I have tried to use Single Sign On method to my Umbraco sites (Umbraco sites using UmbracoIdentity for authentication) and my MVC 5 Apps, but I get problem when authentication has expired in Umbraco sites, it did not automatically clear authentication session in my MVC 5 apps. It happens vice versa.
Is there any event or something else which will be trigerred when the session has expired in one app?
Thanks,
Delly
Umbraco does not currently support MVC 5. There are breaking changes so I wouldn't recommend trying to get them to work together just yet. Umbraco 8 will be MVC 5 and probably soon, but they are reducing the number of DLL's first.
The way I would handle this is probably to use the request pipeline and check if session is authenticated each time. See more about the pipeline here.
Related
I had created a login form using MVC 5 No authentication template and connected with MS-SQL local Server, Now I need to verify the login status using session. I tried surfing about it but I can't able to find the optimal solution. So please some one help me to identify the optimal solution.
Unless you are a security expert I would strongly advise that you don’t roll your own authentication.
Most of the documentation you will find on the web for authentication in an mvc app will be referencing asp identity. I would recommend using that unless you have a good reason not too.
Things like using
[Authorize]
On controller actions
And using
User.Identity.IsAuthenticated
To check if a user is logged in is all baked in.
No need to re-invent the wheel
I need all your inputs for a use case with SSO implementation. Let me explain you my use case. I have couple of applications which written way back in 2004 – 2005 with ASP.NET, C#, SQL etc.. and uses ASP.NET cookie based Form Authentication to maintain the SSO between these web applications. It is working great and no issues so far. Now in early 2015, we are in the initial stage of building next generation application using HTML5, Angular JS & Web API which should work in all platforms & devices. So we decided to move with JWT Token based authentication in the new applications to maintain the SSO between. But the curtail use case pitch in now that is, the new set of application also should allow user to go back to their old applications by not asking any login information ( eventually, SSO between new applications vs old application). Since both uses different way of authentication, it is not going to be a straight forward implementation (My guess ).
Would any of you come across such situation before? Any suggestions?. Advance thanks for all of you.!!
I'm currently underway in migrating a collection of ASP.Net web forms projects to ASP.Net MVC 5. The web forms projects are all hosted on the same machine and share forms authentication (You log into one, you're logged into them all). The old apps use Page.User.Identity. As a first step I'm migrating just one site to MVC 5 using UserManager/IAuthenticationManager with cookies. As expected, this new authentication system does not work with the other apps in our environment. The MVC5 project has the same machineKey configuration as the other projects and I've tried adding a call to FormsAuthentication.SetAuthCookie but it does not work. How can I setup authentication to work across both types of environments using the newer authentication scheme but with minimal changes to the old projects to make this work?
I'm not 100% sure because this project ended up going a very different direction, but we encountered similar problems with web forms cookies. The solution was to set the compatibilityMode property on the machine key to "Framework45". This all systems configured this way to see the same cookie and behave as intended. I would be willing to bet that this would have solved my original problem.
I'm currently developing a web application that will use Facebook as a authentication service. Does it make sense to implement it as an ASP.NET Forms Authentication custom membership provider? While I made my research, I didn't come across any concrete significant advantage of using the Forms Authentication. However, it instinctively seems to me as a good thing to do, because aside from creating a completely custom implementation of authentication using Facebook, I didn't find any extensibility point inside ASP.NET where I could plug in the Facebook auth behavior.
Can you then tell me whether the Forms Authentication is a good idea or not. And if not, is there any other way than completely custom code (I'd like to avoid managing the session cookies, loading the current user, etc. manually).
I'm using ASP.NET MVC 3, Entity Framework and I'd like to avoid the Facebook C# SDK (the extensive use of dynamic types is a bit of a turnoff for me :-) ).
Thanks for any advice.
A simple answer is to use .NET 4.5 oAuth templates, they are incredibly easy to link Facebook up to forms authentication.
http://www.asp.net/vnext/overview/videos/oauth-in-the-default-aspnet-45-templates
However you may struggle to find a decent server if you are planning on releasing immediately. In a couple of months plenty of servers will support .NET 4.5.
The OAuth templates work for both v4.0 and v4.5 so you can publish them onto a server today itself :)
I'm looking for the most reliable way to use both Windows and Form based auth IN ASP.NET MVC 2 I know how to do it in webforms, but because I cannot adjust the permissions (In IIS) on a per file basis in MVC. Im struggling to transfer the concept.
Any suggestions? Links?
There are following post:
http://aspadvice.com/blogs/rjdudley/archive/2005/03/10/2562.aspx
http://aspadvice.com/blogs/rjdudley/archive/2005/03/10/2561.aspx
http://msdn.microsoft.com/en-us/library/ms972958.aspx
All describe it for classic asp.net. But the concept should be transferable to mvc.
I implemented this using mvc and a custom membership provider.
The whole application is running with aspnet anonymous account. That means that your files must be accessible to this account. On my machine I had to give read access to this IIS account.