I have a basic authentication in the developer portal of my APIM in azure.
If I go directly (without authenticating) to https://...apimanagementdev.developer.azure-api.net/apis, the page loads.
How can I force pages to load only for authenticated users?
You have to go to identities => settings and then check Redirect anonymous users to sign-in page
Related
My Application in ASP.Net 4.0 Webform version. Application runs on SAAS based model. Deployed on Internet.
One of the client wants to use ADFS for SSO implementation.
When user logged in domain local intranet and try open Application deploy on Internet then he should be automatically logged into the application.
Process Flow will be
User Logged into Domain
Open Browser and try to open Internet application
Authenticate user with ADFS and Valid user then return the Claims
Any Blog or MSDN - how to configure ADFS (we did at our end but when user redirected to ADFS it again ask for Login from ADFS).
How to achieve this?
You are talking about IWA - refer this (page down).
Note this is browser functionality.
Create RP trust here.
I have an app, and I want enable users log in to the app using my wordpress site's user info. So the user clicks on the sign in button, a new window popsup and opened by wordpress site. And after user input the username and password of my wordpress site, then the user should log in to the mobile app.
So I need my wordpress site behaves like an OAuth server, how could I achieve it, and how to invoke the the OAuth apis?
You need to use WP OAuth server in your Wordpress website and additionally a plugin that enables APIs for your Wordpress site.
For OAuth server plugin, Check below link:
https://wordpress.org/plugins/oauth2-provider/
It works with WP REST API/ JSON API and provides access protected endpoints via OAuth2.
If you want to use WordPress website authentication and users in your application, you need an OAuth server on your WordPress website. This is our product: https://lana.codes/product/lana-passport/
If the user clicks the Single Sign On button (and is not logged in to the WordPress site), the WordPress login interface will appear where the user can authenticate.
Once you have the authentication, you have access to the /resource endpoint, which returns user data according to the scope.
Note: you have to create a Single Sign On solution for your app (it will be an OAuth client), which is connected to the endpoints of the WordPress OAuth server.
So in summary:
the WordPress website needs an OAuth server
the app needs an OAuth client
We are having one web site which is developed in ASP.NET and VB code base and It has the normal forms authentication with username and password.
One of our client whats to setup the Single Sign On with our web site and they set up ADFS and gave us the Metadata xml file and We have created STS reference to that url and shared our website Metadata for them to add Relying party Trust.
when I access our website it redirecting to customer page and once they enter the login credentials and it's coming back with the Claims which is good.
Problem :
1).Now who ever access our website all user is automatically redirect to client ADFS login page which should not happen.Users should be Prompt with Our login page and it shouldn't automatically re-direct to client ADFS. If user Wants to use the SSO then it should be re-directed to client page ? How to handle that in programmatic ?
2).If one more client also wants to use the SSO with their IDp then how to configure more than one IDP for One web site?
Thanks.
WIF or OWIN?
WIF by default protects all pages.
You could un-protect your login page (location tag) and then if SSO redirect to a dummy protected page which will cause WIF to kick in.
Beware: for older apps. WIF and FBA in the same app. can cause problems.
The classic way to handle 2) is to federate the two ADFS. Then a user will see a Home Realm Discovery screen and get to chose which IDP.
I have an ASP.NET site on a public web server, where users login using forms authentication.
I would like users within certain organisations to be able to login automatically through Windows authentication (bypassing the login page). However, because these clients are on lots of different servers, I can't just build in Windows security to the main site. (I know there are articles on how to mix Windows and Forms security.)
My idea is for each organisation to install a page onto their intranet which redirects to my website and authenticates the user according to their Windows domain and username. Is this possible to achieve securely? How could I go about doing it?
What you have described is almost federated identity.
As well as a page on each site, you will also need a webservice whch will validate a token.
Essentially the flow is:
User comes to your logon page
you redirect them to their company logon page
their company logon page takes their credentials and redirects back to you returning a token
you then call their webservice to validate the token an determine who the user is.
Many public API's use this scheme (facebook being a notable example).
look up oauth and federated identity for more information.
I need help on authenticating users based on their location. The problem is this: If the users come to the web site out of domain then the user must fill a login page and the credentials he provided must be authenticated from a custom credential store. If the user is an Active Directory user, he must be directed to the resource he wants without asking for credentials.
If I enable both Anonymous Auth and Windows Auth for the web server, Anonymous Auth comes first and even the user is an Active Directory user I can't access his domain information.
Anyone can help?
One way I know is to set a single page, like AdLogin.aspx, to deny anonymous users and have that page log them into the Forms Authenication module. You then have to create a custom 401 error page that redirects to your Forms login page from your AdLogin. The one thing I don't like is that AD users try to login through the Forms login page all of the time, and it's hard to bookmark the AdLogin page because it just does an automatic redirect. I also don't like that it's so dependent on a custom IIS configuration.
See my answered here for details: ASP.NET Application to authenticate to Active Directory or SQL via Windows Authentication or Forms Authentication
How about publishing the website with 2 different Webapplications?
You could configer the internal one to use Windows Auth, and the external one to use Anonymous. If the user requests a site that requiers auth, you allow them to authenticate.
You can also post an "Login" Link on your (external) webpage, that will allow the user to manually log in on the external site. But if you allow a Page to use anonymous, then you have to consider that you wont know who the user is currently.