I'm working on an ASP.NET web app that will interact with the YouTube API. I have never done OAuth before. While I am definitely comfortable with the concept, I need to learn exactly how to implement it.
I am using VS Express 2013, programming in VB. My app is a Web Forms app (Non MVC), but I have opted to use the Empty Web App template to avoid all the unnecessary baggage that comes with their template.
I'm looking for a guide that will lead me through each of the following:
The set-up in the Google Developer Console
What I need to do in my site to interact with the Google API (I think I need to have an /Oauth2callback folder?)
What code do I need to successfully retrieve the refresh token, as well as trade it in for the scope tokens?
I know it's a lot - so I'm not looking for anyone to type it all here - but if anyone can point me to a good step-by-step, I would really appreciate it.
Related
I am trying to figure out the best way to connect to SSRS to retrieve some reports. I had a look at WSDL (SOAP) and REST endpoints and so far the seem good. Also on stackoverflow there was a simple solution here and of course there is more.
What I want to do is being able to impersonate AD users when getting reports. But it would be great to be able to impersonate a user without using his/her password. I red about custom security implementations but I didn't really see if this would be helpful (I'm new to this).
I have a single sign on Asp.Net Core application with an angular js frontend. I would like the backend to get the reports and provide them to the frontend. Here are my questions:
Whats's the best way for a .Net Core Application to connect to the SSRS server? Is it WSDL (SOAP) or REST or something else?
Can I impersonate an AD user without his/her password? Do I always have to use username and password for this?
I couldn't realy find anything that I could apply to my solution. Creating a custom security seemd time consuming but maybe it's part of the solution.
Help is very much appreciated, thank you!
Im looking to create an Angular 4 app or possibly an Ionic app. The problem i face is im a bit unsure how to implement the authentication. i currenctly have an asp.net webforms site that uses the asp.net membership db. i would like to make use of this, but cant seem to find any relevant information on it. if anybody can shed any light on this or point me in the right direction it would be much appreciated. thanks in advance
You can add Web API to your .NET solution, which then utilizes the same business logic (including Authentication logic) you are using with your web forms. These APIs can then be consumed by your Angular/Ionic app via http and/or rxjs.
The latest version of ASP.NET includes the new authentication framework ASP.NET Identity, which should be the core building block for user management in all new and near future ASP.NET projects and websites.
I have seen that it can integrate with the WebAPI quite nicely, but haven't seen any example of integration as authentication for mobile client devices. For example - suppose I have a ASP.NET website with Identity implemented in use. Now I want to build client applications for Windows 8.1 and Windows Phone 8. I see two main issues that are limiting this.
Firstly - ASP.NET Identity apparently issues only short-lived auth. tokens, which is quite a bad user experience for mobile applications. I have seen some attempts to create a refresh token mechanism - http://leastprivilege.com/2013/11/15/adding-refresh-tokens-to-a-web-api-v2-authorization-server/ . This is quite a nice approach, but it would still be more interesting to see a really built in solution.
Second - and maybe more important - external authentication provider support. On the ASP.NET Identity website it is quite clear and easy to see a way to authenticate via WebAPI, but I haven't seen this in use with external authentication. How is it possible to get the authentication URLs for Facebook, Microsoft and Twitter and how can the authentication flow be completed from within the app?
Has anyone some experience with this? It would be great to find a complete walkthrough, I will gladly reward the correct solution with some bounty points :-) .
The problem is that security is complicated and that Microsoft's solutions only address the simple scenarios.
Also, you're consing terminology (which increases everyone's confusion, including your own). ASP.NET Identity manages users' credentials stored in a database. It's unrelated to the type of application that needs to validate credentials (mobile, api, browser, desktop, etc).
Katana middleware is what allows an application to authenticate the caller. There's cookie middleware for browser applications, external middleware for google, facebook, WS-Fed, etc, and then there's OAuth2 for API applications. Each work differently based upon the nature of the application. Some of them interact as well, depending on the requirements of the application.
I don't mean to pick on you -- this is more of a complaint about Microsoft's lack of education/documentation in the frameworks they provide. And I suppose this is an answer to your question -- Microsoft doesn't have what you're asking for. They have bits and pieces, but you're left to connect the dots.
Some links that might help:
http://www.asp.net/identity
http://www.asp.net/web-api/overview/security
http://www.asp.net/vnext/overview/authentication
http://brockallen.com/category/owin-katana/
http://leastprivilege.com/category/katana/
http://leastprivilege.com/category/webapi/
HTH
I'm pretty new to services within .NET and not too experienced with .NET in general, so please excuse my ignorance.
I've been tasked with implementing a self-contained login control which could be used within a number of applications. I've done some browsing around and have made a little progress, but wondered if there might be a better way to go, before I go too far.
So far, I have an AJAX Server Control which includes a .asmx web service that is being called through AJAX.
I have concerns about the security of this solution and also understand that .asmx is no longer in favor due to the rise of WCF and Web API. I've tried to find an example of WCF or web API being used in a similar manner, but haven't come across anything. Is this possible?
I'm also thinking that maybe a better approach would be to have the Web API service run outside of the Control, but just have the control call it.
Is this even a secure way to manage authorization and authentication?
Any pointers would be appreciated.
You can start here: Exposing WCF Services to Client Script
I'm currently developing a web application that will use Facebook as a authentication service. Does it make sense to implement it as an ASP.NET Forms Authentication custom membership provider? While I made my research, I didn't come across any concrete significant advantage of using the Forms Authentication. However, it instinctively seems to me as a good thing to do, because aside from creating a completely custom implementation of authentication using Facebook, I didn't find any extensibility point inside ASP.NET where I could plug in the Facebook auth behavior.
Can you then tell me whether the Forms Authentication is a good idea or not. And if not, is there any other way than completely custom code (I'd like to avoid managing the session cookies, loading the current user, etc. manually).
I'm using ASP.NET MVC 3, Entity Framework and I'd like to avoid the Facebook C# SDK (the extensive use of dynamic types is a bit of a turnoff for me :-) ).
Thanks for any advice.
A simple answer is to use .NET 4.5 oAuth templates, they are incredibly easy to link Facebook up to forms authentication.
http://www.asp.net/vnext/overview/videos/oauth-in-the-default-aspnet-45-templates
However you may struggle to find a decent server if you are planning on releasing immediately. In a couple of months plenty of servers will support .NET 4.5.
The OAuth templates work for both v4.0 and v4.5 so you can publish them onto a server today itself :)