We have a parent web application that needs an authorization step to allow users to use it(using user+pwd).
After the authorization step, the parent web application has to open a different web application in an iframe, we can call child web application.
The both of application are installed on premises.
The child application could open its content with no login process but, as we want to be sure that the child web application is opened by the iframe from the browser where the user has performed the login, we are thinking to use OAuth 2 to implement the scenario.
So, when the iframe is opening the child web application, it is redirect to the the authorization server and in particular to the login page. As the user has performed a login in the step before, the flow continues to redirect the iframe to the second child application. Make sense?
My doubt is:
-Parent and Child application are different application, installed on premises.Does it make sense to use OAuth 2 for this kind of scenario?
Hoping for any help or consideration.
Related
So we have this web application running, but we wanted to make a Teams app (personal tab) from it. We used App Studio to create the app (manifest and all), but when running it from the sidebar we won't get past the login screen. On successful login, you get redirected back to the login page (everything happens on the same domain).
But when we tried to run the "app" as a tab within a group, this worked. So we need to find out why this doesn't work when we run it as a Teams "app".
Any ideas would be appreciated :)
The problem was that since it's running inside an iframe (in practice), the cookie set by ASP.NET State needs to state SameSite="None" and Secure="true".
Applications that use <iframe> may experience issues with sameSite=Lax or sameSite=Strict cookies because <iframe> is treated as cross-site scenarios. - https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite
So I had to upgrade the .NET Target Framework to 4.7.2, and make the changes stated in this document: https://learn.microsoft.com/en-us/aspnet/samesite/system-web-samesite
We have a large legacy web forms application.
We would like to continue to extend the functionality of it (add new pages). But we would like to stop adding more Web Forms code and instead would like to use Blazor to develop all new features going forward.
Ideally, a link from a Web Form page would redirect the browser to a page served by a Blazor app and vice-versa and the transition would be indistinguishable to the user.
Is this possible? If yes, how can it be done?
Also, what about authentication? Ideally, the user would login in our existing Web Form app and would not need to login again when transitioning to the Blazor app.
What I did:
Host the blazor application in a subfolder under the existing app:
myapp.com/oldapp
myapp.com/oldapp/blazor
You can just add links between them, If you use the same layout users should not notice.
Now because you are using the same hostname, you can issue a cookie with a JWT token on login in the old app, and because the new app runs on the same hostname the blazor app can pickup this cookie and use the token to do requests to a new backend API that is also using JWT auth.
Can I have a ribbon button launch an aspx ( asp.net ) page? The aspx page needs to inherit authentication and authorization as the logged in Dynamics user.
You can execute custom JavaScript from a ribbon button allowing you to spin up a new browser window pointing at whatever you like.
To inherit security credentials you need to look at setting up federated authentication across both the CRM server and the custom website hosting the ASPX. As you can probably imagine this isn't a trivial task.
You could also look at dropping your website into the custom ISV folder as was the case with CRM 4. However, this approach has been deprecated in CRM 2011 and AFAIK is therefore no longer supported.
As #Konrad pointed out you won't be able to use the Data Service REST API (OData) from your custom web pages as the service is only accessible from web resources hosted within the CRM environment. Server-side you'll be fine against the Org Service.
If you can get away with doing what you need in a web resource I'd highly recommend it as it's a whole lot less work.
I'm not sure you can do that. A while ago, I put in an iframe that I linked to an outside web page and it worked as supposed to except for connecting to the organization data. I just couldn't make that work (I got impatient, to be honest and didn't try all too hard).
The resolution I deployed in the end was to run a web resource, which was run internally on the server, that communicated the data to an outside service.
I'm assuming that the same behavior will follow if you try to open windows/convey data in to/out from the CRM.
I have a silverlight application which I load inside a an asp.net website via . If I don't implement any security on the silverlight application itself - will it be secure if the user needs to authenticate on the asp.net page (in which the tag sits) only? Or is there some hack to access the silverlight application without actually accessing the website?
Short answer is No. However it's not clear what you're trying to secure. Usually the precious assets are on the server, and the silverlight client is just one possible way to access those assets. In that case the server is responsible for the ongoing security, not just the secure delivery of the XAP.
Furthermore, once the XAP is delivered it's cached on the client machine. I would expect it to be a trivial matter to relaunch that XAP without going back to the source page.
I am creating a standalone asp.net page that needs to be embedded into a sharepoint site using the Page Viewer Web Part. The asp.net page is published to the same server on a different port, giving me the URL to embed.
The requirement is that after a user is authenticated using Sharepoint authentication, they navigate to a page containing the asp.net web part for more options.
What I need to do from this asp.net page is query Sharepoint for the currently authenticated username, then display this on the page from the asp.net code.
This all works fine when I debug the application from VS, but when published and displayed though Sharepoint, I always get NULL as the user.
Any suggestions on the best way to get this to work would be much appreciated.
If you want to retrieve the currently authenticated user from the SharePoint context, you need to remain within the SharePoint context. This means hosting your custom web application within SharePoint (see http://msdn.microsoft.com/en-us/library/cc297200.aspx). Then from your custom application reference Microsoft.SharePoint and use the SPContext object to retrieve the user name. For example:
SPContext.Current.Web.CurrentUser.LoginName
You can still use the Page Viewer Web Part to reference the URL of the site, now located within the SharePoint context.
Thanks heaps for the answers!
Turns out that as long as the asp.net page is using the same URL and port as the Sharepoint site, authentication works across both sites.
The solution is to use a Virtual Directory inside of the sharepoint site and install the asp.net page there.
When it works in debug, is that being used in SharePoint?
Your page and the Sharepoint site might as well be on different servers as far as authentication is concerned -- in order to get the information over you might need to pass it via the QueryString from the webpart if you can -- or you might need to make your own webpart to do this (just put an IFRAME in the part with the src set to your page with the QueryString passing the username).
It does seem that this would be a security issue if you use the name for anything though -- if you are just displaying it, then it's probably fine.
If you actually need to be authenticated, you might need to add authentication into the web.config of the site hosting your standalone page.
edit: I think you'd have better luck putting your page on the same port and server as SharePoint.
I suspect you will have a hard time specifically querying SharePoint for the currently authenticated username. I can't think of a way to easily access the SharePoint context from a separate web application like you are describing.
I don't know what kind of authentication scheme you are using, but you may want to consider using Kerberos, as I've found that it can make these kinds of scenarios a little easier by allowing for delegation and passing credentials from application to application or server to server.