c# 3.5 - sharing authentication between winforms and asp.net - asp.net

I have a winforms application which calls web services and then based on the results fires up an ASP.NET webpage.
The ASP.NET webpage and web services are protected by a custom membership provider. At present the user has to log in to their winforms app and then also into the asp.net webpage. Is there a way to only have to log in to the winforms app and somehow share whatever authentication state exists with the ASP.NET webpage?
I've seen http://msdn.microsoft.com/en-us/library/vstudio/eb0zx8fc(v=vs.85).aspx - however it seems to be more aimed at sharing authentication between server applications, not two client applications.

Related

ASP .NET Web forms and Certificate Authentication

I've been searching the web like crazy for answers on how to use client certificates with an old asp .NET web form. We are building an Azure Key Vault and I can build an ASP .NET Core app and use client certificates no problem to access the key vault. But we also have some legacy websites here at my job and we don't have time to re-write these all so to start I can turn them into web applications because the only way to currently open them in Visual Studio is by opening VS going to File->Open->Web Site. I did a POC with one and while it took some time since I had to basically create a new web application then I copied the pages/code over to this web application. But I used ClientId/SecretID to access Azure Key Vault and this worked fine.
But we want to use client certificates and I'm at a loss as to how to do this with a webform. Everything I find on the web when I search is for ASP .NET Core or MVC, not .NET Framework 4.8 with aspx webforms.
These applications use global.asax and you can't use routing filters.
Is it even possible to use client certificates in webforms?

How to enable my own custom OAuth external authorization with asp.net

I am having a project in which i need to implement authorization using OAuth.
I am developing different apps with their different data.
Web app 1:
This is a SPA web app that will connect with a webAPI built for it that will expose related bussiness data to this web app.
Web app 2:
This is an MVC asp.net web site that also uses another web API built for it to get access to it's bussiness data.
My Auth service - this is what i want to know how to build:
What i need is to use asp identity and make a separate database and a separate web API that will handle authorization and authentication for the above web apps.
Web app 1 has it's own database and is using it's own web api to present data to users. So, is web app 2. This means that web app 1 does not depend, care or communicate in any way with web app 2. When a user of web app 1 or web app 2 wants to register or login he should communicate with web API of my auth service to do that. All my webapps should use the same auth service and be agnostic of it's specific details and only use this service's api for auth.
An example of this is google or facebook.
I am using c#, asp.net 5.
Any ideas or resources how to do this would be very helpful
A basic implementation is included in Visual Studio 2015 templates. Choose new ASP.NET Web Application and then MVC or Web API with Individual User Accounts as Authentication option. MVC or Web API depending on the way you want to register and log in.
You have a more complete example with refresh tokens and managing different clientIds in the following post by Taiseer Joudeh, it's not ASP.NET 5 but I think it could be interesting for you.

WPF login to ASP.NET MVC5

I'm currently working with a asp.net MVC5 project. But I had a fun Idea I would made a WPF application aswell. And with this WPF application I would like to login with the login info I have on my asp.net site. I do know how to link the database to my WPF application how ever, after doing this I am stuck and I would appricate some help.
This is already provided by the ASP.NET Client Application Services, which expose ASP.NET services like membership, profile etc as services to other applications. Authentication is specifically addressed in How to: Implement User Login with Client Application Services with a full walkthrough in Walkthrough: Using Client Application Services.
A far better solution though would be to use Windows Authentication, if the WPF client and IIS servers are in the same domain. This way you wouldn't need to do anything on the client side, and only have to enable Windows Authentication on the server side.

How to use ASP.NET legacy membership provider in ASP.NET MVC 4 application

I integrated a legacy ASP.NET 4 WebForms app with an ASP.NET MVC 4 app using VS2012 Update 4. The legacy app has security implemented via SQL Membership Provider. The legacy webForms pages are still secured in the newly integrated app, but the MVC views are not secured. For instance, a user cannot go to a .aspx page by directly using the page URL, say, http://myWebsite/SomeDir/Details.aspx but he/she can access a view, say, http://myWebsite/ControllerName/ActionMethod.
How can I secure the views using the same existing SQL Membership implementation that works on WebForms on this newly integrated web app.
You need to place [Authorize] attribute (either on the action method or controller) to protect it.

How to set WCF security when Calling WCF from a web applicaion that shares same ASPNET membership with WCF service?

NET web application and a WCF Application that share the same ASP.NET membership database.
They are both sharing the same ASP.NET membership database.
It is basically like:
WCF: is https://ServerName/Services.svc
ASP.NET: is https://ServerName/Default.aspx
(both are two virtual folders in the same web application and both are using the same ASP.NET membership database).
The user logs on to the ASP.NET application and can then decide to call the WCF service.
What are my options for setting the security for the call between the ASP.NET and the WCF service that make the call using the credentials supplied by the user when logging to the ASP.NET application?
If you run you application in ASP.Net Compatibility mode. You will get all the security features available with ASP.Net. Things such as HttpContext.Current.User will point to the logged in user.
For the fastest implementation (by fastest I mean to get up and running) get Juval Lowy`s ServiceModelEx library from http://www.idesign.net and use his declarative security library.
I have used this library a lot and it works well.

Resources