I have built an internal Database for Clients. Its C# with an MS-SQL DB. I have integrated the ASP Website SQL Server and the Internal SQL Server to use the one database. Both the Website and the Internal Database are working.
I want to be able to automatically register a client to use the webpage once they have become a Client in my Internal Database. Using ASP (I am learning still) I see there is a membership provider and it seems to do all the validation and so on. Passwords are all handled and encrypted etc..
What would be the best way to add a user to the SQL Tables but keep the security and so on? Can I create a membership provider in my DB Client when adding a Client and use that to create the Clients Login to the Web Page?
I am using the default ASP .NET Web Application Template in VS 2010. The ASP Site is all standard config from the template.
Thanks!
You should call the methods on the membership provider. Don't get into the specifics of how the membership provider is working, the whole point of the provider model is that you can swap out the default SQL one for any other implementation.
If you look at the MembershipProvider base class (http://msdn.microsoft.com/en-us/library/system.web.security.membershipprovider.aspx) you can see the list of methods that it provides. You will need to call Membership.CreateUser() as part of your custom registration process, it has several overloads to choose between.
Looking at the default SQL Config and stored proceedures, we can use these.
See this.
The sample code by Chris Pels is excellent for helping with this solution. Thanks Chris!
Related
I was assigned with a mission to upgrade a legacy WCF and angular project written long time ago by a freelancer and add authentication and authorization to it.
I am quite new to the project and I was quite horrified when I saw the code.
Unfortunately, I can't share code, but I can tell you that:
Client-side is an SPA angularjs application.
Project is quite small.
There is no ORM - Only SQL (Stored procedure) queries.
The database is SQL Server.
The database Users, Roles etc.. schema was decided by the freelancer and was not built by any tool (like Microsoft Membership)
and without any regard to any conventional user table schemas. User table has a username, email, password, and a lot of other application data columns.
Most of the database table columns are encrypted/decrypted by the server before writing or read to/from the database. He wrote an encryption service.
Password was encrypted with a symmetric encryption (and only once).
Data being sent to the server is encrypted by the client and decrypted by the server and vis verse. The server always receives and return
strings (I guess he didn't trust HTTPS).
There are 2 encryptions - one between client and server and the other one between server and database.
The server always returns status 200, even when there is a failure. The return type must always be an object of type {success, resultObj} - this is what the client expected.
This system works on production with live users so changing schema will force schema change in production as well.
WCF server only serves site requests for now but might be needed to serve other application as well in the near future
Fortunately, the business logic is well organized in services and there is no code in the WCF controllers except calling services functions.
There is a separate project for the WCF service and another one for the angularjs application
There is no authorization or authentication at all!!! Login doesn't do anything (no cookie, no session, no token- no nothing).
Requirements:
I need to implement a bear minimum of authentication and authorization.
I need to update the server technology as much as we can to help us build new features on top of it in the near future.
Time is at the essence
I know it a lot to process and I am willing to share all data necessary (except code).
I read a lot about Asp.Net Identity and Identity Server and Web API Security and MVC Security but I really don't know which way to go.
Questions:
I am thinking of killing the WCF Service project and opening a new project where I will move all my business logic too.
I'm not sure If I need to create an MVC or Web API application. My client is angularjs spa application. If I don't need razor views should I use Web API?
Can I implement Identity Server on a database with a custom-made schema without entity framework? Is it recommended?
I understood that Identity Server is not used to authenticate and authorize the request, if so, what should I use on top of it?
If you have any thoughts, specific articles or any guiding questions, I will really really appreciate some help.
I have a website, but some of the back-end infrastructure is little slow.
So I am planning to get help from CLOUD, I haven't decided which one yet.
I need to know does Microsoft Cloud does the same thing.
What I need is following,
1) Have database on external web resource.
2) Have code and http enabled methods that I will write in C# and place it on Cloud.
3) And call the methods in step 3 from my asp.net MVC wesite's codebehind and client side(javascript).
I need to know if I get support from Microsoft Cloud platform, will I get the solution required in above 3 mentioned points?
And if I get support from Microsoft Cloud, then the coding syntax for SQL, will be same as if I run queries against normal SQL Server database
Thanks,
If I am understanding you correctly in that you are looking to have a cloud hosted SQL database and HTTP access to this database through custom C# code, then yes to all three of these.
You can set up your database as an Azure SQL database and create an ASP.NET WebAPI application to open up your database to HTTP calls as you see fit. Then you can use the REST client of your choice to access your database from your MVC controllers or through Javascript in your views.
Also, yes, SQL syntax for Azure SQL is the same as for regular SQL Server.
I have created a WCF service that is used for authentication. It uses an asp.net SQL membership provider for the accounts.I need a way for the client application to be able to register an account, change password ETC. The way I had originally planned and have started doing was basically interfacing the code within the service by creating matching methods that I could call from the client.
For instance to create the user I would create a method that has all the needed parameters and then within the code body I would access the membership provider so the client could just pass the details into it. So it is all actually done from within the same project/service.
Now that I have started I have began to wonder if I can access the sql membership provider directly from the client so I don't have to waste my time and interface the code.
If so could anyone point me in the right direction on how exactly I create an instance of the sql membership provider in another project so I can access it?
Microsoft has a standard framework that is targeted at what you're trying to do, it's called Client Application Services. There's a walkthrough on the MSDN site
I have the requirement to setup authentication and authorization on a WCF Service, right now the service is created and working but no authentication.
There is also the need to authenticate existing users and passwords that are being stored in a SQL database and are already used by another web application, but since I do not have the source code for it, and being still adjusting do .NET I am having some dificulties.
I can read the database and found several aspnet_ tables in the database such as aspnet_Users, aspnet_Roles etc that so far seem to match with the ones used in the web application.
My question is how can I easily implement authentication and method authorization using the existing database.
Please note that I do not have access to the web-application source code.
Thanks.
MVC uses the standard ASP.Net membership provider. If you click the Log On button/register link - you can add a user. ASP.Net will create App_Data\ASPNETDB.MDF containing the membership information. You can move ASPNETDB.MDF to a remote DB server, but you must use the Membership provider schema/DB (unless you write your own provider).
A few MVC links to get you started.
http://www.asp.net/mvc/tutorials/older-versions/security/authenticating-users-with-forms-authentication-vb
http://weblogs.asp.net/fredriknormen/archive/2007/11/25/asp-net-mvc-framework-security.aspx
http://blog.wekeroad.com/blog/aspnet-mvc-securing-your-controller-actions/
The default authentication/authorization configuration added use ASP.NET standard membership and role manager service provider( the local SQL Express one). If your existing database(for user login) is also ASP.NET standard sql membership database, you can simply change the connection string of the membership section. Otherwise, you might need to create a custom membership provider which uses your own database tables for user authentication.
Implementing a Membership Provider
http://msdn.microsoft.com/en-us/library/f1kyba5e.aspx
Building Custom Providers for ASP.NET 2.0 Membership
http://msdn.microsoft.com/en-us/library/aa479048.aspx
Really no easy way to achieve your requirements. Here is the library you can use and follow stricktly steps described in this blog to setup authentication with SQL Membership provider for WCF services.
In my case I did small update to the library. I've commented out line of code
//if (!IsAnonymousAllowed)
We use an IBM database known as Universe that holds all of our user id's, passwords, and profile information in a table called USERINFO.
Can I use the Membership Provider to connect to this database and authenticate the user?
The database access is actually through a web service since we don't have a direct connect to the database.
We have a web service method called GetUserInfo which accepts a parameter of username. The method will return the password and profile information.
As mentioned above, you'll need to create a custom membership provider which a fairly straightforward. You'll create a .NET class that inherits from System.Web.Security.MembershipProvider. There are several methods that need to be overriden in your class, but most are not even used by the MVC account controller. The main method you'll want to override is ValidateUser(username, password) which will get a user logged in. After you've implemented your class you'll need to register it in web.config which is easy as well.
You can find a sample for a custom provider here:
http://msdn.microsoft.com/en-us/library/6tc47t75(VS.80).aspx
And a tutorial for the entire process here:
http://www.15seconds.com/issue/050216.htm
Keep in mind that the process for making a custom provider for MVC is the same for a standard ASP.NET web site, however MVC does not fully utilize all methods of the MembershipProvider class so it's much easier to implement.
You'll have to create a custom provider for that. It isn't very hard, as long as you can access the web service without an issue.
Have you investigated the UniObjects interface? It comes with Universe, but needs to be installed. It has complete access to all database functions. Logging in, Selecting files, reading, writing, deleteing, creating new files etc.