I have an sql azure database. I need an silverlight application with username/password authentication by table from sql azure and makes some operations on data from azure database.
The first that come in my mind is to authenticate by creating a invisible form in aspx page that hosts my silverlight application and send a request from silverlight by calling javascript code and to validate on server side using asp.net membership provider. Other operations on database also would be done using javascript requests from silverlight.
The other ways that i know is using wcf web services, but i was confused in ways that i should do authentication, how to keep the session in cookie (that when i open this silverlight page in other tab not to authenticate another time authentication). I read also about windows identity foundation but i don't know if it is the best solution. Those approaches with wcf web services i would prefer more because i have no much experience with web development.
What are best practices to accomplish what i want to do and deploy the application to windows azure with not too much pain?
Sorry for my bad English, and thanks in advance.
I would suggest have an aspx login page which validate the credentials using membership.Let the silverlight redirect there and logged in. Once it is logged in and if your services are ASP net compatible you can call the services normally.ie it will add the cookies and all.
If you have the Out Of Browser mode you need to get the username and password in your SL app and authenticate using a web service method.
Identity foundation is really good is you are using different identity providers such as google,yahoo,FB,live etc...
For the authentication question - here is a tutorial on MSDN:
Related
We have a Asp.Net MVC web application with custom authentication functionality (not using .Net authentication framework). Now we want to integrate it with Azure Active Directory with multi tenant support. I have followed following application example and the sample app directs me to AD login page.
However, when I do same thing in my app, it just redirects me to http://localhost:14223/app/login.aspx?
We are not using FormsAuthentication or anything, so I am not sure how this is happening and what is the process to avoid it.
Any help would be appreciated.
Thanks.
Please read this part of ADAL.NET's conceptual documentation for the ways for confidential client applications (Web applications, Web APIs, daemon applications) to acquire tokens.
More generally you might want to read the full page: Acquiring a token: this depends on the kind of application
Ok, I have this scenario.
I have one WEB API which will provide functionality to an intranet application, the idea is this application WILL not be visible to the outside world, so it wont have a login page.
However, the web api will also be consumed by mobile apps outside the organization, so the webapi WILL be exposed via a public url.
How can I make the authentication/authorization here to support both scenarios?
1. Internal users will be able to consume the web api via the angular backend app without an explicit login page.
2. External users via the mobile app will consume the web api with their active directory account.
I found this:
https://stormpath.com/blog/token-authentication-asp-net-core
where I could easily replace the GetIdentity Method to go to Active Directory and check if user exists with that user and password, but on the intranet, I wont have that info.
ideas please?
The best way to handle such a scenario is to use HMAC Authentication as discussed here. This will allow easier access to the piblic endpoint without requirering some kind of a login from the mobile clients, while at the same time enabling you to know which mobile is acceessing your endpoint. This is the same workflow as implemented in External Auth services like login with google and facebook where you are given an apikey and a apisecret
YOU CAN FIND THE SOURCE CODE OF THE EXAMPLE USING ASP.NET HERE
I am trying to figure this one out. I am using a simple web service that is hosted by an asp.net web application that is going to be used for authentication for a mobile client and a desktop client and it will also be used to send/receive information to and from the clients.
Right now the service uses custom username and password authentication that is hard coded into the service. I need some kind of authentication though. So I figured I could just add the asp.net membership provider to the web application that is hosting the service, and I could use that database for the members for the service.
This would provide a way for me to manage the users as well. Could anyone tell me if this would work and if so how could it be implmented?
Here is the service I am using: http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti
It is easy to do. Assuming you're using Visual Studio I suggest using the web site administration tool. A MSDN article describing adding ASP.NET Membership Provider can be found at http://msdn.microsoft.com/en-us/library/6e9y4s5t(v=vs.100).aspx
I'm building an app which is subscription based, users can login to a website an use it as they please. I would also like them to have the option to work with it outside of the browser and even offline. The app itself is not dependent on online resources, only the authentication is done via forms authentication.
What would be the best way for me to make offline authentication possible?
You could consider using WCF RIA Services for authorization and authentication with your own membership system.
Here is a brief example.
I have an ASP.NET web application I built for a client that uses default the ASP.NET forms authentication. They are now requesting a desktop (WinForms) app that works "with" the web application. I have created the webservices to access the data they want from the web app and put it into the desktop app. That works great.. but there needs to be the same level of security and data access based on roles that is already stored in the asp.net application.
So now it's time to make authentication work across both applications.
I would like to take advantage of the asp.net authentication by prompting a login when a user first opens the WinForms application and the calls possibly a web service to authenticate the user, get the users role, and profile.
I'm sure this has done and or asked about.. I'm just not finding the question/answer in SO.
First: Use WCF for your web services. It's a better framework than the old ASMX services.
Second: WCF can utilize the same RoleProvider and MembershipProvider classes that your ASP.NET application utilizes. It's a simple configuration switch. Use them both and your web service requires the same credentials as the web application.
And... that's pretty much it.
For more info, see:
Implementing a Role Provider
Implementing a Membership Provider
How to: Use the ASP.NET Membership Provider
To add to Randolpho's answer: another feature users might like is the ability to save their credentials rather than entering them every time they start your application. You can use the Credential Management API for this as described in this answer.