Microsoft has provided us with ASPNETDB that takes care of Membership and roles.
Can I use and share Membership and Roles across Web, Intranet and Desktop applications?
We have some C# desktop applications and some ASP.Net Web applications. Currently we are using Windows authentication for desktop applications and Forms authentication for web applications. I was wondering if we can simply use ASP.Net Membership and roles feature for all applications.
Please advise what is your opinion.
Thanks.
If you want to store all of your logic for authentication and authorization in one place, then you can have your website expose a service that the desktop application can call to verify users. This service could leverage the providers you have written for your website.
This would require the desktop application computer to have a network connection, but unless you plan to store a copy of the aspnetdb database locally, it would need a network connection anyways.
You can use asp.net membership from a desktop application. You need to make sure your target framework is not a client profile, and add a reference to System.Web
Related
I am aware of ASP.NET Authentication using Identity. So, if my application already has Authentication enabled, why would I want to enable IIS authentication on top of that?
Also, if I have both enabled, will that require a user to type in his or her credentials twice (once for the application login and then for the IIS login)?
Both are different things altogether.
ASP.NET Authentication using Identity in your web application is used for authentication & authorization of End-User in your application.
IIS authentication is for security and access management for hosted application.
If we explore a little further why this is needed. End-user just need to rights for viewing data & doing operations using User Interface Screen.
IIS user(used for IIS autehntication) might need right for creating schema, modifying schema as in Continuous Integration (CI) when you deploy code, new schema is created or existing schema can be modified.
Also in multi-tiered application, we can choose to run service(web services, web API, WCF
etc) under end-user authentication if needed OR user with more rights is required.
All decisions depends on your architecture, needs & security requirements. No choice is good for all architecture needs. We need to choose what suits our requirement best in given scenario and we design in such way application is further extensible/scalable for higher loads and easier for maintaining code too in long support.
I have a Webpage made with ASP.Net and another set of tools like a WPF, Windows Forms applications. Is mandatory that the ASP.Net webpage and all the set of applications be authenticated against the same ASP.Net membership provider database.
What I want to know is the best way to authenticate using a WCF service that uses ASP.NET membership provider for the authentication. Is anything made out of the box for authenticate a ASP.NET webpage against a WCF authentication service? I have to implement a Custom Provider? Because the Membership in ASP.NET Webpage fill the IPrinciple User property with user information and I want the same behaviour with a WCF service authentication.
a custom membership provider is how i have done this before. it worked pretty well. my group made the mistake of making the wcf service match the interface of the membership provider, which was unnecessary and messy. if you choose to go this route, i'd recommend making your service contract on your own as you want it and implementing your provider to consume that.
if i was doing it again, though, i wouldn't use wcf at all, but rather just use a membership provider (existing or a custom one, depending on your needs) for the asp.net application that talks directly to the database rather than a wcf layer and have a shared assembly the other tools could use that talks directly to the database. even having common code in a wcf service tier. i don't think using a service really provides a whole lot that you couldn't get by just using a common assembly. the asp.net membership provider is going to be something separate anyway.
this is assuming you are within an environment where you can just have the desktop tools connect to the database. if this is an internet deployed scenario, you probably do need to do this through some kind of service, and wcf is a great candidate for that. it's probably a shorter path, though, to use an existing membership provider and build your wcf service on top of the database that goes with that than to build a membership provider that consumes the wcf service. i don't think it would be a bad choice to do the latter, but you'd probably be better off with the former. this, of course, depends on a lot of factors, though.
Mine is a web product (delivered to a browser), being built on ASP.Net (Framework 4.0).
Most customers seek Single Sign On, such that their users should directly logon to the application on its invocation with the Windows or Active Directory login, they're using. Some other customers want the application to accept form based login credentials. So basically my web application should be able to adjust (configured) based on the customer's requirement. Their may be claims based authentication is some stray cases as well. I'd like to know the best way to achieve this in ASP.Net.
.NET open auth is your friend.
http://www.dotnetopenauth.net/
Then, there's active directory/LDAP:
http://www.codeproject.com/KB/system/everythingInAD.aspx#35
And your own provider + WinForms should be clear.
NET web application and a WCF Application that share the same ASP.NET membership database.
They are both sharing the same ASP.NET membership database.
It is basically like:
WCF: is https://ServerName/Services.svc
ASP.NET: is https://ServerName/Default.aspx
(both are two virtual folders in the same web application and both are using the same ASP.NET membership database).
The user logs on to the ASP.NET application and can then decide to call the WCF service.
What are my options for setting the security for the call between the ASP.NET and the WCF service that make the call using the credentials supplied by the user when logging to the ASP.NET application?
If you run you application in ASP.Net Compatibility mode. You will get all the security features available with ASP.Net. Things such as HttpContext.Current.User will point to the logged in user.
For the fastest implementation (by fastest I mean to get up and running) get Juval Lowy`s ServiceModelEx library from http://www.idesign.net and use his declarative security library.
I have used this library a lot and it works well.
We have an ASP.NET MVC application that is not part of SharePoint. However, it'd be preferable to leverage SharePoint's security framework. For instance, when the user enters username/password in the non-SharePoint app, could it call a SharePoint webservice to authenticate the user? Or is there any other way to achieve this?
It all depends, if SharePoint uses AD then I see no added value in authenticating with SharePoint. If SharePoint uses forms-based authentication, I would create a custom web service running on the SharePoint server that allows you to authenticate users. That way if you ever need it again for another application you can use that webservice / wcf service.
To use the SharePoint Security framework you will have to run your application inside the context of the SharePoint. One quick solution to achieve this is to create a Virtual Directory under the SharePoint web application and place your code there and you will have the full sharepoint context.