I have created a WCF service that is hosted within a web application. I want to add authorization to the service. Right now it uses a hardcoded username/password from a custom username password provider. What I am attempting to do is use the database that is by default in the web application to store users.
I went to the Web application configuration page and added a few users. So this means it must be going into a database. Where exactly is this stored? Or more precisely how exactly can I get the connection details for it? With the custom service I should be able to check against any DB with just some validation code and no other changes made to it, so could anyone show me an example of authorization through a DB in C#?
The databse is usually stored on you App_Data folder of you application
since you are using WCF here is the tutorial for you to implement a custom authentication provider for wcf.
Related
I have an MVC application using Windows Auth which consumes a Web Api service. Both are hosted within the same domain but sat on different servers (MVC is publicly accessible). Now lets suppose the Web Api service has a method "CreateFooBar" which requires that the user is in a particular AD group. At the MVC layer I can easily check that the user is indeed in the group, package up a JSON message and call "CreateFooBar". But how does the service perform such a check? How can I tell it which user has made the request?
Initial thought is just to add the userID to the JSON message and let the service method retrieve the details but this would allow someone to just pass in any userID they like so clearly this won't work. Can someone point me in the right direction please?
You should use something like Kerberos delegation.
The user will be authenticated in the MVC application using Kerberos then the Kerberos token will be passed to the Web API call.
We do that currently at work to pass credentials from an ASP.NET app to an Exchange Webserver. It works fine.
If you want more info check this KB: http://support.microsoft.com/kb/810572
You should look into what windows identity foundation can do for you. By setting up adfs in your environment and using claims you will address most the problems you are talking about.
you'll need the identity and access plugin for visual studio and you can test the idea out using a self hosted sts.
I would like to know if it’s possible to do use authentication in Silverlight 5 without having to use RIA Services. I am using Entity Framework to connect to my database. I am also using the Business Application template. I have created a custom membership provider through which I am able to validate user credentials and can add new users. However, if I want to restrict content on the app based on which user is logged on, I have no way of doing. I believe that if I create a RIA Services Domain Context I can potentially check user information via WebContext.Current.User. Is there a way to get this type of information without RIA? Perhaps a WCF service of some sort?
Once I wrote a tutorial on how to share forms authentication between your web app and a silverlight app. This works without ria, uses guarded wcf. You can even fine tune the access to individual roles.
http://netpl.blogspot.com/2010/04/aspnet-forms-authentication-sharing-for.html
I have the requirement to setup authentication and authorization on a WCF Service, right now the service is created and working but no authentication.
There is also the need to authenticate existing users and passwords that are being stored in a SQL database and are already used by another web application, but since I do not have the source code for it, and being still adjusting do .NET I am having some dificulties.
I can read the database and found several aspnet_ tables in the database such as aspnet_Users, aspnet_Roles etc that so far seem to match with the ones used in the web application.
My question is how can I easily implement authentication and method authorization using the existing database.
Please note that I do not have access to the web-application source code.
Thanks.
MVC uses the standard ASP.Net membership provider. If you click the Log On button/register link - you can add a user. ASP.Net will create App_Data\ASPNETDB.MDF containing the membership information. You can move ASPNETDB.MDF to a remote DB server, but you must use the Membership provider schema/DB (unless you write your own provider).
A few MVC links to get you started.
http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-forms-authentication-vb
http://weblogs.asp.net/fredriknormen/archive/2007/11/25/asp-net-mvc-framework-security.aspx
http://blog.wekeroad.com/blog/aspnet-mvc-securing-your-controller-actions/
The default authentication/authorization configuration added use ASP.NET standard membership and role manager service provider( the local SQL Express one). If your existing database(for user login) is also ASP.NET standard sql membership database, you can simply change the connection string of the membership section. Otherwise, you might need to create a custom membership provider which uses your own database tables for user authentication.
Implementing a Membership Provider
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
Building Custom Providers for ASP.NET 2.0 Membership
http://msdn.microsoft.com/en-us/library/aa479048.aspx
Really no easy way to achieve your requirements. Here is the library you can use and follow stricktly steps described in this blog to setup authentication with SQL Membership provider for WCF services.
In my case I did small update to the library. I've commented out line of code
//if (!IsAnonymousAllowed)
I have an ASP.NET web application I built for a client that uses default the ASP.NET forms authentication. They are now requesting a desktop (WinForms) app that works "with" the web application. I have created the webservices to access the data they want from the web app and put it into the desktop app. That works great.. but there needs to be the same level of security and data access based on roles that is already stored in the asp.net application.
So now it's time to make authentication work across both applications.
I would like to take advantage of the asp.net authentication by prompting a login when a user first opens the WinForms application and the calls possibly a web service to authenticate the user, get the users role, and profile.
I'm sure this has done and or asked about.. I'm just not finding the question/answer in SO.
First: Use WCF for your web services. It's a better framework than the old ASMX services.
Second: WCF can utilize the same RoleProvider and MembershipProvider classes that your ASP.NET application utilizes. It's a simple configuration switch. Use them both and your web service requires the same credentials as the web application.
And... that's pretty much it.
For more info, see:
Implementing a Role Provider
Implementing a Membership Provider
How to: Use the ASP.NET Membership Provider
To add to Randolpho's answer: another feature users might like is the ability to save their credentials rather than entering them every time they start your application. You can use the Credential Management API for this as described in this answer.
I am working on a project for a property management company. There is the back end system that stores all of the tenants and property portfolios, and a front end website that allows users to view their packages, service requests etc.
I need to write a windows service that pulls their information out of the back end and place it into the membership database.
I cannot figure out how to configure the service to connect to the membership provider.
You can basically use it as you were with the web application, they key is that you must have the same machinekey values for your application AND the web application. Otherwise the passwords will not encrypt or decrypt in the proper manner.
Here is a tutorial that might help you out a bit on using it from a windows app. The process should be the same for your windows service.
open up the MY PROJECT file in Solution Explorer, and then select the SERVICES tab. Check the "Enable client application services" option and basically fill in the blanks.
Alternatives, is to create a webservice which will do the processing into the membership provider for you or to have your windows service manipulate the membership data structures (assuming they're in a database or similar option) manually.