We are developing a windows application(developed on Mono framework) that works in two different modes. Online and Offline.
In online mode it's having access to API's and DB servers. But when it's in offline mode, the data store is SQLite and everythig happens inside the same server.
Planning to use web api, asp.net Identity and Owin for Security in online mode. Seeking some help to build Autherization and Authentication in offline mode. Is there any packages like asp.net Identity and Owin that can help me in this case?
Any help really appreciated.
Check this link out:
http://www.codeproject.com/Articles/869223/ASP-NET-Web-Api-Create-a-Self-Hosted-OWIN-Based-We
I used the techniques here to create a fully fledged OWIN system for a similar purpose. The only thing is, eventually they have to sign on. I have it setup for every 4 days in my projects. So on the fourth day, if the user refuses to connect to my server for provisions I will disable the software until they do. I didn't use MONO, but hopefully this will get you close to where you need to be.
Related
There is a project I am working on using asp.netcore 3.1. d app is a web API and will b consumed by multiple clients(web browser, android and Windows forms). How can I build the OAuth2 server in c# to protect my API.
Most companies don't build their own Authorization Server, since it is a job for security experts. Instead they use a cloud provider, and these are often very low cost or free.
In the early days this is a good learning guide and will save you a lot of time. You can then focus on OAuth integration into your UIs and APIs.
As long as you keep security in your UI and API standards based you will then be able to easily swap between providers later - or use an open source one perhaps.
Here are a couple of resources of mine that you might find useful. My early code is in NodeJS, but based on OAuth messages, so easily translatable to .Net Core:
Setting up an Authorization Server
Initial Tutorial
OAuth Messages - see Step 16 for API Integration
Does anyone have experience setting up Azure AD on an ASP.NET 4.X website? I've registered my app in Azure and have been trying to follow the instructions here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
However, the following docs regarding SSO, etc. are written for ASP.NET MVC/Core applications.
I've tried using OWIN, and it kinda looks like it's working. I get a login prompt, enter my credentials, and pass through, but I had configured IIS 7 to use Windows Auth, so it might be picking up on that. (I've read that Azure authentication is done at the application level, not IIS, so my previous IIS settings might not be affecting anything.)
Does anyone have advice? I don't have experience adding authentication to a website and appreciate any help. Ideally, I was told I'd hit my organizations 365 login page, authenticate through it, and pass on to my website, but this isn't happening. I just get a standard popup login box. (It works, but I don't know if I'm authenticating through Azure.)
You can use Visual Studio 2019 Create a new ASP.NET (not Core) Web Application wizard. Choose any option that supports Authentication and set it to Cloud - Single or Multiple Organizations:
I have been developing custom API services and hosting them on a windows server as windows services; of course, it's reached a point where the work has become tedious and redundant not to mention very buggy and insecure. So now am exploring ways of leveraging the advantages of ASP.NET Core while still deploying them as windows services. What I can't understand is the purpose of setting up Service User Accounts is it necessary? What is the importance of this? Can I skip the User Account step and just deploy them manually without the need for a User Account?
The documentation in question is here
I got an answer from AspNetCore.Docs Github Repository
I have been scratching my head how to solve the issue described below.
So, the company where I work uses Visual Studio Team Services (was Visual Studio Online), and it is integrated/connected to our AD, meaning that If I log in to my workstation I can log in to Team Services without authenticating myself, like SSO.
I'm going to create an application which communicates to Team Services via Team Services SOAP and WebApi clients and here is the problem. I need a user to be able to communicate with Team Services and doing stuff (reading data, creating work items, creating test suits, etc.). I see little chance to convince IT to create a user only for this. They going to reject my request due to security risks.
The application architecture looks this:
browser: angularjs application, spa, calling only the WebApi service
server: WebApi service, which is responsible to communicate with Team Services and transforming data back and forth between the client and Team Services.
database: persisting data for later analysis
There is an idea in my mind, where I can get somehow the windows credentials from the OS and push it down to the server which uses it to communicate with Team Services. In Team Services, we will see that the particular user did things.
The question, how is possible that? The articles I have found searching for something similar, always mention .Net MVC app where I need to modify the web.config in order to get the credentials. But, in my architecture there is no .Net MVC app running on local machines. There is only a SPA running in browsers.
Or my architecture is not fit for this purpose? Shall I rework it and using MVC app to be able to get the credentials and working with them? But, the question still stands, how can I pass the credentials through the calls calling Team Services?
Do you know blog entries dealing with cases like above?
Thanks for any help in advance!
I think you have a bit of confusion over your terms. The SPA (Single Page App) has javascript code delivered by the server to the browser that calls the .NET WebApi code. In order to get the browser to use Kerberos/Windows Authentication you need to add
<system.web>
<authentication mode="Windows" />
</system.web>
to your web.config on the server where the .NET app is running (under IIS).
From here...
http://www.asp.net/web-api/overview/security/integrated-windows-authentication
"On the client side, Integrated Windows authentication works with any browser that supports the Negotiate authentication scheme, which includes most major browsers. For .NET client applications, the HttpClient class supports Windows authentication:"
Then the browser will do the rest for you and the HttpContext.CurrentUser in the .NET code on the server will be set to the windows user of the clients browser.
Does anyone know of an analytics package, either open source or commercial, that can be integrated into a corporate MVC3 site running in a restricted environment?
The (rather rigid) requirements for my project are: -
The solution must be installed locally, which sadly rules out Google Analytics.
The solution must track analytics for individual users / customers.
The solution must work on a Microsoft technology stack and work under IIS 7.5.
Unfortunately due to client sensitivities (I.E., security and brand reputation) they cannot use publically analytics packages and thus rule out Google, Open Web Analytics, etc.)
Thanks, and let me know if I need to make the requirements clearer.
Piwik is one of the best open source Web Analytics solution. I understand you need a solution in Microsoft stack but this is based on PHP.
I am using this to tracking SharePoint web applications and I am running Piwik using IIS 7.5.
Configure IIS to use a detailed log. Then use a IIS log analayzer tool (there is plenty, google).
http://awstats.sourceforge.net/ is pretty popular. (PHP, but easy to configure in a separate website in IIS)
A .NET based analyzer: http://www.iis.net/community/default.aspx?tabid=34&i=1864&g=6