I have an ASP.NET web application I built for a client that uses default the ASP.NET forms authentication. They are now requesting a desktop (WinForms) app that works "with" the web application. I have created the webservices to access the data they want from the web app and put it into the desktop app. That works great.. but there needs to be the same level of security and data access based on roles that is already stored in the asp.net application.
So now it's time to make authentication work across both applications.
I would like to take advantage of the asp.net authentication by prompting a login when a user first opens the WinForms application and the calls possibly a web service to authenticate the user, get the users role, and profile.
I'm sure this has done and or asked about.. I'm just not finding the question/answer in SO.
First: Use WCF for your web services. It's a better framework than the old ASMX services.
Second: WCF can utilize the same RoleProvider and MembershipProvider classes that your ASP.NET application utilizes. It's a simple configuration switch. Use them both and your web service requires the same credentials as the web application.
And... that's pretty much it.
For more info, see:
Implementing a Role Provider
Implementing a Membership Provider
How to: Use the ASP.NET Membership Provider
To add to Randolpho's answer: another feature users might like is the ability to save their credentials rather than entering them every time they start your application. You can use the Credential Management API for this as described in this answer.
Related
Hi We are building apps with sharepoint 2013. Currently we have them setup as two web applications with two separate domain names -
Wep App 1 - www.webapp1.com
Web App 2 - www.webapp2.com
We also have ASP.net membership role provider database which we use for authentication.
right now we want to implement Single Sign On for both the Web App. If i Authenticate with one web app and i try to navigate to the other web app i should not be asked to re-authenticate again.
How can i achieve this. i cannot use ADFS as we maintain a separate database with all the user info as a part of asp.net membership role provider.
Can someone guide me on how this can be achieved.
Appreciate your time.
You are right, the SP2007 model was a lot easier but not extensible.
Are these web applications on the same SharePoint farm?
The SharePoint STS can be shared across multiple web apps as long they live within the same farm. You can configure your webapps and the Sharepoint STS to use FBA with your custom membership/role provider.
We managed to implement a similar scenario but the webapp1 was living on Sharepoint 2010/2013 and the webapp2 was an standard ASP.NET app. The user logs in on webapp1 and the ticket was shared across to webapp2. The same scenario can be used to share tokens between Sharepoint web apps as long they live within the farm. (Your Sharepoint STS will internally talk to your membership/role provider however behind the scenes a FedAuth token will be created as your SP web apps only understand claims)
Hope this makes sense, if not let me know.
Gerardo Diaz
I am trying to figure this one out. I am using a simple web service that is hosted by an asp.net web application that is going to be used for authentication for a mobile client and a desktop client and it will also be used to send/receive information to and from the clients.
Right now the service uses custom username and password authentication that is hard coded into the service. I need some kind of authentication though. So I figured I could just add the asp.net membership provider to the web application that is hosting the service, and I could use that database for the members for the service.
This would provide a way for me to manage the users as well. Could anyone tell me if this would work and if so how could it be implmented?
Here is the service I am using: http://www.codeproject.com/Articles/96028/WCF-Service-with-custom-username-password-authenti
It is easy to do. Assuming you're using Visual Studio I suggest using the web site administration tool. A MSDN article describing adding ASP.NET Membership Provider can be found at http://msdn.microsoft.com/en-us/library/6e9y4s5t(v=vs.100).aspx
I would like to know if it’s possible to do use authentication in Silverlight 5 without having to use RIA Services. I am using Entity Framework to connect to my database. I am also using the Business Application template. I have created a custom membership provider through which I am able to validate user credentials and can add new users. However, if I want to restrict content on the app based on which user is logged on, I have no way of doing. I believe that if I create a RIA Services Domain Context I can potentially check user information via WebContext.Current.User. Is there a way to get this type of information without RIA? Perhaps a WCF service of some sort?
Once I wrote a tutorial on how to share forms authentication between your web app and a silverlight app. This works without ria, uses guarded wcf. You can even fine tune the access to individual roles.
http://netpl.blogspot.com/2010/04/aspnet-forms-authentication-sharing-for.html
I am designing an N-Layer system in .NET that will consist of
SQL Server 2008
EF 4
Repository Layer
Service Layer(Business Logic)
On top of this I will have:
ASP.NET MVC website
external API to be consumed by other clients(built with WCF or ServceStack.NET)
I would like to implement the typical username/password auth within the MVC app as well as OpenID/twitter/facebook login options
The api will need similar forms of authentication.
Where in the architecture is the best place to implement the authentication and are any samples available of how to implement something like this with a .NET Stack?
Is a custom Membership provider an option for this?
I realize that there are libraries available to implement the openID portion so that is not a concern at the moment but I would like to leave things open to add this in the future.
Suggestions?
Authentication should be done at the user facing point: MVC website and the WCF service.
In each point, use the appropriate authentication/authorization mechanism.
MVC website: forms authentication (or windows authentication etc.)
WCF service: (what method will you be taking, API key, user/name password on every request, secure key, auth cookie etc.)
For each point, call the service layer with the credentials used by the requestor (user) and validate it against your database (in the service layer).
The service layer should return valid/invalid for the credentials given to it.
If it's invalid, have your website or webservice reject any further actions from the user and inform them that it's not valid.
If it's valid, have your MVC website create the auth cookie (FormsAuthentication.SetAuthCookie) and your WCF service do the appropriate action for the authentication mechanism you chose.
Keep your service layer agnostic of the authentication. It should only respond with whether or not a set of credentials is valid and your front-facing layers should take care of setting the authentication tickets.
For Open ID/Twitter/Facebook logins, all the information needed is on the web app (via the login source cookies), so use that to setup your website's auth cookie.
A basic architecture would be to use the asp.net membership api for your service and web apps calling into the same membership database. Then use an impersonated user to connect to SQL Server.
You can then write custom membership providers for the other auth mechanisms or incorporate them all into one membership provider.
Sorry had to write this as another answer as didn't have enough space in the comments.
Configure the membership provider at the IIS level and use the OOTB SQL membership provider to get basic authentication working.
You can then write a custom membership the repository layer will be running in the context of the web application either web service or asp.net site so your authentication information will be in the httpcontext, you can then use that to connect through to your database or use an impersonated account i.e. the app pool user to connect instead.
You can then write a custom membership provider that authenticates against the other providers if you like and just swap out the standard SQL one for your custom one.
As an addition to Omar's answer:
You could also use a Facade Pattern which handles the authorization and is used by both the WCF and MVC code and provides the API to the business layer.
A rule of thumb is: Put authorization at one single point and let the auth-logic be handled by the client(s). Don't spread it over your service layer!
I'm building an app which is subscription based, users can login to a website an use it as they please. I would also like them to have the option to work with it outside of the browser and even offline. The app itself is not dependent on online resources, only the authentication is done via forms authentication.
What would be the best way for me to make offline authentication possible?
You could consider using WCF RIA Services for authorization and authentication with your own membership system.
Here is a brief example.