I am building an application that has a WCF service that a WPF and ASP.Net MVC client will connect to.
I want to use the ASP.Net Membership providers for authentication for both the MVC and WPF clients.
What is the best way to go about this? I have read a number of articles on-line (see below) and tried following them through but keep running into errors.
http://www.nablasoft.com/alkampfer/index.php/2009/09/08/use-aspnet-membership-provider-with-a-wcf-svc-service/
http://msdn.microsoft.com/en-us/library/ms731049.aspx
Try checking this CodePlex WCF Security Link, it provides a number of scenarios with pretty complete checklists for the configuration of the security setup. Hopefully there will be a scenario that will be close to yours that you can go through and check things against.
Related
We have an asp.net webforms application that uses our own custom authentication. I have been tasked with allowing one of our customers to use single signon to our app and they have their own adfs server. The idea is that we would allow more customers to do this going forward.
The examples I see for allowing multiple federated parties to connect to our application involves us setting up our own ADFS server which management does not want to do.
I have not found any examples of setting up multiple federations through web.config. Can it be done?
According to this post, he was able to do something similar:
https://blogs.msdn.microsoft.com/mcsuksoldev/2012/10/18/access-to-an-asp-net-website-via-multiple-authentications/
Personally, I still prefer setting up a federation product in front of the application. It doesn't have to be ADFS. You can use any federation product, either open source or commercial, as a proxy for you application.
We are starting a project which will consist in:
Web project (ASP.NET MVC)
IOS app
and both will consume data from a .NET WEB API service.
The WEB API service will expose a POST Method with the url "user/create". But i don't know how can i avoid another apps for making post to this url? I know i need a security protocol, but i wanted to know which one you recommend me, and if you have, an article where is it explained.
Thanks
web api 2 provides oauth authentication. You will need to get a token from the token end point of web api and pass that token in subsequent requests.
You should find lot of online resources if you search for web api 2 oauth.
We did something similar recently using OWIN OAuth 2.0 Authorization Server
Reference this ASP.NET page for details. Sample code is included as well for several different implementations.
For our purposes, we used the Client Credentials Grant section about half-way down the page. Our implementation involved server-server OAuth (Web API to MVC), but I bet it's pretty similar to have iOS connect. The only thing I would caution is to somehow encrypt the login credentials on the iOS side, and I'm sure there is a way to do that.
So you want the WebAPI to only be used by the MVC page? The best architectural method is to separate the two rather than leave both in one project. Why? Because the MVC app is a experience layer for humans. The WebAPI is an experience layer for the MVC app. Move it back where it can't be accessed.
You can add on tokens, etc, but the MVC app sits on the server, but is accessed on the client computer. The wider the scope of the application (ie, intranet or internet or something in between?), the more difficult the problem and the harder it is for your users to access the application. Moving the WebAPI internal and leaving the MVC app exposed guarantees external users cannot use the API.
The main reason WebAPI and MVC exist together in a single project (still a mistake in most instances, IMO) is you are exposing both to the same audience. If that is not your intent, don't do it.
Is it possible to use a self hosted signalR server with an MVC(4) application such that it is totally seperate from the signalR server?
I tried Tim and Patrick's beautifully executed SignalR intro tutorial, and was wondering if I could try that? And even if I could, would that offer any performance advantages over an integrated service as is metioned in the tutorial.
It is absolutely possible to self-host a SignalR 2.0 server with OWIN and accessing this server from within any Website (which may be a MVC application). The only thing you need is to enable CORS (app.UseCors(CorsOptions.AllowAll); in your Startup file of the Owin Host) since it's not on the same domain as your Website. Obviously you can't use SignalR within the MVC application itself this way (e.g. to publish messages).
I'm using a self-hosted ASP.NET Web API 2 and SignalR 2 server with OWIN to serve data to clients. You can find an example server using this scenario here. Tho advantage in this approach is to have your views & styles sepparated from your data and business logic. Making everything very easy to cache and scale.
I am trying to figure this one out. I am using a simple web service that is hosted by an asp.net web application that is going to be used for authentication for a mobile client and a desktop client and it will also be used to send/receive information to and from the clients.
Right now the service uses custom username and password authentication that is hard coded into the service. I need some kind of authentication though. So I figured I could just add the asp.net membership provider to the web application that is hosting the service, and I could use that database for the members for the service.
This would provide a way for me to manage the users as well. Could anyone tell me if this would work and if so how could it be implmented?
Here is the service I am using: http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti
It is easy to do. Assuming you're using Visual Studio I suggest using the web site administration tool. A MSDN article describing adding ASP.NET Membership Provider can be found at http://msdn.microsoft.com/en-us/library/6e9y4s5t(v=vs.100).aspx
We have an ASP.net application but some screens are deemed too slow to use by our users.
As a result, we are trying to provide a WinForms-based alternative to those data-input centric screens so we can use richer controls like Grids with immediate screen updates and feedback for the user.
Ideally, I would like the users to login to the WinForms application using the same credentials they use in the ASP.net application?
Is it possible?
I've found this post ( .Net authentication for both web and winforms ) but it isn't really answering the question from my point of view...
We are not using WebServices, or WCF at the moment and do not plan to use it unless it is really the only way to achieve this.
Thanks a lot.
Sure you can, just add the same settings in your app.config that you have in your web.config to wire up the Membership provider, and reference System.Web.Security. Then you can use Membership and Roles from your WinForms application.
See this article for a good example of how to do this:
http://www.theproblemsolver.nl/usingthemembershipproviderinwinforms.htm
Take a look at this article: Unify Windows Forms and ASP.NET Providers for Credentials Management.
For even more information check out the links from this answer: http://social.msdn.microsoft.com/Forums/en-US/winforms/thread/9e5192f4-4f44-4db6-aab8-8e79f2e667f8.