I need to add an authentication layer to an existing Servlet 3 web application which is deployed with a *.war file without modifying it (because I do not own it).
I have a vague idea of how this can be achieved, however I am not sure of the details of how this can be done and if this is possible at all.
The vague idea I have is to add another web module to the application and make it intercept all requests and check if there is an active session. If there is, then I allow the request to be handled by the original web module, if not then I make user authenticate, create session and redirect user to the original url. By the way, the container I am using is IBM WebSphere so having *.ear files is ok.
I have no idea where to start from. I imagine that I can implement a servlet filter on the authentication module, but how can I make the original application also use this filter?
Related
I'm trying to setup a ServiceStack template loosely based on the existing ASP.NET with razor template. The services to be created using this will be hosted in a variety of locations. What I would like is for them to be able to register themselves with a central server.
What I was hoping to do was to add some code to Application_start (or apphost) which would perform the registration however I can't find any way of getting the root url of the application. The normal method of using the request object doesn't work as there isn't a request object at that point.
If I can't get this from asp.net I'm wondering if there is a servicestack call I can make which can give me what I need
The URL for where an ASP.NET Web Application is hosted at is only available at runtime, inferred from the incoming are Request URL, so you won't be able retrieve it at Startup.
I'm creating a very simple forums application.
My current problem is i want the user to be prompted with a setup page (what they'll use to set initial settings such as MySQL credentials) if the website has yet to be setup. When they attempt to go to website.com/login, it should redirect them to website.com/setup until the setup is fully finished.
Should i just use an interceptor for this, or is there an alternative? Also, if i use an interceptor, is it possible to "unregister" it when the website has been fully setup?
I have two projects one asp.net mvc and one webform in the same solution. You would know if you can use both the web projects. Specifically, it would be able to use some of the action mvc project in the webform project.
Routing is project-specific. Regardless of whether your projects share the same solution, there's no easy way to generate a URL from one project in another. This is mostly due to the fact that other factors play into what URLs are generated by project other than just the routes it defines, such as virtual directories, domains, etc. These things are only known by the specific project while it is running.
As a result, the only way to truly get the URL for a route from a project is to get it from that project, while it is running. That means, you need to set up some sort of endpoint that you can send an HTTP request to, which would return an appropriate URL. Then, in your other project, you would have to use something like HttpClient to issue a request to that endpoint with whatever information it would need to generate the URL.
We have a ASP.NET MVC4 WebAPI Portal RIA (a mouthful, I know). The Portal UI is implemented using extjs and static html (ie no views), and all dynamic behavior is driven via RESTful JSON service end points implemented via the System.Web.Http.ApiController. Currently, the website is deployed in production as a single site with two site bindings (ie two different URLs) in IIS: one URL is internal and provides access to the full portal, the other is HTTPS and is intended to provide external authorized users access to the RESTful JSON API portion of the site. Effectively, this means that while the internal URL allows full access to the site, ideally, the external URL should:
Only allow respond to JSON requests
Not allow access to the default page (eg index.htm)
What is the best way to accomplish this goal in IIS or otherwise? Is there a better alternative to the shared site with multiple site binding configuration we are currently using? Any insight would be deeply appreciated.
Probably the easiest solution (from all those that involve coding your own solution) would be to implement an HTTP Module that intercepts all calls and do all the filtering logic in your code based on the domain name or IP.
Here is a very simple example of how you can do that: Using ASP.NET HTTP Modules to restrict access by IP address
I am not aware of any way to accomplish your task purely by changing a configuration.
I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.
Thanks in advance for any help. Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
Not sure if this is what you're looking for:
FormsAuthentication.SetAuthCookie("the username goes here",false);
Reference
I'm a CF developer ususally, but we had to do some integration with a .NET application recently and the way we approached it was to keep the CF and .NET sessions separate but ensure that login happened on both so when the user moved from one to the other they were still logged in.
So is there perhaps a way for you to hit your ASP.NET application with a request to login a user when you login using the CF application? Perhaps you could have an iframe on the page that you can load when the CF login is complete that holds a login service for the .NET app?
This way you would not need to worry about one app server reading the other app server's cookies, instead there would be two sets of cookies, one for ASP and one for CF.
Hope that helps!
The way I would approach it, is I would have a specific page that acts as a liaison between the CF and .NET layer. That page would implement your business layer and just check to see if the Cookie is there, if so read it in, do the lookup and login the user or whatever business logic that needs to be done. How would you accomplish the login/authentication, well that’s all based on your login/authentication code.
The only link I can offer is the basic of cookies in ASP.net
http://msdn.microsoft.com/en-us/library/aa289495(v=vs.71).aspx
Edit: found another link that might be helpful.
http://www.aspnettutorials.com/tutorials/network/cookies-csharp.aspx