I'm working with a legacy asp.net web application that runs on two servers;
frontend server, IIS web server, accessible from the web
backend server, can't be accessed from the outside, running IIS and a database.
They communicate using old fashioned asmx-web services.
ASP.Net membership is used for user management and the database is on the backend server. The asmx web services for membership looks pretty much like the example found at http://www.codeproject.com/Articles/13032/Custom-MembershipProvider-and-RoleProvider-Impleme
My question; Can I do something like this with the ASP.NET Identity (2.0)? Which interfaces will I need to implement? Are there any examples?
I guess I will use WCF instad of asmx :)
Ivar
Related
I have two projects:
An ASP.NET MVC 5.2 Application using ASP.NET Identity 2.2
A WCF Application SOAP XML service.
Note: The WCF service is not hosted by ASP.NET, nor is it running in ASP.NET compatibility mode. A requirement of this project is that it is interface based and ASP.NET compatibility mode does not appear to allow an interface based implementation.
The ASP.NET MVC Application calls the WCF SOAP XML service server side when a user makes a specific action request. However, the WCF service is accessed via the public Internet so in theory anyone could call it if they knew the address. I need to ensure that only ASP.NET Identity registered users who are Administrator role are able to call it. The WCF Application could directly access the database but it doesn't seem like it would be the best solution?
How can I check from the WCF service whether a user is authenticated and authorized in ASP.NET MVC 5.2 using ASP.NET Identity 2.2 using object passing? Which objects or properties should be passed and checked? Is there any other solution? Is it possible to check authentication/authorization with attributes in wcf?
Do you own both, are they in the same domain?
You could interact with a database behind the scenes to generate an auth token, then have the wcf service pass a url with the token back to the user. When the user goes to the site via the tokenized url it checks against the database from the perspective of the ASP app and authenticates. It's a bit asymmetric, but it would handle your use case without getting into domain restrictions.
Is it possible to use a self hosted signalR server with an MVC(4) application such that it is totally seperate from the signalR server?
I tried Tim and Patrick's beautifully executed SignalR intro tutorial, and was wondering if I could try that? And even if I could, would that offer any performance advantages over an integrated service as is metioned in the tutorial.
It is absolutely possible to self-host a SignalR 2.0 server with OWIN and accessing this server from within any Website (which may be a MVC application). The only thing you need is to enable CORS (app.UseCors(CorsOptions.AllowAll); in your Startup file of the Owin Host) since it's not on the same domain as your Website. Obviously you can't use SignalR within the MVC application itself this way (e.g. to publish messages).
I'm using a self-hosted ASP.NET Web API 2 and SignalR 2 server with OWIN to serve data to clients. You can find an example server using this scenario here. Tho advantage in this approach is to have your views & styles sepparated from your data and business logic. Making everything very easy to cache and scale.
I am trying to figure this one out. I am using a simple web service that is hosted by an asp.net web application that is going to be used for authentication for a mobile client and a desktop client and it will also be used to send/receive information to and from the clients.
Right now the service uses custom username and password authentication that is hard coded into the service. I need some kind of authentication though. So I figured I could just add the asp.net membership provider to the web application that is hosting the service, and I could use that database for the members for the service.
This would provide a way for me to manage the users as well. Could anyone tell me if this would work and if so how could it be implmented?
Here is the service I am using: http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti
It is easy to do. Assuming you're using Visual Studio I suggest using the web site administration tool. A MSDN article describing adding ASP.NET Membership Provider can be found at http://msdn.microsoft.com/en-us/library/6e9y4s5t(v=vs.100).aspx
Good old Microsoft documentation at it's finest. Does anyone know of any resources that explains how to deploy Web Api with Asp.net Web Forms application. I have the web api in a separate class library and I call using jquery. I don't want anonymous users to be able to access this service only the application. Do I want to use self hosted? How do I lock the service down? Awesome examples showing how to use, tons of videos but nothing on deployment.
You don't have the right architecture for what you are describing, but what you have is right.
If you are calling web services from the client side (using jquery) then your web service must be public facing.
What you are describing is a web or WCF service in a service oriented architecture. That service would most likely live on a different server and be on an internal network, etc. Even if it's on the same server your requirement is that it is not publicly accessible - thus none of your jquery would work since that request is being initiated by the user and users can only make requests to public facing services.
The comments about using forms authentication to protect your service calls are right. jQuery will include the forms authentication cookie for you when it makes AJAX calls so you shouldn't have to change much on the client side.
I have an ASP.NET web application I built for a client that uses default the ASP.NET forms authentication. They are now requesting a desktop (WinForms) app that works "with" the web application. I have created the webservices to access the data they want from the web app and put it into the desktop app. That works great.. but there needs to be the same level of security and data access based on roles that is already stored in the asp.net application.
So now it's time to make authentication work across both applications.
I would like to take advantage of the asp.net authentication by prompting a login when a user first opens the WinForms application and the calls possibly a web service to authenticate the user, get the users role, and profile.
I'm sure this has done and or asked about.. I'm just not finding the question/answer in SO.
First: Use WCF for your web services. It's a better framework than the old ASMX services.
Second: WCF can utilize the same RoleProvider and MembershipProvider classes that your ASP.NET application utilizes. It's a simple configuration switch. Use them both and your web service requires the same credentials as the web application.
And... that's pretty much it.
For more info, see:
Implementing a Role Provider
Implementing a Membership Provider
How to: Use the ASP.NET Membership Provider
To add to Randolpho's answer: another feature users might like is the ability to save their credentials rather than entering them every time they start your application. You can use the Credential Management API for this as described in this answer.