How to use Windows Authentication for intranet website? - asp.net

I'm developing Asp .Net(MVC3) web application for my company.Some users use this site in internal network and some will use internet site.I've to Authenticate Users using the website.How can i do it?
Whether it is possible to check the Authentication code only after deploying the Solution? How can i check it in my local solution?Can Anyone Explain Step by step Process involved in this?

Its hard to give you a step by step procedure given that I don't know much about your infrastructure, or your dev environment.
With that said, it sounds like you want forms authentication for your external site, and integrated authentication for your internal. In both cases, the back end authentication would be done by Active Directory. A VERY common scenario.
All you need to know is the right terms to use, and you'll quickly find examples online. Google up something like "mix form and windows authentication mvc". But again, given all the different versions of IIS and MVC, there are quite a few scenarios so you may not find a definitive guide and instead you'll have to wind up evaluating each and mashing up a solution for your environment.

Related

How to integrate Dotnetnuke wesite with existing website

Perhaps I'm not thinking clearly but I have an existing website/application that I want to "front-end" with DNN without re-writing the application in DNN's modular format, i.e; I want DNN to handle membership, authentication, etc. Authenticated users could then access my existing web application.
There are a couple articles here that discuss what it might look like when integrated and some discuss the pitfalls that might be associated with such an arrangement, however none of the articles outline the steps I would need to take to deploy DNN this way.
I have been unsuccessful in my attempts to setup child sites or even parent site in DNN host management that will successfully point to my existing application. It errors out because it's looking for all the DNN libraries.
When I try adding adding a virtual application/directory in the DNN site definition (IIS) that points to my existing web app, I get DNN's error page stating the page doesn't exist.
I don't want to rewrite the application as a module, but if someone would be kind enough to walk me through the steps of setting the two websites up so they can share membership information, I would be terribly grateful. What would I need to setup in IIS, DNN, and my existing website.
Thank You...
C. Lane
You pretty much won't, you can have DNN running side by side with another application running, or you can convert content/modules/functionality into DNN.
If you want to share membership, you'll have to code your application to use the DNN authencation/users/profiles, but there aren't any step by steps for that.
This question actually comes up pretty frequently. An easy solution would be to have both applications use AD authentication. Probably not the solution you are looking for but its the simplest.
I've never tried it, but if they are both using SqlMembershipAuthentication, you might be able to configure both to point to the same database (the dnnDB). Check this link for SqlMembership configuration.
I'm sure DNN wouldn't support this, but it could work,... I think.

Role based authentication using LDAP in ASP.Net

I need to implement Role/Group based authentication in my ASP.Net web application using Active Directory Domain Services and LDAP. i want to use user’s windows logon identity credentials for authentication. I have no clue where to start.
If anybody have implemented the similar requirement, please reply with some pointers.
Also, please let me know, how i can test this in my organisation network and What should be the LDAP server credentials? Can i add our custom groups?
Please reply asap.
I'm just looking into this myself. In the past I've implemented Azman (authorization manager) on windows 2003 (it comes with windows 2003). This seems to work well; my app's been in production for 3 years with a fairly complex config and has held together ok.
Azman has been developed further with windows 2008, but I haven't implemented on this platform yet.
The thing that I liked about Azman was that it abstracts the authorization management away from the app code itself and can give very granular permissions. That said I'm still looking around for alternatives; the biz rule functionality always felt abit flaky for some reason and at least for my app became very important (biz rules let you set context around rights... so for example bob can edit some textbox, but only for specific records). Anyhow here's a few links that might help:
http://support.microsoft.com/kb/324470
http://msdn.microsoft.com/en-us/magazine/cc300469.aspx
I'm not sure if these articles answer all your questions.. or maybe you've found another solution? If after reading you have more questions just yell :)

What is Open ID ? How to implement on my own blog post?

I have a website and I wanted to become an open ID publisher. How to do that?
Depending on your exact requirements, you might want to try OpenID delegation instead. You can then use your website as a layer of abstraction over a third party provider.
As you're building for asp.net - take a look at DotNetOpenAuth. It's a free, open-source library that can make your asp.net webrite an OpenID provider (your website can be used to identify you) or a relying party (users can log in on your website using OpenID).
In fact, StackOverflow uses it as well, and so do I. It has a number of examples, and it's pretty reliable and secure.. Definitely recommended! :)
If you just want to run your own identity server, then a good place to start looking is here. I run phpMyID on my site that acts as an openID server for me, it was easy to set up, seems to work, and no-one has stolen my identity ..yet.

ASP.net user management and GoDaddy shared hosting

I'm trying to use the asp.net (3.5) built in user management framework but I'm not 100% sure how to do this on godaddy. Google didn't help much, anyone have experience with this?
You can roll your own or find one. You cannot run the Asp.net configuration tool directly against your GoDaddy account. (If you notice, it's just another asp.net website runing in another dev web server via Visual Studio).
You can use the System.Web.Security.Membership and Roles static classes in the Membership Provider to hook into it. This is very easy to do. Membership.GetUsers(), etc.
You can also use the stored procs to manually add/remove users and roles.
-Nathan
Go to your hosting control center
in menu Content on top, go to IIS Management,
there will be list of web folder,
on top of the list you can see asp.net runtime versions and (modify) link in brackets, click on it. There you'll see if you are using asp.net 3.5.
I have also had this problem. About a year ago. So I am curious to know what the solution might be, if there is one! I was told by Go Daddy, back then, that they had ASP.net admin stuff "locked down" pretty tight. I went back and forth with their help people, who had to actually escalate it - because the general help team didnt understand what I was asking. What I ultimately did was I canceled my hosting service (they did give me a refund for unused time!) and I went over to a different host. Hope this helps and I will be listening carefully to responses as I am curious to see if they changed OR if someone has a workaround.
To get the tables that the membership provider uses, look in %WINDIR\Microsoft.NET\Framework\v2.0.50727. That is where the SQL statements used by the wizard are located. Also, check out:
http://www.asp.net/Learn/Security/tutorial-04-vb.aspx
for a more thorough explaination of how memberships tables are set up. You can do all the same work that the admin tool does, just not in a GUI format.

How to write an offline version of an AJAX/ASP.NET web application

We have a web application that uses AJAX to talk to an ASP.NET web service. We would like to write another version that can be used offline. We need to be able to re-use our existing code as much as possible. What approaches should we consider?
The app is currently using XmlHttpRequest to get dynamic data from the server. Obviously the offline version will not be able to talk to the server, but it does need to talk to something! I'm sure installing IIS or Cassini on the client would work, but I was hoping for a simpler solution. Is there no other way for JavaScript to talk to some external code?
There are plenty offline web apps nowaday. It simply evolve from AJAX.
For example:
WoaS (wiki on a stick / stickwiki), Tiddly Wiki,
Google doc and Gmail is going to be offline.
You don't need a webserver to run these webapps in offline mode. Just store the required data, scripts on the client side (usually as XML).
One of the possibilities would be to use Cassini. This is a web server that acts as a host for the ASP.Net runtime. You can host Cassini in a Windows application or a Windows Service. In this scenario you do not have to rewrite the web app and the web service.
Most other solutions do require a rewrite of both your web app and your web service. Depending on the way you have written the existing app you can reuse more or less code.
Have you considered HTML5 with application cache and offline storage?
If you hope to create an "offline" version of your package your biggest issue by far will be the need to install your site into a local copy of IIS (registering a virtual directory, etc.). I pursued this briefly a few years ago and gave up in frustration. It can be done: a number of software vendors such as DevExpress do this so you have local copies of their demonstration projects. Indeed, I was able to do this. The problem was the classic "it works on my computer" syndrome. There was simply no way to guarantee that most of my end-users had anywhere near the technical proficiency to make this work.
Thus, I would strongly recommend that you not pursue this path unless you have very technically proficient users and a huge support staff.
But there is one more very important question: did you abstract all data access code to a DAL? If not, then you have a lot of work to do in managing data access as well.
Update: user "Rine" has recommended Cassini. I just wanted to let you know that I pursued Cassini and another 3rd-party web server as well. I think that there are licensing issues with Cassini but may be wrong - it has been awhile. However, I do distinctly remember running into barrier after barrier with this approach and very little documentation to help me out.
if you want a web application run offline, you need a webserver (IIS for ASP) bound to the localhost (127.0.0.1) address. After this so can access your web application by typing http://127.0.0.1/ in your web browser the same way as you do online.
If your AJAX relies on XMLHttpRequest's, you can:
Make the static versions of XML's you get over XMLHttpRequest and put then into a folder on disk.
Rewrite your XMLHttpRequest URL's so that they point to files on disk.
Rewrite your XMLHttpRequest's so that they don't check status (it's always 0 for the file:// protocol.
All JScript works on file:// pages as well as on http:// ones.
Of course it's not the best way to develop static pages, but it may save you some time on rewriting.
I havent come across any framework specifically built for asp.net like the ones available for PHP or RoR.
Here is a good article by Steven to get you started with HTML 5 and ASP.Net Creating HTML 5 Offline application
Obviously the offline version will not be able to talk to the server, but it does need to talk to something!
Enter HTML5 LocalStorage. It works like a database and enables you to put data on your client. Indeed you have to rework parts of your code in javascript and transmit it to the client, but then it would work offline.
Local Storage works like this:
- Setter: window.localStorage.setItem(KEY, VALUE)
- Getter: window.localStorage.getItem(KEY)
- Remove: window.localStorage.removeItem(KEY)
To get the main page working offline you need to create a manifest. This is used to store complete sites on the client. Please refer to this for more information about manifests:
http://diveintohtml5.info/offline.html
You want to build a web application to work offline?? It can't be done.
You could split the interface code from the rest (in diferent dlls) and create a windows application to mimic the behaviour of your web application. This way you have 2 distinct user interfaces but the same code for business rules and data access.
I don't really see any other way...

Resources