I'm trying to rewrite an old mvc1 application as a vNext app in vs2014. Application authenticates against the company's active directory. Here's a bit of a background to help clarify where my confusion is coming from.
I wrote one app in mvc4 which authenticates the following way:
1. Vs template had account login post action with isValid method
2. I wrote my membership provider and registered it through web.config
3. When I run application isValid is now calling my override that does authentication
Now I'm in vNext and here's what I see
1. Same account and login method except there's some signinmanager and user manager passed into it. I'm yet to see where it's coming from exactly. I suspect it's through startup.cs
2. I see that isValid is replaced with something like Passwordsigninasync which I think I need to override to login the user.
Here's my question how do I make Passwordsigninasync authenticate to our AD? I can go solo and ignore the framework to make it work but I'm sure there's an easy way to do it and I'm just missing some understanding of how plumbing works in vNext. Appreciate any help in the right direction.
It sounds like you have the default implementation of ASP.NET Identity setup, but want it to use Active Directory rather than individual accounts.
See the following for a walkthrough: On-Premises Organizational Authentication
Related
I've searched a lot but unfortionalitly I didn't find the correct answer for my case.
I need to add a button in my webform page to use it to login with microsoft account and after login I get a response which has a token and email (I'll use them then).
I need to do the normal approach to login with third party (authentication)
note:
I don't use identity in this project.
Most of the solutions I found belong to MVC but in this project I use webforms.
finally I found the solution
It suits to my case which I use webforms not MVC
( without identity )
https://learn.microsoft.com/en-us/graph/auth-v2-user
Well, if you going to use a whole new 100% different logon system, and a whole new 100% different authentication provider?
You have little choice - you have to add that authentication provider to that asp.net site. There really no other way around this.
You thus have to add owin to your existing application.
so you can setup a whole new authentication system for your web site. Certainly not for the fait of heart, and VERY MUCH BEYOND the scope of a simple question + answer site like SO.
But there are a good number of articles and step by step on this, such as:
https://tomasherceg.com/blog/post/modernizing-asp-net-web-forms-applications-part-2#:~:text=OWIN%20can%20be%20integrated%20with%20ASP.NET%20quite%20easily,combination%20with%20Web%20Forms%20pages%20%28or%20MVC%20controllers%29.
So, you at the end of the day really need to add identity authentication to your site.
https://learn.microsoft.com/en-us/aspnet/identity/overview/getting-started/adding-aspnet-identity-to-an-empty-or-existing-web-forms-project#:~:text=Select%20New%20Project%20from%20the%20Start%20page%2C%20or,New%20ASP.NET%20Project%20dialog%2C%20select%20the%20Empty%20template.
I built an ASP.Net MVC 4 application which uses forms authentication by means of a custom membership provider inheriting from the Simple Membership.
Everything is working fine, but now I have a new requirement: I need to integrate a JSP application with mine.
This means that it has to authenticate against the same user database of my application and that they should somehow share the session in order to achieve a kind of Single Sign-On among the two applications (if an user is already authenticated in the ASP.Net application, he should be able to access the JSP application without logging in again, and vice-versa).
What architecture do you suggest me to use?
I would like to change as little as possible the ASP.Net application.
Thanks!
If you need to auhtenticate accross different domains:
You can implement your own security token service (like facebook, google does) Here is some ready to use implementation: http://thinktecture.github.io/Thinktecture.IdentityServer.v2/
If the sites are running on the same domain (subdomain), then you can try to share an authentication cookie within these domains.
An explaining article: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic
I am working with an asp.net web application using custom authentication. I wrote a quick test app to put out on our web server to make sure I could grab the necessary credentials from the user. I am trying to get the current logged in user (which I have done before) using the following line of code:
string username=System.Security.Principal.WindowsIdentity.GetCurrent().Name.ToString();
This normally returns a string in the format "domain\user". What I'm getting instead is something like this: IIS APPPOOL\ASP.NET v4.0
I'm sure I'm missing something simple, is there a setting in IIS that needs to change? Or is there a different way to grab the username?
Since you are using custom/forms authentication, it sounds like you aren't setting the IPrinicipal details after the user is authenticated.
You can follow this documentation (find the "Creating the Forms Authentication Cookie section) on how to set this code up in your app. It isn't as difficult as it looks.
Try this:
Page.User.Identity.Name
I need to build a "my account" application for my friend. I plan to use asp.net MVC 3.
I have to use third party API to authenticate users. if this is regular web application, it is easy, I submit the request using third party API, get response back. if this is authorized user, create a session. ON all the protected pages, i just check the session, if it is exist, then show the content, otherwise redirect back to login page.
I probably can do the same on my mvc3 project, but I know that definitely is a wrong approach. MVC3 is very flexiable. there must be a better way to do it. After I get response back from the third party API. What should I do after that? please show me some codes if you can.
Use the ASP.NET membership provider and create a custom provider to hook into your API. This gets a lot of the hard work done for you and you're not "reinventing the wheel". There's a great overview about how to do this with MVC here: http://theintegrity.co.uk/2010/11/asp-net-mvc-2-custom-membership-provider-tutorial-part-1/
Create a new MVC 3 application using the "Internet Application" template when you do file-new project.
All the code is then created for you - in visual studio click on the "ASP.NET Configuration" icon in solution explorer.
create your users and your roles
decorate your controllers and/or action methods with
[Authorize(Roles="Administrators")]
public class MyAdminOnlyController : Controller
{
}
Configure additional features such as forgotten password functionality, password resets, etc. Some additional features will require coding.
Done!
I don't think using MVC3 for authentication is anything different than regular web app. In your controller, you will send the username and password getting from the view to the API,getting the response back.
You can then save it to session and check against it on any page you want to be protected.
MVC is just the way to separate view logic, business logic and data model. The application flow is the same.
ASP.NET already build ASP.NET membership provider. The back end data can be stored in ASP.NET Configuration website, SQL Server database,Active Directory, and another database but you need to custom the authentication provider.
this is the expample for SQLServer Membership provider, for the detail documentation you can read from here
For ASP.NET Configuration management Membership provider, you can read from Music Store ASP.NET MVC tutorial in Membership and Authorization section. If you want to learn about ASP.NET MVC authentication/authorization. Music Store example is a recommended tutorial for exploring ASP.NET MVC3 feature, Entity Framework and Authentication also.
I'm working on adding a new webapp to an existing website. I've been directed to write the webapp in ASP.NET. The existing website is written in ColdFusion. For the most part, the ASP.NET webapp is completely stand-alone, but it needs to interact with the ColdFusion code in one important way - if somebody logs in to the ColdFusion site, we don't want them to have to log in again when visiting an ASP.NET page.
When someone logs in to the ColdFusion site, their username is stored in a cookie, along with a login token that can be looked up in our database. My .NET is a little rusty, so I'm having trouble visualizing how the ASP.NET code should use this data. I've already written a simple MembershipProvider that can be used to log in/out out the ASP.NET app using the data in our existing database tables, which are shared with the ColdFusion code.
What I'd like to know is - how can I make sure the ASP.NET app detects the cookies set by the ColdFusion app (I imagine they'd be sent to the ASP.NET pages, since everything is hosted on one domain), and automatically logs the user in using the MembershipProvider and Forms Authentication, using the credentials supplied in the cookie? I'm thinking that putting some kind of cookie check and log in function in the Global.asax file, set to run every page load for every page... but that seems kind of clunky. Also, do people still use the Global.asax file anyway? I had thought there was a more modern method.... Also, how can I manually log someone in using Forms Authentication and a custom membership provider? Currently my code allows the user to log in using the provided login control, but I'm not sure how to log the user in without them having to do anything.
Thanks in advance for any help. Looking over the MembershipProvider tutorials and the MSDN documentation it seems to me like the answer should be staring me in the face, but for some reason I just can't see it. Maybe not enough coffee....
Not sure if this is what you're looking for:
FormsAuthentication.SetAuthCookie("the username goes here",false);
Reference
I'm a CF developer ususally, but we had to do some integration with a .NET application recently and the way we approached it was to keep the CF and .NET sessions separate but ensure that login happened on both so when the user moved from one to the other they were still logged in.
So is there perhaps a way for you to hit your ASP.NET application with a request to login a user when you login using the CF application? Perhaps you could have an iframe on the page that you can load when the CF login is complete that holds a login service for the .NET app?
This way you would not need to worry about one app server reading the other app server's cookies, instead there would be two sets of cookies, one for ASP and one for CF.
Hope that helps!
The way I would approach it, is I would have a specific page that acts as a liaison between the CF and .NET layer. That page would implement your business layer and just check to see if the Cookie is there, if so read it in, do the lookup and login the user or whatever business logic that needs to be done. How would you accomplish the login/authentication, well that’s all based on your login/authentication code.
The only link I can offer is the basic of cookies in ASP.net
http://msdn.microsoft.com/en-us/library/aa289495(v=vs.71).aspx
Edit: found another link that might be helpful.
http://www.aspnettutorials.com/tutorials/network/cookies-csharp.aspx