I am new to Silverlight, and I building a simple app which provides an interface for an expense report portal. The portal has a REST API which I can access; I know I can do it using WebClient or WebHttpRequest. However, to be able to access the API, I need to login first. The login is simple forms authentication on login.aspx of the site. How do I login (post to the login page) from Silverlight?
NOTE: The site has the clientaccesspolicy.xml setup, and I am able to access the REST URL that do not require you to be logged on.
Have you looked at the Silverlight Business Application project template and WCF Ria Services. The template has built in functionality to login to a forms authenticated website.
You can use this as a starting point for your silverlight application or simply use it to see how to perform authentication from silverlight.
Related
Ok, I have this scenario.
I have one WEB API which will provide functionality to an intranet application, the idea is this application WILL not be visible to the outside world, so it wont have a login page.
However, the web api will also be consumed by mobile apps outside the organization, so the webapi WILL be exposed via a public url.
How can I make the authentication/authorization here to support both scenarios?
1. Internal users will be able to consume the web api via the angular backend app without an explicit login page.
2. External users via the mobile app will consume the web api with their active directory account.
I found this:
https://stormpath.com/blog/token-authentication-asp-net-core
where I could easily replace the GetIdentity Method to go to Active Directory and check if user exists with that user and password, but on the intranet, I wont have that info.
ideas please?
The best way to handle such a scenario is to use HMAC Authentication as discussed here. This will allow easier access to the piblic endpoint without requirering some kind of a login from the mobile clients, while at the same time enabling you to know which mobile is acceessing your endpoint. This is the same workflow as implemented in External Auth services like login with google and facebook where you are given an apikey and a apisecret
YOU CAN FIND THE SOURCE CODE OF THE EXAMPLE USING ASP.NET HERE
I currently have a MVC application that is using Forms Authentication. I realize that you cannot self host a MVC application. Business requirements dictate that my application has to be self hosted. I was thinking of creating either a WCF or Web API application that is self hosted, where I can expose various endpoints. However, the problem I am facing has to do with authentication. In my MVC, I used Forms Auth, and allowed the user to use a form to enter credentials. How can I do something similar in WCF or Web API. I know how to render the HTML for the login page, etc, but the part that I am not familiar with is how to code up the smarts that anyone who tries to access one of my endpoints needs to be redirected to another service, so that I can do my thing to authenticate them.
I guess I'm trying to do something similar to the Forms Authentication redirect, but, within the context of WCF or Web API. I started looking into message interceptors and route filters, but, still need to do some research.
Any ideas to point me in the right direction ?
Forms Authentication Control Flow is explained here. This is what you need to implement using a DelegatingHandler for ASP.NET Web API.
I have an sql azure database. I need an silverlight application with username/password authentication by table from sql azure and makes some operations on data from azure database.
The first that come in my mind is to authenticate by creating a invisible form in aspx page that hosts my silverlight application and send a request from silverlight by calling javascript code and to validate on server side using asp.net membership provider. Other operations on database also would be done using javascript requests from silverlight.
The other ways that i know is using wcf web services, but i was confused in ways that i should do authentication, how to keep the session in cookie (that when i open this silverlight page in other tab not to authenticate another time authentication). I read also about windows identity foundation but i don't know if it is the best solution. Those approaches with wcf web services i would prefer more because i have no much experience with web development.
What are best practices to accomplish what i want to do and deploy the application to windows azure with not too much pain?
Sorry for my bad English, and thanks in advance.
I would suggest have an aspx login page which validate the credentials using membership.Let the silverlight redirect there and logged in. Once it is logged in and if your services are ASP net compatible you can call the services normally.ie it will add the cookies and all.
If you have the Out Of Browser mode you need to get the username and password in your SL app and authenticate using a web service method.
Identity foundation is really good is you are using different identity providers such as google,yahoo,FB,live etc...
For the authentication question - here is a tutorial on MSDN:
I'm building an app which is subscription based, users can login to a website an use it as they please. I would also like them to have the option to work with it outside of the browser and even offline. The app itself is not dependent on online resources, only the authentication is done via forms authentication.
What would be the best way for me to make offline authentication possible?
You could consider using WCF RIA Services for authorization and authentication with your own membership system.
Here is a brief example.
I have an ASP.NET web application I built for a client that uses default the ASP.NET forms authentication. They are now requesting a desktop (WinForms) app that works "with" the web application. I have created the webservices to access the data they want from the web app and put it into the desktop app. That works great.. but there needs to be the same level of security and data access based on roles that is already stored in the asp.net application.
So now it's time to make authentication work across both applications.
I would like to take advantage of the asp.net authentication by prompting a login when a user first opens the WinForms application and the calls possibly a web service to authenticate the user, get the users role, and profile.
I'm sure this has done and or asked about.. I'm just not finding the question/answer in SO.
First: Use WCF for your web services. It's a better framework than the old ASMX services.
Second: WCF can utilize the same RoleProvider and MembershipProvider classes that your ASP.NET application utilizes. It's a simple configuration switch. Use them both and your web service requires the same credentials as the web application.
And... that's pretty much it.
For more info, see:
Implementing a Role Provider
Implementing a Membership Provider
How to: Use the ASP.NET Membership Provider
To add to Randolpho's answer: another feature users might like is the ability to save their credentials rather than entering them every time they start your application. You can use the Credential Management API for this as described in this answer.