We're in the process of migrating our authentication and authorization logic away from the original membership providers. We are currently looking at Asp.net Identity, but no one on the team has experience with this technology. We've been asked to support ADFS in the future and looking to see if this framework directly supports ADFS, which no one on the team has experience with either.
The only article I've found, http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/ seems to imply asp.net identity will support ADFS as a provider. Are there any other definitive resources for asp.net identity and ADFS?
Regards,
Noobian
ASP.NET Identity offers an "easy" way to add users and authenticate against them in a SQL DB.
ADFS can only authenticate against AD.
WIF is still supported but older - the OWIN WS-Fed libraries are the way to go these days.
If you want to use ASP.NET Identity have a look at thinktecture's IdentityServer. Offers full support for this plus you can federate with ADFS.
Related
We have an existing Asp.Net Webforms application with Forms based authentication. Now, we need to integrate OAuth providers(Google,FB,LinkedIn) for authenticating users. Can we use Owin security providers without disabling forms based authentication in Webforms application?
All articles on internet suggest to use owin cookie based authentication by disabling FBA modules. It will be a major work for us if need to remove FBA module for this at this time. Is there a way we could still use forms authentication and use the owin security providers only for OAuth?
Note:
We are aware about DotNetOpenAuth providers and it can satisfy our needs. But wanted to check if we can use owin security providers with forms authentication.
Thanks in advance!
Regards,
Bala
I have started to create ASP.NET membership for learning basis but i found new ASP.NET Identity. Some people suggested that latter is advanced than ASP.NET membership and ASP.NET simple membership.
I have read the comparison from this source. But still i have some questions because i some things are still unclear to me.
Can i use owin and oauth with ASP.NET membership and simple membership?
how i can authenticate web api with ASP.NET membership and simple membership?
Can i customize tables for profile, user and role in ASP.NET Identity?
Please suggest. If any one can suggest me a good reference for authorization and authentication of web API and ASP.NET Identity configuration, it would be great.
ASP.NET Identity is now a mature technology and it's complex enough to accommodate all your requirements.
More than so, there is even a better solution, it's called ASP.NET Identity Server and comes with couple things extra:
Can be used with Identity
Implements SSO (Single Sign-On)
Can be used with Entity Framework
It's a self host product
So to answer you're questions:
No, you cannot use both Identity and Simple Membership.
Using ASP.NET Identity Server, via a token.
You can customize the tables to meet you requirements.
Here is the official documentation for the Identity Server.
I am developing a single sign on ASP.NET application, and I am trying to decide whether to make use of the WIF SAML 2.0 CTP or instead use ADFS 2.0. I have read several places that the WIF SAML 2.0 CTP enables identity provider initiated SSO, but I can't find any examples or tutorials anywhere. Does anyone know a good resource for becoming familiar with the methods of doing this using WIF CTP?
The SAML2 CTP is pre-release and I am really sceptical that this will ever RTM. So I wouldn't use it.
So you want SSO from your ASP.NET application to a SAML IdP?
It sounds like you've figured out that you can either go direct to the SAML IdP by adding a SAML stack to your application or by going WS-Fed to ADFS and then SAML to the IdP.
As mentioned the SAML CTP has been in CTP for ages and there is little documentation.
Have a look at the OpenSSO Fedlet.
However, you will probably find the ADFS option both quicker and easier.
Need to develop a Web application that will be used to authenticate and authorize internal and external users to log and then re-route to web applications for the organization. The login application should be able to provider smooth integration with any future applications that needs a secured authentication.
Should I be using WIF - Claims based Identity/ADFS or asp.net Role membership provider to develop this app.? Or is there any other approach which will help achieve this?
I've been working on an asp.net site with WIF for several months now. I like that WIF is very flexible, but the documentation is poor. Check out the discussions on SO about WIF.
I need to implement a SSO between a custom Asp.Net application and a SharePoint site. The asp .net Application has custom authentication and the sharepoint has windows authentication. I have already read about using forms authentication in both applications but i can not use forms authentication in Sharepoint.
Is this possible? Any tips and tricks?
Zorro,
Sharing a Forms Based Authentication (FBA) authorization cookie would be one of the cheaper and easier routes to investigate/implement, but you've indicated that FBA isn't an option for you. That said ...
... without knowing more about the custom authentication mechanism you have in place on your ASP.NET application, it's very difficult to offer a good suggestion. CptSkippy's question (regarding reconciliation) is a good one, as that becomes the basis for what's feasible and what isn't. If your app and site don't share a common user base, then SSO becomes a real challenge.
I don't know how feasible it is for you and your situation, but Microsoft's ISA 2006 server does an admirable job when used in an SSO role. It supports a wide variety of publishing and authentication mechanisms, and it plays quite nicely with SharePoint leveraging both NTLM and Kerberos authentication:
http://technet.microsoft.com/en-us/library/bb794722.aspx
The big question, again, is your custom ASP.NET application. If you've got some flexibility there, ISA may be a option.
For what it's worth!
Have you checked Microsoft Single Sign-On Service?