Regarding ASP.NET Identity: how often is ASP.NET Identity used in real situation website projects?
We were only taught this in our studies and was wondering is there anything other options other any ASP.NET Identity when using Visual Studio and that is better.
Asp.Net Identity is the latest library by Microsoft and before it, we have been using Asp.Net Membership Provider and Web Security.
Since Asp.Net identity is built on OWIN, and working nice with Asp.Net Core, I don't see any other option to be used or offered by Microsoft.
You can use it for Forms Authentication, OAuth, Integration with Most of Social Identity Provider and Azure Active Directory.
I would say, it is the way to go
You can use MembershipReboot too, it is also good library for authentication in ASP.NET.
link: https://github.com/brockallen/BrockAllen.MembershipReboot
Related
I'm looking for a good MFA provider to be incorporated to a legacy Web Forms application that uses Forms Authentication for security. It seems most of the MFA providers I see (such as Authy) are built around ASP .NET Identity. I'm trying to look for a solution that doesn't scratch the legacy application much... migrating the legacy application to ASP .NET Identity will be a nightmare. I've tried looking into Authy, Auth0, PingID and Okta and they all seem to be overkill for our use case. I'm trying to find an MFA provider that can work alongside Forms Authentication.
I use https://www.twilio.com/ for my MFA. I am only using the SMS functionality though, so essentially you need to hook up their sms code with your form authentication process. The only difference is that you don't have the identity component (which I highly suggest that you implement). Check out the C# code here for more info on the SMS API procedure: https://www.twilio.com/docs/sms/quickstart/csharp-dotnet-framework.
I understand that the following is for MVC, but you can convert the code to Web Forms as well: https://www.twilio.com/docs/sms/tutorials/two-factor-authentication-csharp-mvc.
The above example also uses the identity framework, but just take a look at the implementation of using SMS and you can migrate the concept into your web form.
I have started to create ASP.NET membership for learning basis but i found new ASP.NET Identity. Some people suggested that latter is advanced than ASP.NET membership and ASP.NET simple membership.
I have read the comparison from this source. But still i have some questions because i some things are still unclear to me.
Can i use owin and oauth with ASP.NET membership and simple membership?
how i can authenticate web api with ASP.NET membership and simple membership?
Can i customize tables for profile, user and role in ASP.NET Identity?
Please suggest. If any one can suggest me a good reference for authorization and authentication of web API and ASP.NET Identity configuration, it would be great.
ASP.NET Identity is now a mature technology and it's complex enough to accommodate all your requirements.
More than so, there is even a better solution, it's called ASP.NET Identity Server and comes with couple things extra:
Can be used with Identity
Implements SSO (Single Sign-On)
Can be used with Entity Framework
It's a self host product
So to answer you're questions:
No, you cannot use both Identity and Simple Membership.
Using ASP.NET Identity Server, via a token.
You can customize the tables to meet you requirements.
Here is the official documentation for the Identity Server.
what is the differences between Membership, SimpleMembership, ASP.NET Identity?
Which one is best in web forms?
How to use SimpleMembership in web forms.
Limitation with SimpleMembership in web forms.
You listed them in progressive order by age. The Asp.net Membership Provider was first introduced with .net 2.0. Later. Simple Membership was released but most recently Microsoft has replaced SimpleMembership with Asp.net Identity (Microsoft.Aspnet.Identity.Core). This article should help you understand... Forms authentication using ASP.NET Identity & VS 2013
Remember, there are changes currently taking place between the RC version of AspNet Identity and the RTM version which has not yet been released.
Here's another article that will help you. Introducing ASP.NET Identity – A membership system for ASP.NET applications
I need to implement a SSO between a custom Asp.Net application and a SharePoint site. The asp .net Application has custom authentication and the sharepoint has windows authentication. I have already read about using forms authentication in both applications but i can not use forms authentication in Sharepoint.
Is this possible? Any tips and tricks?
Zorro,
Sharing a Forms Based Authentication (FBA) authorization cookie would be one of the cheaper and easier routes to investigate/implement, but you've indicated that FBA isn't an option for you. That said ...
... without knowing more about the custom authentication mechanism you have in place on your ASP.NET application, it's very difficult to offer a good suggestion. CptSkippy's question (regarding reconciliation) is a good one, as that becomes the basis for what's feasible and what isn't. If your app and site don't share a common user base, then SSO becomes a real challenge.
I don't know how feasible it is for you and your situation, but Microsoft's ISA 2006 server does an admirable job when used in an SSO role. It supports a wide variety of publishing and authentication mechanisms, and it plays quite nicely with SharePoint leveraging both NTLM and Kerberos authentication:
http://technet.microsoft.com/en-us/library/bb794722.aspx
The big question, again, is your custom ASP.NET application. If you've got some flexibility there, ISA may be a option.
For what it's worth!
Have you checked Microsoft Single Sign-On Service?
I'm looking for the most reliable way to use both Windows and Form based auth IN ASP.NET MVC 2 I know how to do it in webforms, but because I cannot adjust the permissions (In IIS) on a per file basis in MVC. Im struggling to transfer the concept.
Any suggestions? Links?
There are following post:
http://aspadvice.com/blogs/rjdudley/archive/2005/03/10/2562.aspx
http://aspadvice.com/blogs/rjdudley/archive/2005/03/10/2561.aspx
http://msdn.microsoft.com/en-us/library/ms972958.aspx
All describe it for classic asp.net. But the concept should be transferable to mvc.
I implemented this using mvc and a custom membership provider.
The whole application is running with aspnet anonymous account. That means that your files must be accessible to this account. On my machine I had to give read access to this IIS account.