I'm building an app which is subscription based, users can login to a website an use it as they please. I would also like them to have the option to work with it outside of the browser and even offline. The app itself is not dependent on online resources, only the authentication is done via forms authentication.
What would be the best way for me to make offline authentication possible?
You could consider using WCF RIA Services for authorization and authentication with your own membership system.
Here is a brief example.
Related
Ok, I have this scenario.
I have one WEB API which will provide functionality to an intranet application, the idea is this application WILL not be visible to the outside world, so it wont have a login page.
However, the web api will also be consumed by mobile apps outside the organization, so the webapi WILL be exposed via a public url.
How can I make the authentication/authorization here to support both scenarios?
1. Internal users will be able to consume the web api via the angular backend app without an explicit login page.
2. External users via the mobile app will consume the web api with their active directory account.
I found this:
https://stormpath.com/blog/token-authentication-asp-net-core
where I could easily replace the GetIdentity Method to go to Active Directory and check if user exists with that user and password, but on the intranet, I wont have that info.
ideas please?
The best way to handle such a scenario is to use HMAC Authentication as discussed here. This will allow easier access to the piblic endpoint without requirering some kind of a login from the mobile clients, while at the same time enabling you to know which mobile is acceessing your endpoint. This is the same workflow as implemented in External Auth services like login with google and facebook where you are given an apikey and a apisecret
YOU CAN FIND THE SOURCE CODE OF THE EXAMPLE USING ASP.NET HERE
We are building a web application that also includes webAPI's. These WebAPIs needs to be exposed to other applications as well (other internal application on different subDomain or 3rd party application). We are thinking of using OpenId Connect, so that not only we will be able to give access_token but also id_token for authentication.
Now the question is 'Should my main application also use openId connect' for authentication/authorization. I am not in favor of this. As per my understanding, only external applications should use openid connect to use main application's resources. And internal applications (main as well as application on different sub-domain) can work with regular cookie based authentication.
For instance, main application is MyWebApp.com (this includes webapi as well). Other internal applications are maps.MyWebApp.com, admin.MyWebApp.com, payroll.MyWebApp.com.
Other 3rd party application could be OtherWebApp.com.
Please suggest.
"Should my main application also use openid connect?"
Advantages
- paves the way for single sign on
- modularizes your authentication so you're not implementing different authentication solutions.
- you have the option of using the same Web api from your main app. (although you could just use the oauth2 client credentials flow and simply skip the openid connect authentication part)
Disadvantages
- if you only had one client app then this could be overkill
- you're adding complexity to the app by making it depend on an authentication server app (but modularizing has advantages too)
I don't know your scenario completely but I'm inclined to say yes. Although, I'd definitely turn off the consent screen from oauth2 for your trusted main app. If you don't use openid connect for authentication, it shouldn't be too hard to convert your main app to use it later
I have an sql azure database. I need an silverlight application with username/password authentication by table from sql azure and makes some operations on data from azure database.
The first that come in my mind is to authenticate by creating a invisible form in aspx page that hosts my silverlight application and send a request from silverlight by calling javascript code and to validate on server side using asp.net membership provider. Other operations on database also would be done using javascript requests from silverlight.
The other ways that i know is using wcf web services, but i was confused in ways that i should do authentication, how to keep the session in cookie (that when i open this silverlight page in other tab not to authenticate another time authentication). I read also about windows identity foundation but i don't know if it is the best solution. Those approaches with wcf web services i would prefer more because i have no much experience with web development.
What are best practices to accomplish what i want to do and deploy the application to windows azure with not too much pain?
Sorry for my bad English, and thanks in advance.
I would suggest have an aspx login page which validate the credentials using membership.Let the silverlight redirect there and logged in. Once it is logged in and if your services are ASP net compatible you can call the services normally.ie it will add the cookies and all.
If you have the Out Of Browser mode you need to get the username and password in your SL app and authenticate using a web service method.
Identity foundation is really good is you are using different identity providers such as google,yahoo,FB,live etc...
For the authentication question - here is a tutorial on MSDN:
I am new to Silverlight, and I building a simple app which provides an interface for an expense report portal. The portal has a REST API which I can access; I know I can do it using WebClient or WebHttpRequest. However, to be able to access the API, I need to login first. The login is simple forms authentication on login.aspx of the site. How do I login (post to the login page) from Silverlight?
NOTE: The site has the clientaccesspolicy.xml setup, and I am able to access the REST URL that do not require you to be logged on.
Have you looked at the Silverlight Business Application project template and WCF Ria Services. The template has built in functionality to login to a forms authenticated website.
You can use this as a starting point for your silverlight application or simply use it to see how to perform authentication from silverlight.
I have an ASP.NET web application I built for a client that uses default the ASP.NET forms authentication. They are now requesting a desktop (WinForms) app that works "with" the web application. I have created the webservices to access the data they want from the web app and put it into the desktop app. That works great.. but there needs to be the same level of security and data access based on roles that is already stored in the asp.net application.
So now it's time to make authentication work across both applications.
I would like to take advantage of the asp.net authentication by prompting a login when a user first opens the WinForms application and the calls possibly a web service to authenticate the user, get the users role, and profile.
I'm sure this has done and or asked about.. I'm just not finding the question/answer in SO.
First: Use WCF for your web services. It's a better framework than the old ASMX services.
Second: WCF can utilize the same RoleProvider and MembershipProvider classes that your ASP.NET application utilizes. It's a simple configuration switch. Use them both and your web service requires the same credentials as the web application.
And... that's pretty much it.
For more info, see:
Implementing a Role Provider
Implementing a Membership Provider
How to: Use the ASP.NET Membership Provider
To add to Randolpho's answer: another feature users might like is the ability to save their credentials rather than entering them every time they start your application. You can use the Credential Management API for this as described in this answer.