Environment:
We are having a Website and a separate ASMX - Web Service sharing the same database (MS SQL 2008). Web Service is serving the Mobile Apps at the moment. Projects are done using c#, Asp.Net, 3.5 framework, VS 2008.
Requirement:
We need to avoid same user login into Website and Mobile App (Using the Web Service) at the same time. Basically user can log in only to a one service at a time (either web or app). Also, user should be able to log in to Mobile App as soon as web browser is closed or logged out.
If user tries to log in while already logged into the other service, code should have a way to find it for notification and restriction purposes.
I think AppFabrc address the requirement but needs Windows Server 2008 R2 which we don't have at the moment.
Hope you have better ideas??
Please note this is not the same question as this.
FYI... you don't get any notification when the browser closes. You could go based on the last activity time (basically keep track of user activity - page clicks, etc). I also don't see how appFabric is going to help. You still have the same problem.
As others have mentioned, there is no easy way to know when somebody has closed the browser. You could use javascript to detect when somebody leaves your web app but there are some issues (see the following question and answers for more information: How to capture the browser window close event?)
If you're open to other workflows, you could try this:
When the user logins to the mobile app, have the mobile app log him out from the web site.
When the user logins to the web site, have the web site log him out from the mobile app.
That way your users would login and start working right away instead of them having to log in, see an error, logout from the other app, log in again.
Related
I couldn't find the exact answer I was looking for. I have two applications - web application built with react and desktop application built in C# Forms. What I want is if the user goes to a certain page in the Web Application, the browser should open (with or without a request) the windows application and send data, like the user's id. Could you guys give me an advice how this can be done?
For that, when installing your windows C# form in the user machine, you need to register a custom protocol in the registery.
See How do I register a custom URL protocol in Windows?
We have 3-4 ASP.Net MVC 5 applications for which we want to implement the solution of single sign on.
Our requirements are
Any user trying to access anyone of the application (any page)
and if he has not signed in into the same or another application in
the same browser should be re-directed to the login page.
If the login is successful till that application is running, the user
should not be asked the login credentials again.
If the user logs out from one application, he should log out from all other
applications
Things which may be useful while suggesting a solution.
Currently 2 applications are hosted on different domains. Other 2 applications are on subdomains
Though they are on the same server, one application can have access to database of other application but we would like to have a solution where in this direct access of db should not be required.
We would like to have a 5th application which will do the account management and also login and logout will be handled by this application
We are not just looking at a solution where authentication will be done by the identity server but we are also looking at the authorization wherein the identity server will authorize the level of access of requesting application.
Going ahead if this solution can help us take care of mobile devices as well as webservice based client access, it would be an added bonus.
We are using forms authentication in our application right now.
We have seen some examples on internet which but we seem to be lost on some or the other feature. Either we are going wrong somewhere or we are not looking in the right direction.
Hence we are looking for an answer. Appreciate your time to read this big question.
Thanks
My app is Windows based, and there is IE installed. But my app will run in a process which does not like externally-launched applications (like a web browser, when authorizing). Instead, my app will use the host application's web features to display a browser.
The host app takes over the front-end and is a public kiosk-type application, so I have no control over how browsing gets launched. The google drive api automatically launches the default browser (with an affinity toward Chrome, even if not the default... :-/
I cant give code examples, but you need to look into non browser based auth - i.e. server side authentication https://developers.google.com/drive/web/auth/web-server?hl=en
Has anyone managed to achieve this?
Application should work like this:
App admin can add AD users
App admin can define users not from AD
If user is added from AD and trying to access to application from same AD - application should log him in automatically (single sign on).
If user is not from AD, or not added as application user - application login form is displayed
Just to mention, I managed to achieve this on IIS6. I have read several techniques so far with IIS 7 and 7.5 involved, but it seems none of them really works when deployed on production server.
So far I have 2 separate web applications. One web application is configured with forms authentication - this one is main. Other is configured as windows authentication.
So idea is, user tries to acces to main application, this one redirects him to the other application which tries to extract his domain username (NTLM), and redirects him back to main application. Main application tries to log him in as AD user, if this fails forms login is displayed. If AD user is added as application user (using separate admin module of application), he should be authenticated automatically, meaning no IIS login prompt should be displayed.
These two applications are running in same application pool. Also they are both in integrated pipeline mode.
This works if I set it up on my development win7 IIS, but when I deploy application on win 2008 server with IIS 7.5 - it's not working. I keep getting IIS login prompt. If I enter my credentials to IIS login prompt it will eventually log me into application.
Has anyone has similar issue and hopefully solved it?
Please update the question with the info you have provided.
As I understand, these two applications are in the same app pool and I believe you need to separate them into two app pools.
Progress update - this authentication works now as expected (I didn't have to split app pools). Problem was that on machine accessing application, app server hasto be registered as Local intranet. This is a must in order to IE sends credentials to server.
I’ve been asked to integrate a windows form application with SagePay to take payments directly from the application. The SagePay documentation talks about ASP.NET so I’m not sure whether this is possible. Has anyone integrated a WinForm application with SagePay before? Is it possible?
I know some payment processors have a connection option where the payment part is hosted on a form on their server. You could try embedding a web browser control into your app to display the payment page.
Usually there is another type of connection option where you can send your information via HttpWebRequest, but I'm not sure that this would work as it requires SSL. Since you are running your app as a desktop client, I'm not sure what you would have available.
I am not sure this is possible given that sagepay needs to redirect users to Mastercard securecode or Verified by Visa, I think they would need to redirect to the bank which then redirects back to a supplied URL. I would think this needs to be within a browser environment.
You can post to urls and get back a response via .net objects and parse the results to display on a form.
You can also ask SagePay to create a Vendor account with 3d secure switched off. This allows you to take payments in house in your winforms app without the customers password however most card vendors if you bypass 3d secure will not protect you if someone calls and uses a card fraudulently.
However it can definitely be done.
You can normally post to secure servers from non secure pages so again this isn't usually an issue.