I have a Sharepoint Site(am not the SP expert) where user logs in this is form based authentication model where Username password is stored in a db...now when user clicks on a link i want him to redirect to a MVC3 application. While doing so i want user tobe autmatically signed in to MVC application. What is the best way to implement that.
Thanks
One way is to pass authentication token in the http header from SharePoint to other web application. Then, MVC application should validate the token before accessing the web site.
Related
I have an ASP.NET MVC 5 applicationand I want to add LDAP authentication.
I already have a form page which is a startup page which tell the user to enter his name and password. The form page is redirected after submit to a home page without testing anything.
I don't know now how to verify if the user exists or not using ldap authentication.
Is this MS ActiveDirectory LDAP? If so you will want to take a look at ASP.Net Identity: http://www.asp.net/identity/overview/getting-started/introduction-to-aspnet-identity
I'm planning on making a restful web service using ASP.NET Web Api. A number of ASP.NET MVC web applications and possibly native apps will consume the service. The service will use ASP.NET Identity to authorise requests/users. I can see how I would use the service with native apps by passing a token with each request.
My issue is with any ASP.NET MVC apps that consume the service, how will I mark a user as logged in after making a request to the service?
Here's what I'd like, is it possible?
User isn't logged in, redirected to log in page
User submits form which calls MVC controller in the app
The controller makes a call to the web service
The web service returns the id, name and roles of the user (JSON maybe?)
This is where I'm stuck: The ASP.NET MVC web application then marks the user as logged in for the whole MVC web app. The role will be used in any authorize attributes on any controllers/actions. The ASP.NET MVC web app will also be able to remember the user via a cookie and log them in automatically in the future.
To set the cookie you just need:
FormsAuthentication.SetAuthCookie(USERNAME, true /*rememberMe*/);
This solve your authentication issue. Authorization - determining what a user can and cannot do - is another story. You need to cache the roles a user is in somewhere and check them as needed.
We are planning to start developing our new site with ASP.Net, MVC and AngularJS. I will also have a WebApi that i would like to use oAuth authentication with, because it is easy to to pass in token, plus may want to allow users to login with Google, Facebook etc in the future.
Questions
If i want to use oAuth on my WebApi (which is a separate application), what authentication method should i be using for my asp.net MVC website? oAuth? Forms? Both? And how do you implement this? On my API i wrote a simple oAuth provider that asks for a username and password and returns a token string.
Should my WebApi have a single sign on login page to interact with the website? Or should the login page be on the website? Should the login page use client side calls or server side calls?
What is actually within the oAuth token and how does it link to my website? Do I have to do something on the server once they login via Facebook/Google? Can I use this token on my server to determine which user is logged in?
Our website has many databases, all the same, but depending which user is logging in, depends on which database they can view data from. Is this easy to cope with using standard method/objects in ASP.Net MVC? Or is this going to force me in writing my own code?
Any advice would be appreciated as well!
If are you planning to use MVC 5 You could use Asp.Net Identity.
Take a look here: http://www.asp.net/mvc/overview/security/create-an-aspnet-mvc-5-app-with-facebook-and-google-oauth2-and-openid-sign-on
I hope this could help you.
Diego
Your best bet :
This topic shows how to secure a web API using OAuth2 to authenticate
against a membership database for both local and social login
http://www.asp.net/web-api/overview/security/individual-accounts-in-web-api
I have an asp.net intranet application where a user is logged into. I would like to authenticate this same user on another asp.net application which is public and in a diffrenent domain.
Is it possible to somehow use his token securely that was created in for the intranet application ? So the user does not have to login again? what to use here, asp.net forms authentication?
thanks
the thing what you want is called CAS.
We are starting with a new application build with Asp.net. It should connect to a webservice which is already available to retrieve data to present to the user. We've created a repository which communicates with the webservice.
The webservice needs authorization with the same user credentials which the user uses to logon to the web application. The user is authorized with Forms Authentication with cookie support.
The problem is that we cannot retrieve the password from the user on new requests when the user is once authorized and automatically logged on. This password is needed to logon to the webservice from the repository classes.
Any ideas on how to implement this the best and safest way ?
You can try using Client Application Services to get and set the cookie. Or you can manually get and set the cookie using the sample code on this post. The example shows both methods and is geared specifically to passing a forms authentication cookie from an MVC application to an OData WCF feed:
http://blogs.msdn.com/b/astoriateam/archive/2010/07/21/odata-and-authentication-part-7-forms-authentication.aspx
Also, here is a similar example that is trimmed down in scope:
http://www.codeproject.com/Articles/190806/Send-Cookies-When-Making-WCF-Service-Calls