is on your side since it depends on a lot of things such budget, available infrastructe etc.
Your question is quite broad but as far as WPF is concerned you could implement custom authentication and authorization in your application by creating classes that derive from the IIdentity and IPrincipal interfaces and overriding the application thread’s default identity. Please refer to the following blog post for more information an an example.
Custom authorization in WPF: https://blog.magnusmontin.net/2013/03/24/custom-authorization-in-wpf/
The actual credentials should be stored on some remote server that may be accessed through a web service, WCF service or some other kind of API. The details of how to actually get the credentails would be implemented in the AuthenticationService class in the sample code from the above link.
Is there any way a c# server can store Sessions for web without developing the web in asp.net?
We have this web in angular and I want to improve performance of our server and I have 2 ways:
make some caching in the server with a singleton which store data
store sessions
Problem with 1 is that there are too many locks in code which im affried will cause a bottleneck (such as User log in, insert him to a "logged users" list for future locks on the user object).
So 2 will probably works best, but, is there anyway to build such thing? I can seem to find any reference to such thing without using the asp.net web.
Comminucation in web is done via AJAX request so I think, perhaps im wrong, that I can't maintain a TCP connection with the web so Reactor type server cannot help me.
TIA.
Maybe StateServer will solve your issue. You can store sessions via StateServer service in another server. Then you can manage it easily.
Currently I am using ASP.NET MVC 4 and jqGrid with server-side paging. The issue I am facing is that the data source come from a third-party web service and I need to implement server-side paging over the result retrieved from the above-mentioned service. Since I should follow the stateless nature of MVC, I am a bit reluctant to use Session or Cache. Your suggestions is much appreciated!
Check if your service provider is supporting OData. If yes, then you
need to look at it and it solves your question on completely
different way.
Cache and Session do not exist in the same context. Session is bound
to a single user, while Cache is shared for all users. It really
depends whether the data coming from the web service is unique to
each user or it is all the same for everyone. If it is the same,
then cache is optimal as using session in that case would just eat
your server memory with duplicate data.
If your data is not in extremely large amounts, you might even store
it on client-side by rendering table and then using table2grid
provided by jqGrid.
I've seen solutions where you can restrict access in WCF using the membership in asp.net.(How do I restrict access to some methods in WCF?)
But i'm wondering if there is anything similar using the FormsAuthenticationTicket.
I don't have the Membership configured on my site, and i'm using the FormsAuthenticationTicket and methods in WCF to log in and so on.
The WCF-Service is not configured to use SSL YET, because the man i work for have not bought a cert trough our hosting company(don't know if relevant)
The main thing is that i need to protect my some methods in my WCF-Service from unauthorized access, and if theres another simpler solution i would love some input on that to.
I'm very new to WCF and security overall, but familiar in ASP.NET and C#.
I would love for some pedagogical answers, and not just a solution or ideá
UPDATE:
Some pastebin links for my solution:
wcf.svc
http://pastebin.com/S3bTPKaV
wcf webconfig:
http://pastebin.com/Pshf7STz
Client Webconfig:
http://pastebin.com/QY9252mB
This is possible and is commonly used - you have to guard your calls with the principal permission requirement.
Here is one of tutorials by myself
http://netpl.blogspot.com/2010/04/aspnet-forms-authentication-sharing-for.html
Don't let the title mislead you, this is not not only about Silverlight but any other way of accessing the WCF service that is capable of carrying cookies.
I am relatively new to the WCF world so my applogies for the newbie question. I am currently designing a layer of WCF services. One of them is an authentication service, so I came up with the following authentication mechanism:
IUserService.TryAuthenticateUser(string username, string password, out string key)
Basicly the user tries to authenticate and if successful - he/she receives a sessionkey/securitykey/whateverkey... the key is then required for every other "WCF action" e.g.
IService.GiveMeMyFeatures(string key);
IService.Method1(string key);
This mechanism looks extremely intuitive for me and is also very easy to implement, so what bothers me is why I cant find similar WCF examples? This unique key (which is practically a session key with wcf-side expiration and all) can then by used from the various applications, according to the application's architecture: for ASP.NEt it can be stored in a cookie, for Winform/WPF/Mobile I guess it can be stored in the form-class in a field and so on...
So here comes question number 1: What do you think of this method?
I also read, that I can use the build-in ASP.NET Authentication Services (with membership providers etc... if I understood correctly). From architecture point of view I dont really like this method, because when authenticating from an ASP.NET page the workflow will be like this:
ASP.NET -> WCF -> ASP.NET Authentication Service -> Response
In this scenario one could also bypass the WCF layer and call the auth. service methods directly from the asp.net page. I know that by going thru the WCF layer for every authentication request I will lose some performance, but it is important for me to have a nice, layered architecture...
And here is question number 2: What are the advantages/disadvantages of this method over the first one, and why is it so popular, when from architecture point of view it is kinda wrong?
I also read, that I can send user credentials for every WCF method call and use the built-in mechanism to authenticate and respond properly to the request.
Q3: What do you think if this method?
And to sum up - obviously there are many authentication methods, but which one do you think is best and most generic (considering that the WCF services will be called from asp.net/wpf/mobile/etc...)?
Thanks is advance :)
The reason you can't find examples it's not best practice - it's turning something that should be stateless, web services, into something stateful, and something that will not load balance well at all.
As web services already have standard username and password facilities, supported by almost every SOAP stack (excluding Silverlight) that's the way to go. You can use the standard .NET role based security model to protect your methods with this approach as well.