AUTH_USER, Claims, and Classic ASP - asp-classic

I am attempting to implement a claims based solution into an application. I have an MVC/Classic ASP application, as well as an STS. After authenticating with the STS, I can see the AUTH_USER server variable from my MVC pages. However, this (as well as AUTH_TYPE, LOGON_USER, etc) are not visible in my Classic ASP pages. I would like to be able to test against a server variable that a user is in fact authenticated on the server. If possible, I could read the claim created by the STS to validate the user with my classic ASP pages (not sure if that's an option)
Basically I need a way for my classic asp pages to know that the user is valid when I am logging in via an STS.
Thanks!

Related

Is it possible to use same authentication on classic asp and asp.net 4.5 on IIS7

I am trying to apply single sign-on to legacy classic asp applications and asp.net applications. I have created a asp.net login page for all aplications. I can successfully pass the authentication ticket from new login page to the old asp.net application and share the session using sql server. However, I cannot do the same thing for class asp applications. Even though I have logged in to the new asp login page, it still redirects me to the new login page when I go to the classic asp applications. I have already checked that their machine keys are the same. The classic asp applications are some .asp pages and html files without web.config before. I added the web.config file to the folder by myself. I can see the machine key in the IIS manger so I think it is reading the file.
Classic ASP and ASP.Net use a different session state object, therefor you're not logged in into your classic ASP site.
There is a possibility, it's kind of a hack. I used it once and it works pretty well. Please have a look at this blogpost to see if it fulfills your needs. It uses the ASP session cookies from .Net in asp classic to call a .Net page that returns session (login) data:
http://devproconnections.com/aspnet/share-session-state-between-asp-and-aspnet-apps

AngularJS ASP .Net MVC login

I have various AngularJS single page applications running in a single ASP .net MVC project.
In one of my AngularJS SPA's I need to create a login page which would show then show another page of information when successfully logged in. The username and passwords are stored in a database.
I am very new to ASP .net and would like some advice on the best way to (using my angular form) login and have some kind of session cookie so the user remains logged in for the duration of their session.
If you build SPA you with high probability use WebAPI. Reccomended way to authenticate API user is slightly different than usual cookie authentification.
To see how it works create a new project. If you have last VS2015 go to file -> New project -> ASP.NET Web Application -> Web API (Authentification: Individual UserAccounts).
If you just return Json(someData) in your MVC contollers and already have authentification it should work fine on tradition cookie authentification.

SSO between ASP.Net and JSP

I built an ASP.Net MVC 4 application which uses forms authentication by means of a custom membership provider inheriting from the Simple Membership.
Everything is working fine, but now I have a new requirement: I need to integrate a JSP application with mine.
This means that it has to authenticate against the same user database of my application and that they should somehow share the session in order to achieve a kind of Single Sign-On among the two applications (if an user is already authenticated in the ASP.Net application, he should be able to access the JSP application without logging in again, and vice-versa).
What architecture do you suggest me to use?
I would like to change as little as possible the ASP.Net application.
Thanks!
If you need to auhtenticate accross different domains:
You can implement your own security token service (like facebook, google does) Here is some ready to use implementation: http://thinktecture.github.io/Thinktecture.IdentityServer.v2/
If the sites are running on the same domain (subdomain), then you can try to share an authentication cookie within these domains.
An explaining article: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic

Using ASP.NET Membership Cookie in Web Service

I have an ASP.NET 3.5 site that exposes web services as part of the web project for jQuery HTTP/POST calls to access. The site is using forms authentication. I currently have the web services denied to anonymous users. By using Firebug, I can see the ASPXAUTH cookie coming across on every web service call from jQuery, and I would like to use it to fetch the membership user from my ASP.NET membership database in the web service code. Is this possible? I'm having trouble both finding how to access a cookie on an HTTP/POST in the web service code & how to take that cookie and get the membership user.
Looks like it's a simple as just using Membership.GetUser();! I was having a brain fart and not realizing that it was that simple.

Shared Authentication, Membership & Roles across DNN and ASP.net applications

Here's my situation. I have a DotNetNuke application. I want to link to an existing ASP.net website from within the DNN website, and have decided to use DNN's IFrame for that.
The existing ASP.net application uses Forms Authentication for security - only authorized users can access the pages. This asp.net application also requires user roles for authorization to different pages.
I don't want users to have to sign on twice, and I'd like the asp.net page to use the user membership and role data from the DNN application - it shouldn't require it's own membership database.
Is this possible? According to the MSDN website:
"ASP.NET supports forms authentication in a distributed environment, either across applications on a single server or in a Web farm. When forms authentication is enabled across multiple ASP.NET applications, users are not required to re-authenticate when switching between the applications."
Does this apply to DotNetNuke applications linking to asp.net applications? Both are on the same domain, too.
(I tried modifying the config.web of the asp.net page to work with the DNN config.web, matching machine keys and forms settings - but it didn't work. I could be doing something wrong, but before I pursue, I want to know if it's even possible.)
Thanks for any help!
I don't know if what you're talking about is possible within DNN. We're on DNN 4.0 and they do some weird things with the ASP.NET membership tables which may cause trouble.
What I can tell you is an alternative way (assuming you have control over the ASP.NET application). There is a project called MADAM (Mixed Authentication Disposition ASP.NET Modules - I know a bit of a mouthful) that can be used to provide a method other than forms authentication for application logon.
What you could do is set MADAM up on your ASP.NET application and from DNN pass user credentials to the ASP.NET application. The end result appears to the user as single sign on.
If you need me to elaborate on anything, let me know in the comments.
Actually i am displaying some aspx pages in a iframe module present on a dnn page. Now since inside the iFrame i am displaying aspx pages hosted elsewhere but on same server. I am just want to authenticate the dnn logged-in user before loading the page inside iFrame.
Do dnn provide any API which i can call from apsx pages hosted elsewhere in order to restrict access to ony unauthorized user.

Resources