I'm currently in the beginning stages of developing a website using ASP.Net 4.5 and C#. I'm wanting to map out the process flow of user registration and authentication. There's a starter project that uses the WebSecurity framework - with Simple Membership - that includes OAuth integration, allowing users to use Facebook and other logins to access the site.
What special considerations must one consider when using external logins on their website?
--Specialty login and registration pages for each provider used
--Authentication checks -- making sure application access hasn't been revoked during the course of any logged in session
--Re-Authentication screens
--Merging accounts
I'm seeing a bunch of different posts on how to set up ASP.Net and the WebSecurity framework to accept different logins, but not so many on the considerations needed before implementing such functionality
EDIT: This is an MVC site. Updated post to correct this
Related
I am not experienced in .NET authentication, and haven't found a specific answer for this need.
I am developing a .NET Core 2.1 MVC app which will have to run on an iframe on a different .NET Framework 4.5.1 app, which uses a FormsAuthenticationTicket when authenticating users. I have access to the main app's code, but cannot change it.
The present requirement is to automatically authenticate the iframe app, which I am developing, automatically from the main app's cookie information. On my app the login uses ASP.NET boilerplate (Abp) users and login, and the database contains the same usernames that will be using from the main app's database (different databases, same username field).
I currently haven't been able to decrypt the cookie or find a way to configure the iframe app to support this, and would appreciate if someone would kindly steer me in the right direction.
I actually want to create/list/edit asp.net membership users from a page authenticating with Windows-Authentication, the website uses ASP.Net MVC4. This is the administration website for another website using the forms authentication with asp.net membership on an SQL database. So this should allow company users to administer external users.
I can't use Membership-API, because the actual context does not support the asp.net membership.
Using the stored procedures requires manually hashing the password etc and this is not recommended. Also inserting the users directly into the tables would have this problem.
So is there a working example for administering asp.net membership users from a windows forms authenticated website?
I just managed to solve this problem using a webservice to decouple Windows-Domain authentication from asp.net-Membership:
Windows Domain Website for administration uses Webservice
Webservice offers functionality to manage users of asp.net membership
Webservice access has to be restricted to local server (so only the Windows Domain website can use it) and allows anonymous access (or with a special account).
Webservice needs to be configured like an asp.net membership website and to use the same membership database like the "normal users Website"
I built an ASP.Net MVC 4 application which uses forms authentication by means of a custom membership provider inheriting from the Simple Membership.
Everything is working fine, but now I have a new requirement: I need to integrate a JSP application with mine.
This means that it has to authenticate against the same user database of my application and that they should somehow share the session in order to achieve a kind of Single Sign-On among the two applications (if an user is already authenticated in the ASP.Net application, he should be able to access the JSP application without logging in again, and vice-versa).
What architecture do you suggest me to use?
I would like to change as little as possible the ASP.Net application.
Thanks!
If you need to auhtenticate accross different domains:
You can implement your own security token service (like facebook, google does) Here is some ready to use implementation: http://thinktecture.github.io/Thinktecture.IdentityServer.v2/
If the sites are running on the same domain (subdomain), then you can try to share an authentication cookie within these domains.
An explaining article: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic
The behaviour I would like is for a user to be able to visit a custom built website and if they are already authenticated against sharepoint for the custom website to know who they are and give them various rights. If they are not recognised by sharepoint then I would like them to login to sharepoint and be directed back to the custom website.
Sharepoint picks its users and groups up from Active Directory. I don't know much about the internals of the server, but the custom one will be in a separate domain (I think) though I have full control over the custom and moderate control over the SP infrastructure.
A hint at how to progress would be great!
As you rightly said SharePoint can be condigured to use Active Directory for Authentication and User Management. So AD and Sharepoint are 2 different things and you are just linking them. You can develop your custom asp.net application to use AD for Authentication.
Using SharePoint groups in your custom application is difficult (You will have to develop your own service which will check the loggedin user and see if he is present in the SharePoint group)
Another option is to use a Custom ASP.net membership provider and use this in your sharepoint application. This way you can use the same asp.net membership provider for your asp.net application.
Check out Configuring Single Sign on for SharePoint. Could give you some ideas.
Here's my situation. I have a DotNetNuke application. I want to link to an existing ASP.net website from within the DNN website, and have decided to use DNN's IFrame for that.
The existing ASP.net application uses Forms Authentication for security - only authorized users can access the pages. This asp.net application also requires user roles for authorization to different pages.
I don't want users to have to sign on twice, and I'd like the asp.net page to use the user membership and role data from the DNN application - it shouldn't require it's own membership database.
Is this possible? According to the MSDN website:
"ASP.NET supports forms authentication in a distributed environment, either across applications on a single server or in a Web farm. When forms authentication is enabled across multiple ASP.NET applications, users are not required to re-authenticate when switching between the applications."
Does this apply to DotNetNuke applications linking to asp.net applications? Both are on the same domain, too.
(I tried modifying the config.web of the asp.net page to work with the DNN config.web, matching machine keys and forms settings - but it didn't work. I could be doing something wrong, but before I pursue, I want to know if it's even possible.)
Thanks for any help!
I don't know if what you're talking about is possible within DNN. We're on DNN 4.0 and they do some weird things with the ASP.NET membership tables which may cause trouble.
What I can tell you is an alternative way (assuming you have control over the ASP.NET application). There is a project called MADAM (Mixed Authentication Disposition ASP.NET Modules - I know a bit of a mouthful) that can be used to provide a method other than forms authentication for application logon.
What you could do is set MADAM up on your ASP.NET application and from DNN pass user credentials to the ASP.NET application. The end result appears to the user as single sign on.
If you need me to elaborate on anything, let me know in the comments.
Actually i am displaying some aspx pages in a iframe module present on a dnn page. Now since inside the iFrame i am displaying aspx pages hosted elsewhere but on same server. I am just want to authenticate the dnn logged-in user before loading the page inside iFrame.
Do dnn provide any API which i can call from apsx pages hosted elsewhere in order to restrict access to ony unauthorized user.