I integrated a legacy ASP.NET 4 WebForms app with an ASP.NET MVC 4 app using VS2012 Update 4. The legacy app has security implemented via SQL Membership Provider. The legacy webForms pages are still secured in the newly integrated app, but the MVC views are not secured. For instance, a user cannot go to a .aspx page by directly using the page URL, say, http://myWebsite/SomeDir/Details.aspx but he/she can access a view, say, http://myWebsite/ControllerName/ActionMethod.
How can I secure the views using the same existing SQL Membership implementation that works on WebForms on this newly integrated web app.
You need to place [Authorize] attribute (either on the action method or controller) to protect it.
Related
I am starting a new MVC project for one of my clients. They already have an iPhone app which is having most of the functionalities that I intend to do. And a web service exists. I do not have any database side work. My question is, I want to use the web service calls for authentication. But asp.net MVC is using Identity as default authentication. How do I tackle to use Identity with out much effort to call the web service for authentication?
I have a winforms application which calls web services and then based on the results fires up an ASP.NET webpage.
The ASP.NET webpage and web services are protected by a custom membership provider. At present the user has to log in to their winforms app and then also into the asp.net webpage. Is there a way to only have to log in to the winforms app and somehow share whatever authentication state exists with the ASP.NET webpage?
I've seen http://msdn.microsoft.com/en-us/library/vstudio/eb0zx8fc(v=vs.85).aspx - however it seems to be more aimed at sharing authentication between server applications, not two client applications.
what is the difference between these two projects, ASP.NET MVC2 web application and ASP.NET MVC2 Empty Web application?
The ASP.NET MVC Internet Web Application adds the Admin controller allowing you to register users which may authenticate on the site using the membership provider. It also contains the corresponding views. The empty project generates no controllers and views.
Also I guess that you are talking about ASP.NET MVC 3, as the default project template in ASP.NET MVC 2 doesn't have this distinction => it systematically creates the Admin controller.
NET web application and a WCF Application that share the same ASP.NET membership database.
They are both sharing the same ASP.NET membership database.
It is basically like:
WCF: is https://ServerName/Services.svc
ASP.NET: is https://ServerName/Default.aspx
(both are two virtual folders in the same web application and both are using the same ASP.NET membership database).
The user logs on to the ASP.NET application and can then decide to call the WCF service.
What are my options for setting the security for the call between the ASP.NET and the WCF service that make the call using the credentials supplied by the user when logging to the ASP.NET application?
If you run you application in ASP.Net Compatibility mode. You will get all the security features available with ASP.Net. Things such as HttpContext.Current.User will point to the logged in user.
For the fastest implementation (by fastest I mean to get up and running) get Juval Lowy`s ServiceModelEx library from http://www.idesign.net and use his declarative security library.
I have used this library a lot and it works well.
I stumbled upon this project ASP.NET WebProfile Generator
Why would I need proxy class to access profile?
Because ASP.NET only supports Profiles out-of-the-box with the Web Site option. If you are using a Web Application Project (WAP), then you have to roll your own.
The problem stems from the fact that the Web Application Project does not have the Profile object automatically added to each page as with the Web Site project, so we cannot get strongly-typed programmatic access to the profile properties defined in our web.config file.
Good news is that it's very doable:
ASP.NET: Web Site versus Web Application Project
How to add a Login, Roles and Profile system to an ASP.NET 2.0 app in only 24 lines of code
Web Profile Builder
Web Profile Builder for Web Application Projects
Writing a custom ASP.NET Profile class
ASP.NET Profiles in Web Application Projects