Using ASP.net credentials to log in from a WinForms application - c#

We have an ASP.net application but some screens are deemed too slow to use by our users.
As a result, we are trying to provide a WinForms-based alternative to those data-input centric screens so we can use richer controls like Grids with immediate screen updates and feedback for the user.
Ideally, I would like the users to login to the WinForms application using the same credentials they use in the ASP.net application?
Is it possible?
I've found this post ( .Net authentication for both web and winforms ) but it isn't really answering the question from my point of view...
We are not using WebServices, or WCF at the moment and do not plan to use it unless it is really the only way to achieve this.
Thanks a lot.

Sure you can, just add the same settings in your app.config that you have in your web.config to wire up the Membership provider, and reference System.Web.Security. Then you can use Membership and Roles from your WinForms application.
See this article for a good example of how to do this:
http://www.theproblemsolver.nl/usingthemembershipproviderinwinforms.htm

Take a look at this article: Unify Windows Forms and ASP.NET Providers for Credentials Management.
For even more information check out the links from this answer: http://social.msdn.microsoft.com/Forums/en-US/winforms/thread/9e5192f4-4f44-4db6-aab8-8e79f2e667f8.

Related

React SPA with .net core API, authentication

I would like to write a SPA application in React that will communicate with the .net core API.
I think it would be easier to have two separate projects (API + UI) on different domains.
API should be protected, that only authenticated users could make requests.
In react i'd like to have login and registration forms that will allow me to register and login users, and also I would like to have social providers. I would like to create whole UI for managing users in react SPA, and saving this data using API.
I did a lot of research, and I'm a little confused.
I would really like to use Core Identity because it simply looks like made for it
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-5.0
it has a ready to go model of Users, Claims, Roles etc.
it has built in services for managing passwords, users, roles etc
it has features to customize authentication schemes, policies, roles etc,
there are lot of reasons why i think this is a good solution.
Unfortunatelly, on the documentation site there is an information that for SPA integration it works combined with Identity Server.
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-5.0
Last year I went throug every episode of this tutorial https://www.youtube.com/watch?v=Fhfvbl_KbWo&ab_channel=RawCodingRawCoding (btw. great tutorial), and I'm pretty sure, that I don't want to use Identity Server 4 for this scenario. As far as I know - this is the best solution when you want to have SSO for multiple applications, and you would like to provide one common way to authenticate user for all of it. And it has it's own UI for managing user registration, login and managing. This is not what I need - I just want to have it all written in React, cause I want all application to have the same mui theme without redirects to Identity Server.
But maybe I'm wrong, and Identity Server will work for me. But I found it to be quite lot of work to provide my own UI rather than MVC
(https://medium.com/#piotrkarpaa/using-spa-react-angular-ui-with-identity-server-4-dc1f57e90b2c)
For now I think, that I should use Identity Core on the backend, and communicate with it from React SPA with custom controllers like in here:
https://www.c-sharpcorner.com/article/authentication-and-authorization-in-asp-net-core-web-api-with-json-web-tokens/
Authenticating React SPA with API with JWT token - I think that this will work according to this example:
https://www.youtube.com/watch?v=FSUa8Vd-td0&ab_channel=Geek%27sLesson - but in here this is without Identity Core.
But I'm not sure that this is the best approach, and I don't know if I will be able to add Social Providers this way.
Also, I found serveral tutorials how to comine React App with .net core backend (and authentication) like this one:
https://www.red-gate.com/simple-talk/development/dotnet-development/integrate-create-react-app-with-net-core-5/
but I would like to have two separate applications, API and UI.
What is the best approach to achieve this goal?
EDIT:
Few months later, I already have SPA application, API and IS4. There is lot of problems to make Identity Server views (registration, login etc) look similar to SPA Application. (React app in MUI, MVC with bootstrap... ).
Now I think it was a bad decision, causing lot of problems:
2 way integration of users from API and Identity Server 4
changes in SPA layout, styles, colors - it all needs to be maintened on Identity Server 4 too
Bad user expirience - editing user profile on another application, on another domain with slightly different styles
Now I'm about to rewrite application, not to use Identity Server 4. Components for registration, login and editing user profile will be in SPA application, maintaining users will be done using API.
The only think I do not know is how can I use social providers with this aproach?
My question is still remaining without answer, can someone help me with providing proper solution?
Finally I found proper solution for me:
https://mahdikarimipour.com/blog/google-auth-for-react-with-aspnet-identity
thank you for your post: Mahdi Karimipour

Asp.Net Core Chat SignalR-based rendered inside an Iframe, and called from inside of an Asp.net Web Form based application

I have an Asp.Net Web form based Application, which relies on an Identity Server for authentication. I'm planning to create a Chat to be used as an independent Asp.Net Core Web Application (using SignalR), which would be authenticated in the same way as the Asp.Net Web form based Application (Both using the "Single Sign-On" approach). So, based on the given context, the key point is that I'd like to be able to render the Chat from inside the Web forms application through an IFRAME and I'm wondering if anyone could help me to identify potential problems that I could come across if I use this approach, specially when it comes to the Security stuff.
Thanks in advance.
Iframes act like a normal pages, or tabs in most aspects.
SSO protocols, including OIDC, are designed exactly to securely simplify the authentication procedure for different web (but not only) apps.
Follow the recommendations regarding the choice of grant type, always use https, do not store refresh tokens nor secrets in browser, and you are secure.
Enable two factor auth, signing keys rotation, and you are secure a bit more. There is nothing absolute in the world, but for general purposees... you are on the right way.

One login for two projects in a solution

So I have two projects in my solution, one is an ASP.Net C# Web App and the other is a Silverlight application. My question is, instead of configuring users and security for both sites with the ASP.net Web Site Administration tool, can I somehow use just one to configure users for both?
To do this you simply need a shared storage mechanism for users from both sources. This would normally be a database.
I'm not sure about in Visual Studio, but if you're deploying to IIS you can configure a forms login at a higher level and use that for each application.
Using single login is right way!
You can already use your aspnet membership in Silverlight. We use that way and this is the right thing.By this way you can share all your membership info,such as profile,groups.
http://blogs.msdn.com/b/kylemc/archive/2010/05/10/using-asp-net-membership-in-silverlight.aspx
http://www.silverlightshow.net/items/Leveraging-the-ASP.NET-Membership-in-Silverlight.aspx

What's similar to the Membership Provider in Winforms? [duplicate]

The Asp.Net membership provider has some clear uses in a web app. I am thinking about trying to leverage some of the features in a windows application (more specifically WPF). Does anyone know if it is possible to use the core features in a windows app? I am mostly just looking for it to create my database tables, and maintain users, roles, and profiles. I obviously do not need to use the built-in web controls (e.g. Login).
Yes. Membership, roles and profiles are all features of Visual Studio 2008 Client Application Services (Services tab of a project properties)
http://msdn.microsoft.com/en-us/library/bb384297.aspx
http://channel9.msdn.com/posts/DanielMoth/Client-Application-Services-with-Visual-Studio-2008/
I have a winform app that talks to DotNetNuke (DNN). DNN uses the Asp.net membership provider, so the source will work for other apps that use that membership provider as well. It's a very simple app, so you should be able to read the source easily.
http://www.datakido.com/downloads/Token/ViewInfo/ItemId/3
You should be able to adapt the source to work with WPF.
Yes, you can.
All the configuration can be done within app.config instead web.config of asp.net.
Make sure that you are creating a 3.5 application (WPF 4 won't work yet) - Then you must import the reference System.Web. This will allow you to use "using System.Web.Security;" like you normally would in a web app... now you can access stuff such as Membership.CreateUser()
Your app.config file has to be configured for your provider along with a connection string.

WPF, WCF Security using ASP.Net Authentication

I am building an application that has a WCF service that a WPF and ASP.Net MVC client will connect to.
I want to use the ASP.Net Membership providers for authentication for both the MVC and WPF clients.
What is the best way to go about this? I have read a number of articles on-line (see below) and tried following them through but keep running into errors.
http://www.nablasoft.com/alkampfer/index.php/2009/09/08/use-aspnet-membership-provider-with-a-wcf-svc-service/
http://msdn.microsoft.com/en-us/library/ms731049.aspx
Try checking this CodePlex WCF Security Link, it provides a number of scenarios with pretty complete checklists for the configuration of the security setup. Hopefully there will be a scenario that will be close to yours that you can go through and check things against.

Categories