First off, I'm completely new to Shibboleth and SAML. We have a ..net web application which uses the .net membership provider functionality for forms authentication. We need to keep the .net mode of authenticating. However, we've now been asked to add the ability to authenticate a user coming from another web application which uses Shibboleth.
My question is, and I apologize if it sounds stupid, but can a .net web application implement both the 'default' asp membership and shibboleth authentication, or does it have to be one or the other?
Our web app is a .net 4.5 written in vb.net and hosted on Windows server. The other is a web app written in PHP (if I'm not mistaken) uses Shibboleth and is on a Linux server.
Thanks!
Related
I am working on a .NET 6 ASP.NET website and looking at implementing authentication using the identity framework. I understand this is technically working as a middleware and is independent of the subsequent IIS deployment authentication setting (only anonymous needs enabling).
On the IIS authentication setting I can various authentication options, one of which is called Forms Authentication.
I want to ask whether there is any relation between .NET Web Forms (or Windows Forms) project and the IIS Forms authentication? Or is it just a co-incidence that they both have the Forms keyword? I am confused because - like Web Forms project, even older ASP.NET MVC project required the Form Authentication enabled upon deployment to IIS. Where as newer .NET MVC project don't require this IIS deployment setting if they are using the Identity framework.
The latest authentication mechanism is called Identity framework. What was the older authentication mechanism technically called? Forms auth framework?
want to ask whether there is any relation between .NET Web Forms (or Windows Forms) project and the IIS Forms authentication?
Don't bring windows forms into this!!
But, yes, so called FBA (forms based aunthetiicaion) is not really realited to web forms in any speical way. They just happen to both have the name "forms" in their name - nothing more, and nothing less. So, using FBA in web forms applciations was a long time common choice.
Is there a relationship bettween FBA and IIS? yes, because if you adopt FBA, then your web site security is managed using that security provider. This useally means you have the "role" provider and FBA provider.
so, then each folder of the web site can then be secuired using web.config. You can either secuire those pages to require a valid logon (based on FBA), and you can also pick and choose what roles (so, some parts of the site say can only be used with say a role of "Sales" group.
However, while the web forms site can adopt FBA, the valuable informtion is that IIS will respect that that authneticaion provider - and thus IIS "knows" and "respects" that secuirty provider choice. That means say if you hit a web page that requires logon, then IIS will automatic intercept that page - send you to the logon page, and after you logon, you can continue on to that secured web page.
However, you don't have to use FBA with IIS, there are of course other secuirty and logon providers you can use. However, you do want to use a supported and started one, since then you can use the built-in asp.net logon controls etc, and they will just work.
What was the older authentication mechanism technically called?
FBA -- Forms based authentication. As I stated, the fact of "forms" in that name FBA has no specials meaning in regards to web forms, or using web form applications.
You are thus as noted are free to adopt newer security providers - web forms are of course not limited to using FBA as the security provider.
even older ASP.NET MVC project required the Form Authentication enabled upon deployment to IIS.
Hum, did they? I don't think that is the case. If you don't want or need web site logons or security then I do not believe that FBA was any kind of requirement to be enabled at all to deploy a web site that does not have nor use security.
I've been searching the web like crazy for answers on how to use client certificates with an old asp .NET web form. We are building an Azure Key Vault and I can build an ASP .NET Core app and use client certificates no problem to access the key vault. But we also have some legacy websites here at my job and we don't have time to re-write these all so to start I can turn them into web applications because the only way to currently open them in Visual Studio is by opening VS going to File->Open->Web Site. I did a POC with one and while it took some time since I had to basically create a new web application then I copied the pages/code over to this web application. But I used ClientId/SecretID to access Azure Key Vault and this worked fine.
But we want to use client certificates and I'm at a loss as to how to do this with a webform. Everything I find on the web when I search is for ASP .NET Core or MVC, not .NET Framework 4.8 with aspx webforms.
These applications use global.asax and you can't use routing filters.
Is it even possible to use client certificates in webforms?
I have been tasked to set up Single Signon for asp.net application (SAAS) using IIS server with a client who has ADFS3.0 for providing identity credentials. the users authenticated will be allowed to log in to the web application but i have been going through a lot of information as how to set up service provider files as the application is already running.
what settings and where do i need to configure them. any help will be greatly appreciated.
The "modern" way to do this is by using OWIN.
You will have to change your application as per Use the OWIN Security Components in ASP.NET to Implement Web Sign On with ADFS.
Then add your RP to ADFS and you are good to go.
For completeness. the "old" way to do this is to use WIF as in How To: Build Claims-Aware ASP.NET MVC Web Application Using WIF.
I am starting a new MVC project for one of my clients. They already have an iPhone app which is having most of the functionalities that I intend to do. And a web service exists. I do not have any database side work. My question is, I want to use the web service calls for authentication. But asp.net MVC is using Identity as default authentication. How do I tackle to use Identity with out much effort to call the web service for authentication?
I'm currently working with a asp.net MVC5 project. But I had a fun Idea I would made a WPF application aswell. And with this WPF application I would like to login with the login info I have on my asp.net site. I do know how to link the database to my WPF application how ever, after doing this I am stuck and I would appricate some help.
This is already provided by the ASP.NET Client Application Services, which expose ASP.NET services like membership, profile etc as services to other applications. Authentication is specifically addressed in How to: Implement User Login with Client Application Services with a full walkthrough in Walkthrough: Using Client Application Services.
A far better solution though would be to use Windows Authentication, if the WPF client and IIS servers are in the same domain. This way you wouldn't need to do anything on the client side, and only have to enable Windows Authentication on the server side.