Multi-Tenant Application Owin External Logins - asp.net

I'm building a Multi-Tenant application and I'm having problems for specify multiple sub-domains for a Facebook and Google external login witn Owin and WIF.
The tenants are using a sub-domain for example:
http://tenant-1.domain.com/
http://tenant-2.domain.com/
http://tenant-3.domain.com/
With Facebook and Google I can't specify multiple sub-domains for returns url of an application.
What are other solutions to this problem?
I thought about building a single login page, and after making the login to identify users, and perform the routing to tenant corresponding subdomain. The problem is that each tenant access his own database, and this solution involves having a common database of all users.
In short, I need to use external logins with a multi-tenant with a subdomain for each tenant. I do not think this problem is so rare, and the answers in stackoverflow are old, and no longer apply because have changed the application settings in Facebook and Google.

Finally, we adopt a solution-type like Single Sign On Server, which separates all user management from applications.
We recommend for such solutions, Identity Server v3 (https://github.com/IdentityServer/IdentityServer3).
Thanks!

Related

What is the best approach for mixed-mode authentication on an ASP.NET intranet

Building an ASP.NET intranet application which will authenticate domain users using Windows authentication so there is no need to login. Some users will be accessing the site over wifi and these users will not be authenticated on the domain. Therefore for these users only I need to present a login screen and authenticate them with AD using an LDAP connection (i.e. Forms authentication).
I've been hunting around for a reliable solution. There are numerous SO questions (here, here, here, many more) but so far no good answers IMHO.
The only complete solution I've seen is this one from 2004. Is this solution still viable? If so would it require that IIS is running in Classic mode (as opposed to Integrated)?
Another suggestion I've seen would be adding a separate site which performs Windows authentication and passes a simulated forms authentication ticket to the main site running under Forms auth as described here.
Or I guess a third option would be to run the whole intranet as two separate sites, both running the same application but each with different authentication mode. Obviously this is not desirable since every page would have two URLs. I'm not bothered about SEO of course, but not good for usability.
Can anyone say definitively what the best approach is to mixed-mode authentication on an ASP.NET intranet?
P.S. I've seen a few suggestions that this is the answer but that's a 403 :(

SSO between ASP.Net and JSP

I built an ASP.Net MVC 4 application which uses forms authentication by means of a custom membership provider inheriting from the Simple Membership.
Everything is working fine, but now I have a new requirement: I need to integrate a JSP application with mine.
This means that it has to authenticate against the same user database of my application and that they should somehow share the session in order to achieve a kind of Single Sign-On among the two applications (if an user is already authenticated in the ASP.Net application, he should be able to access the JSP application without logging in again, and vice-versa).
What architecture do you suggest me to use?
I would like to change as little as possible the ASP.Net application.
Thanks!
If you need to auhtenticate accross different domains:
You can implement your own security token service (like facebook, google does) Here is some ready to use implementation: http://thinktecture.github.io/Thinktecture.IdentityServer.v2/
If the sites are running on the same domain (subdomain), then you can try to share an authentication cookie within these domains.
An explaining article: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic

Sharepoint like AD authentication restricting access to specific web pages

I have a couple of PHP applications that run over WAMP Server, and for management reasons my boss told me to migrate the into an IIS server and ASP.NET so we only have to manage one database of users, in this case the Active Directory Users Group (Windows Server 2008 R2).
So we would create a security group called Delete_Update_Stock_Toolcrib, and only the users inside said group would have access to the web page where the transaction takes place (no need for ultrasecurity, since my users a really really basic users).
So my question is, is it possible to get an automated authentication from the AD user using a .NET API?
Just like Sharepoint, where according to the security groups you are in, you can access certain parts of the information available for your departament.
You could authenticate users using the built in ActiveDirectoryMembershipProvider.
Then, in ASP.Net, the concept that is the nearer of Users Group is Roles. There is a Active Directory Roles Provider on codeproject that should allow you to map Users Group to Roles, but I never tried it.
Here a great tutorial on the subject

How can I Protect some pages through authentication?

I have many pages in web application, i want display some pages to all including anonymous user and some pages should be protected from anonymous user can it is possible through authentication and authorization.. if it is possible then please tell me how......
There is built in functionality in ASP.NET for this. See ASP.NET Authorization on MSDN for an introduction.
You can specify what roles are allowed to access different pages/paths. With a membership and role provider you get a built in handling of users and roles. If you are in a corporate environment you probably want to integrate with Windows authentication, otherwise there is a good SqlMembership provider that handles all the user storage in the database in a secure way.
If you want to keep away from building an authentication system into your application you're best bet is to look at putting the pages that need protection into a separate directory on the webserver, then using : http://httpd.apache.org/docs/2.0/howto/auth.html to protect them.
This of course assumes you're using apache.
It is no longer recommended to use the .htaccess files.

Share ASP.Net web application authentication with another web sites

I have an large ASP.Net web application that will have a large number of users and I want to make this site accessible from other sites by take the credentials uses to have authentication to other sites on another domains, to make it easy to understand from you the idea like this site we can access it by using Yahoo, Google or Facebook account
my web application use form authentications.
any Idea to do this
Thanks all
I have tried to find out the links which might help you in your course to support multi-website authentication :-
Facebook Authentication
Google Authentication
OpenId
If you use the passport authentication provider instead of the forms provider on your web site this would enable authentication across domains that support this. This works if you can implement this across your domains or you're using existing sites that already support this.

Resources