I am trying to figure out the best way to connect to SSRS to retrieve some reports. I had a look at WSDL (SOAP) and REST endpoints and so far the seem good. Also on stackoverflow there was a simple solution here and of course there is more.
What I want to do is being able to impersonate AD users when getting reports. But it would be great to be able to impersonate a user without using his/her password. I red about custom security implementations but I didn't really see if this would be helpful (I'm new to this).
I have a single sign on Asp.Net Core application with an angular js frontend. I would like the backend to get the reports and provide them to the frontend. Here are my questions:
Whats's the best way for a .Net Core Application to connect to the SSRS server? Is it WSDL (SOAP) or REST or something else?
Can I impersonate an AD user without his/her password? Do I always have to use username and password for this?
I couldn't realy find anything that I could apply to my solution. Creating a custom security seemd time consuming but maybe it's part of the solution.
Help is very much appreciated, thank you!
Related
I'm working on an ASP.NET web app that will interact with the YouTube API. I have never done OAuth before. While I am definitely comfortable with the concept, I need to learn exactly how to implement it.
I am using VS Express 2013, programming in VB. My app is a Web Forms app (Non MVC), but I have opted to use the Empty Web App template to avoid all the unnecessary baggage that comes with their template.
I'm looking for a guide that will lead me through each of the following:
The set-up in the Google Developer Console
What I need to do in my site to interact with the Google API (I think I need to have an /Oauth2callback folder?)
What code do I need to successfully retrieve the refresh token, as well as trade it in for the scope tokens?
I know it's a lot - so I'm not looking for anyone to type it all here - but if anyone can point me to a good step-by-step, I would really appreciate it.
I was tasked with creating an SSO solution from an existing asp.net app to a new sharepoint 2010 app.
The existing asp.net app uses forms authentication, but not against a single data source. It checks a database, active directory and a few mainframe tables to authenticate, and finally creates a forms authentication ticket.
I was looking to share the token between sp2010 and the asp.net app, but I am now realizing this is not possible, due to the fact the sp2010 does not use simple FBA tokens any more.
So now I am looking to go the STS and claims-based route. After looking in to it a little, I understand that using ADFS would be much better than building a custom STS for the asp.net side. My issue is that since I have the custom ticket creation authentication method on the asp.net side, I don't have a single data source to "feed" the adfs. I am new to sharepoint and adfs and I really don't know how to begin this type of integration.
Can anyone help me get my head around this?
Thank you!
ADFS attribute stores might solve your problem, although for this to make sense you would ideally integrate Windows Identity Foundation (WIF) into your application, which might be an intrusive change.
http://technet.microsoft.com/en-us/library/adfs2-help-attribute-stores(v=ws.10).aspx
In short, ADFS is not limited to AD for collecting user data. You can configure it to query other user attribute stores, such as your database. You can then author rules within ADFS to tell it what queries to make, and ADFS will use these queries to populate user claims into the token that ADFS issues to your application.
Iam new to asp.net and working on a web project. There are different users and each user has specific role.Like admin, visitor, registered user etc. The question is what method to use to implement security. Is there any standard way to implement both authentication and authorization. I am using SQL Server 2008. Please tell a standard method.
Thanks
Look into the following topics:
Asp.net roleprovider : http://msdn.microsoft.com/en-us/library/system.web.security.roleprovider.aspx
Asp.net memberschipprovider: http://msdn.microsoft.com/en-us/library/yh26yfzy.aspx
Additional information: http://www.asp.net/security/tutorials/role-based-authorization-cs
You need to understand the basic principles before you proceed.
Start with ASP.NET Web Application Security
How ASP.NET Security Works
Guide to Claims–based Identity and Access Control
You can use a database, which is most definately the best way to go about it, this will be supported if you are running SQL server. This should help you build the database, and give you some insight into how to implement users and permissions.
http://publib.boulder.ibm.com/infocenter/wpdoc/v510/index.jsp?topic=/com.ibm.wp.ent.doc/wpf/setup_sql.html
Good luck!
Currently, we have many web applications (external & internal) developed using Classic ASP through .NET 2.0 technologies. Each of those web applications have their own login screen authenticating against their own custom database or using Windows authentication. Users have access to one or more of these applications, meaning they have to log out and log back into applications that they would like to access. All applications share some part of the back-end data sources. Also, the business logic is embedded in the UI in addition to being duplicated across applications because there is no code/business logic sharing. Screenshot #1 gives a brief idea of the existing architecture.
Screenshot #2 shows the suggested architecture, which I hope will help in faster development, code/business re-usability and may be simpler maintenance. Users will access either external or internal url. In external, users will provide credentials and will be authenticated against custom database. In internal site, users will be automatically logged in using Windows authentication. After creating some samples, I have begun to like ASP.NET MVC 3. It keeps business logic separate from UI and I also like the unit testing capabilities.
Here are my questions:
Based on what I have found on the web so far, multiple authentications are not feasible within a single website. My understanding is that I have to host one website for each type of authentication (Forms and Windows). How do I redirect users to common landing page after they are authenticated so they can see the modules (links/menus) that they are authorized to access? Should I have to publish the same code set (dlls and content) to both the websites?
Has anyone faced a similar architecture problem? If yes, could you please share the challenges that you faced and how you tackled them? What are the industry standards in designing applications of this sort?
Does the suggested architecture make any sense or is it a really bad design? Are there any drawbacks in doing this in ASP.NET MVC 3?
I would really appreciate your inputs.
Thanks in advance.
I would set up a seperate web site which only handles the windows authentication. I would then rely on something like OpenID and/or OAuth to ask for credentials/token to make sure to user has proper access.
The user that want to sign in using windows credentials go through that process because you are right in that a IIS server running windows authentication is hard to mix with other stuff.
You can set up some kind of claim based network of thrust in which you applications get thier credentials from trusted sources and through that process you can negotiate and control access privileges cross many web sites. As long as your not doing custom hosting or white label branding you can have everything in one place (or even if you did you could design it so that you have a central solution of handing out authentication tokens).
Keep in mind the difference between Authentication and Authorization. You presumably want a single authentication mechanism (or maybe two, one for internal and one for external users). There is a similar post here that lays out some pretty good guidelines: How to allow multiple authentication methods in ASP.NET?
On one project we built a common controller class used in every page of the site. It handled authentication and access control. When a user tried to access any page it checked to see if they had a session identification cookie. If they did not they were required to authenticate(login). A challenge was doing a good implementation of the security. Current browsers have many flaws that make this difficult.
I am building a desktop application that needs to update current user's status frequently. This status will be available as RSS feed.
In order to do this, I think I can create a asp.net folder and secure it using form authentication. When the desktop application written as winform in c# needs to update status, it can set WebRequest.Credentials and upload data.
Is there any better way of doing this?
Thanks
Forms Authentication might be a little 'overkill' for what it sounds like you're trying to do. Consider writing a simple .NET web service, and using SoapAuthentication or even passing in some credentials (or an authentication token that your server recognises) as parameters to the web method. It depends on how important security is, and what kind of traffic you think your desktop application will generate.
It's difficult to be more specific without more details! :)