Can i use asp.net membership with owin and oauth provider? - asp.net

I have started to create ASP.NET membership for learning basis but i found new ASP.NET Identity. Some people suggested that latter is advanced than ASP.NET membership and ASP.NET simple membership.
I have read the comparison from this source. But still i have some questions because i some things are still unclear to me.
Can i use owin and oauth with ASP.NET membership and simple membership?
how i can authenticate web api with ASP.NET membership and simple membership?
Can i customize tables for profile, user and role in ASP.NET Identity?
Please suggest. If any one can suggest me a good reference for authorization and authentication of web API and ASP.NET Identity configuration, it would be great.

ASP.NET Identity is now a mature technology and it's complex enough to accommodate all your requirements.
More than so, there is even a better solution, it's called ASP.NET Identity Server and comes with couple things extra:
Can be used with Identity
Implements SSO (Single Sign-On)
Can be used with Entity Framework
It's a self host product
So to answer you're questions:
No, you cannot use both Identity and Simple Membership.
Using ASP.NET Identity Server, via a token.
You can customize the tables to meet you requirements.
Here is the official documentation for the Identity Server.

Related

MFA Provider for ASP .NET Web Forms with Forms Authentication

I'm looking for a good MFA provider to be incorporated to a legacy Web Forms application that uses Forms Authentication for security. It seems most of the MFA providers I see (such as Authy) are built around ASP .NET Identity. I'm trying to look for a solution that doesn't scratch the legacy application much... migrating the legacy application to ASP .NET Identity will be a nightmare. I've tried looking into Authy, Auth0, PingID and Okta and they all seem to be overkill for our use case. I'm trying to find an MFA provider that can work alongside Forms Authentication.
I use https://www.twilio.com/ for my MFA. I am only using the SMS functionality though, so essentially you need to hook up their sms code with your form authentication process. The only difference is that you don't have the identity component (which I highly suggest that you implement). Check out the C# code here for more info on the SMS API procedure: https://www.twilio.com/docs/sms/quickstart/csharp-dotnet-framework.
I understand that the following is for MVC, but you can convert the code to Web Forms as well: https://www.twilio.com/docs/sms/tutorials/two-factor-authentication-csharp-mvc.
The above example also uses the identity framework, but just take a look at the implementation of using SMS and you can migrate the concept into your web form.

ASP.NET Identity in real IT industry situations

Regarding ASP.NET Identity: how often is ASP.NET Identity used in real situation website projects?
We were only taught this in our studies and was wondering is there anything other options other any ASP.NET Identity when using Visual Studio and that is better.
Asp.Net Identity is the latest library by Microsoft and before it, we have been using Asp.Net Membership Provider and Web Security.
Since Asp.Net identity is built on OWIN, and working nice with Asp.Net Core, I don't see any other option to be used or offered by Microsoft.
You can use it for Forms Authentication, OAuth, Integration with Most of Social Identity Provider and Azure Active Directory.
I would say, it is the way to go
You can use MembershipReboot too, it is also good library for authentication in ASP.NET.
link: https://github.com/brockallen/BrockAllen.MembershipReboot

Asp.net Identity support for ADFS

We're in the process of migrating our authentication and authorization logic away from the original membership providers. We are currently looking at Asp.net Identity, but no one on the team has experience with this technology. We've been asked to support ADFS in the future and looking to see if this framework directly supports ADFS, which no one on the team has experience with either.
The only article I've found, http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/ seems to imply asp.net identity will support ADFS as a provider. Are there any other definitive resources for asp.net identity and ADFS?
Regards,
Noobian
ASP.NET Identity offers an "easy" way to add users and authenticate against them in a SQL DB.
ADFS can only authenticate against AD.
WIF is still supported but older - the OWIN WS-Fed libraries are the way to go these days.
If you want to use ASP.NET Identity have a look at thinktecture's IdentityServer. Offers full support for this plus you can federate with ADFS.

Asp.net Membership and Simple Membership

What is the difference between Simple Membership and Membership in asp.net? Is Simple Membership introduced in mvc 4.0?
ASP.NET membership was the traditional approach for authentication, authorization from the microsoft team.But, with the release of mvc 4, they introduced new improved version with name Simple Membership.Simple membership relies on Extended Membership Provider
Behind the scenes, the SimpleMembershipProvider and the ExtendedMembershipProvider, as well as DotNetOpenAuth are all at work.
These changes was the need, because many web sites no longer want to store user credentials locally. Instead, they want to use OAuth and OpenID so someone else is responsible for keeping passwords safe, and people coming to the site have one less password to invent (or one less place to share an existing password). With these changes it is easy to authenticate a user via Facebook, Twitter, Microsoft, or Google. All you need to do is plugin the right keys.
Summary:
1)SimpleMembership has been designed as a replacement for the previous ASP.NET Role and Membership provider system.
2)SimpleMembership solves common problems developers ran into with the Membership provider system and was designed for modern user / membership / storage needs.
3)SimpleMembership integrates with the previous membership system, but you can't use a MembershipProvider with SimpleMembership.
4)The new ASP.NET MVC 4 Internet application template AccountController requires SimpleMembership and is not compatible with previous MembershipProviders.
5)You can continue to use existing ASP.NET Role and Membership providers in ASP.NET 4.5 and ASP.NET MVC 4 - just not with the ASP.NET MVC 4 AccountController.
6)The existing ASP.NET Role and Membership provider system remains supported, as it is part of the ASP.NET core.
7)ASP.NET 4.5 Web Forms does not use SimpleMembership; it implements OAuth on top of ASP.NET Membership.
Hope, you got the clear concept of your question.

Asp.Net MVC - Mixed Auth Mode

I'm looking for the most reliable way to use both Windows and Form based auth IN ASP.NET MVC 2 I know how to do it in webforms, but because I cannot adjust the permissions (In IIS) on a per file basis in MVC. Im struggling to transfer the concept.
Any suggestions? Links?
There are following post:
http://aspadvice.com/blogs/rjdudley/archive/2005/03/10/2562.aspx
http://aspadvice.com/blogs/rjdudley/archive/2005/03/10/2561.aspx
http://msdn.microsoft.com/en-us/library/ms972958.aspx
All describe it for classic asp.net. But the concept should be transferable to mvc.
I implemented this using mvc and a custom membership provider.
The whole application is running with aspnet anonymous account. That means that your files must be accessible to this account. On my machine I had to give read access to this IIS account.

Resources