I have an existing ASP.NET site with user authorization and authentication for several roles implemented in the built-in ASP.NET Identity framework. After login, each role is directed to its own set of pages. All works fine. Now, for only one of those roles, I want to hide (skip) the login procedure on the UI but maintain the role and all logic behind the role. In other words, the users in this role will be "converted into guests": they can access their own pages without seeing the login page and without providing a username and password. The other roles will continue going through the login procedure for the usual authentication/authorization. Security is not a concern, looking for a simple solution for user convenience. How can I achieve this?
Related
I have an ASP.NET MVC site that runs on www.company.com and has all the user registration and login pages etc. I use Identity 2.0 for user management.
I would like to start migrating the site to an angular application with asp.net core web API on app.company.com
I'm not sure how to manage the user authentication / authorization.
The user would login to www.company.com, and parts of the site will (seamlessly to the user, aside from the URL change) go to app.company.com
How can I have a seamless sign on experience with app.company.com? app.company.com would need to know who the authenticated user is, even though that user authenticated against www.company.com?
I have had the same situation in one of my project. Our solution was to use IdentityServer for SSO. You can configure IdentityServer to use your existing user database.
I have a WebForms app using external login (Microsoft and Google) and ASP.Net Identity 2.
I want the external login to persist when user comes back to the web site. Currently when user comes back they have to login again using the external provider.
I understand one way to do this is create persistent Application Cookie after locating the user like answered in this SO question.
But this is not acceptable since the requirement is that the user should be signed out if they sign out from the external provider.
If I create persistent "Application Cookie", Is there a way I can validate if user is still logged in externally.
OR
Are there any other ways of achieving this?
I am going to setup a custom role provider, but I don't have a very good idea of how it works behind the scenes.
[Questions]
What is the difference between setting roles in a form authentication ticket and using a custom role provider? Which is better to use?
If I create a custom role provider can I user role names in the web.config to allow / block users?
Thx!
1- Not sure that there is a "better" choice, that has to do with the requirements of the project. I created a role provider based on Windows Authentication rather than Forms Authentication for an internal project because I didn't want to create a bunch of AD groups and I wanted Windows Auth to allow users into the site. As far as what does it do, it interacts with authenticated users to define who is allowed in what areas of the site.
2- Yes.
some additional info
currently I have a website with authentication using Microsoft.IdentityModel.Web.WSFederationAuthenticationModule. It redirects me to login page (single sign-on outside my website) and upon login, I am redirected to default page.
Now, when I was using CreateUserWizard asp.net control, it seems that upon creation of user, the control tried to use my machine name to login to db server (i.e. '\$') instead of using SSO login which has just been done.
Does anybody know how to customize the control to use federation login to connect to db server? In addition, how to set so that the control will use certain specified sql account to login to db server?
When you rely on federated identity, you typically won't "create users". Those would be handled by the identity provider. You might want to consider rethinking your app a little bit. For example: given that users will be provided for you (through the IdP), what does it make sense to do in your app? (e.g. associate users, manage authZ, etc). But likely not "create ones".
I'm trying to create a custom MembershipProvider and I was wondering how I would add my user information to the Authentication Cookie that ASP.NET uses. My goal is to get my authentication to work for both the website and the WCF service with ASP.NET Compabatibility mode enabled.
You are using MembershipProvider in your application, so all you have to do is just use the inbuilt login control and set it's provider property to the type of your MembershipProvider. FormsAuthentication will take care of creating authentication cookies for your users.
You need to specify URL of your default page [where your users will go after successful login] and the URL of the login page which hosts the Login control. FormsAuthentication will check if user is authenticated, if it founds user not logged and your asp.net page demands authentication, then FormsAuthentication will redirect the user to the Login page specified in web.config's FormsAuthentication section.
That is how you leverage Providers in ASP.NET 2.0+, you need not do things explicitly, everything is configurable.
Here are some links for your reference, which will guide you through what you need.
http://msdn.microsoft.com/en-us/library/879kf95c.aspx
http://quickstarts.asp.net/QuickStartv20/aspnet/doc/ctrlref/login/login.aspx
http://www.asp.net/learn/videos/video-7420.aspx
http://www.asp.net/learn/videos/video-148.aspx
http://www.asp.net/learn/videos/video-47.aspx