We are developing a mobile app and this app will call the same APIs as the web one.
We want to create specific controllers for the mobile app and prevent it from calling the ones for the web app and vice versa.
Both apps send an access token which contains the client_id for each app.
Is it possible to do something like this :
[Authorize("mobileOnly")]
And check in the OnAuthorization if the request comes from the mobile or web app.
Or is there a better solution?
Edit: We are using .Net framework not .Net Core
Related
We have a legacy Web Forms app that we intend to slowly port over, module by module, to Blazor WASM. As we do not have the capacity to rebuild everything in Blazor straight away, we are going to have to run the Blazor and Web Forms app side by side for the time being. To the end user, this needs to appear seamless - i.e. they don't notice when they're being switched between the two.
The first thing I am trying to sort out is the log in process. We have decided to use IdentityServer to build an external identity provider which both the Blazor and Web Forms app will communicate with. Currently I am just trying to create some proof of concept models to see if I can actually get this to work.
I have managed to build a sample Blazor WASM app and a sample Web Forms app that both communicate with the same IdentityServer app to log in. Both of these apps recoginise upon initial load whether a user is already logged in to IdentityServer or not and they show or hide a claims page accordingly.
If I log out of the Web Forms app and then refresh the page in the Blazor app, the Blazor app requires me to log in again - which is what I want. I'm doing this by setting:
BackChannelLogoutUri = "https://localhost:7260/bff/backchannel"
in the IdentityServer Config.cs file for my Blazor client.
What I can't work out is how to get my Web Forms app to behave in a similar fashion. If I log out of my Blazor app, the Web Forms app remains signed in. I am not sure what the equivalent FrontChannelLogoutUri or BackChannelLogoutUri would be for the Web Forms app.
The Web Forms sample app I am using as my template is the sample provided by Duende themselves, which is here:
https://github.com/DuendeSoftware/Samples/tree/main/various/clients/Owin
(Firstly, these "technology migration" projects are tough , so I wish you the best of luck!)
You need a have two "Front channel server-side clients", so the BackChannelLogoutUri setting is useless. So you need to pay attention to this part of the Identity Server documentation.
Alternatively (as I have done the same in a similar project) you can call a service api in the other UI client and then use a technology like SignalR to notify all open browser tabs of the logging-out user in any other UI to trigger log out.
What I am trying to achieve:
I currently have mobile apps on top of services and would like to add a web site on top of the same services.
Services details:
ASP.NET Web API project using OAuth (bearer token) and Identity for authentication and authorisation.
Microsoft.AspNet.WebApi 5.2.3
Microsoft.Owin.Security.OAuth 3.0.1
Microsoft.AspNet.Identity.Core 2.2.1
Mobile details:
Xamarin projects.
Xamarin.Forms 2.3.3.193
What architecture should I use for the web site?
Create a new ASP.NET MVC project and call my current services from the MVC controllers? This seems bad because:
I would have 2 layers of controllers (web site MVC controllers calling services API controllers)
I would need to store bearer tokens in cookies
I would need to manage the tokens and cookies expirations
Create a new ASP.NET MVC project and call current services database directly? This seems bad because:
I would have to duplicate the models in the services project and in the web site project
Create a new ASP.NET project and call my current services using ajax? This seems bad because:
I would need to create my own register/login pages
I would need to store bearer tokens in cookies
I would need to manage the tokens and cookies expirations
I would need to say bye to future social authentication (OAUTH2) implementation because I wouldn’t be using OWIN
Thanks,
fcorbeil
If you already have the API a brand new MVC app shouldn't be such a bad choice. If you have your models stored in a different project just reference them to the MVC one. As for the services, them would work perfectly with the new application. This all can be achieved without changing almost nothing to the current implementation.
I am working on a project and using a similar architecture.
I decided to create an Angular project for the website front end and all it does is talk to the Web API. Angular handles the JWT authentication really well. If you've never worked with Angular before, it is really nice to work with.
However, a vanilla ASP.NET MVC web app would work just as well.
It depends on how comfortable you are with Angular, or how willing you are are to learning it! :)
I am having a project in which i need to implement authorization using OAuth.
I am developing different apps with their different data.
Web app 1:
This is a SPA web app that will connect with a webAPI built for it that will expose related bussiness data to this web app.
Web app 2:
This is an MVC asp.net web site that also uses another web API built for it to get access to it's bussiness data.
My Auth service - this is what i want to know how to build:
What i need is to use asp identity and make a separate database and a separate web API that will handle authorization and authentication for the above web apps.
Web app 1 has it's own database and is using it's own web api to present data to users. So, is web app 2. This means that web app 1 does not depend, care or communicate in any way with web app 2. When a user of web app 1 or web app 2 wants to register or login he should communicate with web API of my auth service to do that. All my webapps should use the same auth service and be agnostic of it's specific details and only use this service's api for auth.
An example of this is google or facebook.
I am using c#, asp.net 5.
Any ideas or resources how to do this would be very helpful
A basic implementation is included in Visual Studio 2015 templates. Choose new ASP.NET Web Application and then MVC or Web API with Individual User Accounts as Authentication option. MVC or Web API depending on the way you want to register and log in.
You have a more complete example with refresh tokens and managing different clientIds in the following post by Taiseer Joudeh, it's not ASP.NET 5 but I think it could be interesting for you.
I'm making a Web App with Silverlight for my company.
This app's aim is simple : let each user to manage his informations on the AD such as adress, city, phone, mail...
Because I'm friendly with WPF Desktop App, I want to do that with the same XAML and C#, so I choose to use Silverlight Browser App.
I've seen that I can't import System.DirectoryServices so I can't use common DirectoryEntry.
Please, can someone tell me exactly what to use and how to use AD with Silverlight app?
Silverlight only has access to a small subset of the classes available in the full .NET Framework. Furthermore, the Silverlight application runs in a secure sandbox in the browser.
To do what you want, you must expose the data through a web service.
The easiest place for you to start is to look at RIA Services.
I have a .NET 2.0 WinForms application that was developed using the Composite Application Block and Smart Client Software Factory.
I'm considering the development of a module that would contain a browser control that would access the ASP.NET website using credentials established when the user logged into the WinForms client.
My goal is to use this strategy to transition all of the modules that are currently in the client to ASP.NET and retire the 'smart' client. Security for the WinForms client is currently implemented using the ASP.NET Membership functionality.
Is this possible? Sensible?
Yes, you can. Make a SmartPart that hosts the WebBrowser control, add some buttons for forward and backward navigation, and a url textbox; then point the WebBrowser control at your web application's URL.
It is sensible. We used CAB/SCSF to create an application we called "The Integrated Desktop". This application serves as the platform for all internal apps for the company; everything is integrated into this one desktop application. We added a foundational module, basically a beefy version of what I described in the above paragraph, to facilitate web browsing since a few pre-existing apps were web-based and our users wanted access to those at the same place they were doing all their other work. One cool thing was the use of the WebBrowser's ObjectForScripting property that allowed for somewhat seamless integration between the desktop app and the web app being hosted inside.
What are your requirements?
You would choose a web app over a smart client mainly
if you have to reach people that
are not on the Windows platform or
you have a need for a
zero-install app
By having your app users having to access the web app via the smart client (browser-control) you would be missing (1) and (2). In my opinion it would defeat its purpose.