i just found one nice article about online chatting application with converse.js i read it's documentation and i like it. how ever i just have doubt it is there this chat facility can supported with asp.net 4.0 web site. Here i just want to know about in details is it supported with .net application.
here it's tells XMPP Chat server. Is there any additional cost for purchase it. After that how i setup this server for chat facility. here it's gives advice for identity i have to manually register user with it and i can use with my own web site.
Is there any one have idea how i implement this to my web site. Step By Step
Please help me..
Since you mentioned Asp.net so I am assuming you are talking about windows platform. I am using Openfire for XMPP messaging since last 5-6 years now and it is very easy to use and stable XMPP server. You can install it on your server and then configure Converse.js and XAMPP in conjunction with it to get web client chat feature. I referred this link to configure XAMPP along with Openfire: https://community.igniterealtime.org/docs/DOC-2954
Basic steps:
1. Install Openfire
2. Install XAMPP and configure as given in above link
3. Configure Converse.js in Asp.net application
Related
I'm learning blazor and am having some difficulty wrapping my head around authentication. I have a .net core web api hosted and want to connect a blazor web assembly to it, but all the tutorials i find use it hosted in an asp.net core host in one package. How secure is the authentication when hosted like this on the same machine?
use Blazor WebAssembly with authentication (also if possible) is not a great idea:
usually, when you write a normal client-server application, the client collect the user typed data and send it to the server. In the server you can check if the password is correct (for example establishing a connection to a database and checking matches between username and password).
In Blazor WebAssembly, all the code is compiled, dll are generated, sent to the client (using the Web-Assembly technology) and runs inside a JavaScript sandbox. This mean that ALL the objects are available on client side and can be seen by the user, so also all the connection strings can be readed.
Also if there are some ways to mask them, none of them are 100% secure, actually.
If you don't need to have an off-line application I suggest you to use Blazor Server technology, that use SignalR.
However, if you really want to implement authentication in WebAssembly, you can take a look at the Microsoft documentation.
Hope this can be useful!
You can first go through the official docs. I also recommend you seeing this video. You'll likely need to use IdentityServer4, for that see this playlist and the official Github repo for sample projects.
I already have more than 10 applications developed using ASP.NET. There are different versions for frameworks 2.0, 3.5 and 4. Currently I need to apply single sign on on all of my applications using Windows Azure Active Directory SSO. But I do not know what the code or library should be added to my application to be configured with the Azure SSO. Do I need to re-develop my application or recreate it with different versions? Does anyone know what I should do?
Different .NET frameworks should not be a problem. You should be able to implement SSO for all of these applications, but you will need to add it individually to each one. You will need to add it in the code of the application itself and then register each application to your tenant.
Here is a very good tutorial that shows you step by step how to add SSO to a published web application in Azure using OpenID Connect. You can follow the steps exactly and build their demo version to test it out, or follow their steps at the bottom that show how to implement SSO in your own application.
https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect
Here is the official Microsoft documentation, which also describes how to implement SSO: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-custom-apps
Alternatively, if you want to use a library that is already integrated with Visual Studio, you can go to Project > Add Connected Service > Authentication with Azure Active Directory.
The "SSO" in this case refers to SAML. To do SAML in C#, look into Windows Identity Foundation (WIF), which includes some SAML support.
Note that doing SAML SSO involves more than just dropping in the right kind of username/password field. You need to have additional special pages to handle certain redirects, and have a way to store exchange saml metadata with your Azure AD identity provider. It can be painful.
I'm working on a project using ASP.Net MVC5 which also includes a Web API. The API will be for internal use only. I'm using the OWIN library to provider authentication.
I'm having a difficult time figuring out how to correctly implement authentication through the API. I was planning on using OAuth 2.0 but the problem with OAuth is that the user needs to login through a browser page instead of a native login screen. So I was wondering if it is possible to somehow skip the browser.
I've found this example which creates it's own OAuth Authorization Server. But it doesn't show how to make the login native.
If it's a highly trusted client, then you can use the OAuth2 resource owner password flow. You can look at the VS2013 SPA template and/or read on this post:
http://leastprivilege.com/2013/11/13/embedding-a-simple-usernamepassword-authorization-server-in-web-api-v2/
You could use Thinktecture.IdentityServer v2 as a light-weight security token service.
https://github.com/thinktecture/Thinktecture.IdentityServer.v2
You will need to create a WOPI host, which is basically a software solution that can take advantage of the browser-based Office(office web).
Create a custom WOPI host and configure it to use Office Web Apps Server to provide the browser-based file viewing and editing for Office files.
Nice sample on Microsoft MSDN
We are planning to receive a SAML assertion from another website into ours (ASP.NET). No one here has ever worked with SAML. We simply need to verify the signed assertion, decrypt the token containing a user id and if we can verify it, log them into our site (authenticate/authorize). We are using Forms Authentication for all other authentication. I would like to avoid installing WIF if possible because my understanding is we'd have to install the runtime on all the developers machines and servers. Our machines are locked down by policy such that it would be a lot of paper work to get it installed. Are there alternatives to WIF and are they realistic to use in an enterprise environment? If so, can someone point me in the right direction, a good tutorial, video, book or anything with examples would be helpful? I looked at some third party components but I'd have the same issue as with WIF on our servers (not to mention dealing with procurement).
Thanks
Is this internal or an external facing application? You may want to checkout PingOne.com Application Provider Services (APS) [Note: I work for Ping]. PingOne handles all the SAML protocol stuff for you and provides self-service capabilities, reporting, etc. No need to install WIF... just a few lines of .NET code (or whatever) to integrate with the RESTful service that PingOne provides.
HTH - Ian
My asp.net application is still in development phase,is it possible to implement OPEN ID in my application?.I am new to asp.net kindly guide me how to implement open id.What are the necessary parameters i should keep in mind to improve security of my web application.Should i implement session in my project?
The open source project DotNetOpenAuth is a fantastic place to get started with integrating OpenID (and other, more up-to-date open web protocols such as OAuth 2.0) into your ASP.NET project.
They have tons of great documentation and example projects that should be able to get you started quickly.