I have a web site and web service on the same server. The users log into the web site, which calls the web service to perform processing. The web service must ensure that only authenticated users access it. I thought that the easiest way to do this would be to share forms authentication between the two applications, since the user is already logged into the web site, but it does not work. The web service never sees the authenticated user. I tested creating another web site and sharing forms authentication between the two web sites and it worked fine, so I know the problem is specific to the web service.
Is it possible to share forms authentication between a web site and web service?
If not, what would be the best way of accomplishing the same end result, keeping in mind that I only have access to the user's password when they log into the web site.
Related
I have a MVC ASP.NET site that uses a database lookup for user authentication and then stores authentication variables in cookies.
I want to redirect the user to a MVC ASP.NET Core subsite without the user losing his authentication variables.
I am not able to share cookies between the two sites due to different encryption-schemes.
Both sites are hosted on the same domain on a windows server (IIS). Is there any way to securely transfer data along with the url redirect?
Is there some obvious solution that i am missing?
Please let me know if you need additional information about the project.
As a temporary solution, the user is promted for a new login once he is redirected to the subsite. I wish to avoid this.
You can not share data from MVC web app to MVC core web app. That is because it is hard to do.
But, there is a way to share the authentication mechanism. You can have an identity provider which will be responsible for authentication of users in both the sites. The login functionality will be in the identity server. Once a user is logged in, both your sites will use those authentication data.
I built an ASP.Net MVC 4 application which uses forms authentication by means of a custom membership provider inheriting from the Simple Membership.
Everything is working fine, but now I have a new requirement: I need to integrate a JSP application with mine.
This means that it has to authenticate against the same user database of my application and that they should somehow share the session in order to achieve a kind of Single Sign-On among the two applications (if an user is already authenticated in the ASP.Net application, he should be able to access the JSP application without logging in again, and vice-versa).
What architecture do you suggest me to use?
I would like to change as little as possible the ASP.Net application.
Thanks!
If you need to auhtenticate accross different domains:
You can implement your own security token service (like facebook, google does) Here is some ready to use implementation: http://thinktecture.github.io/Thinktecture.IdentityServer.v2/
If the sites are running on the same domain (subdomain), then you can try to share an authentication cookie within these domains.
An explaining article: http://www.codeproject.com/Articles/106439/Single-Sign-On-SSO-for-cross-domain-ASP-NET-applic
Is it possible share authentication between Asp.NET web applications and silverlight business application?
Scenario:
When uses logged in on either SL application or Asp.NET application using same browser, I want them to used active authentication. I have seen OpenId authentication can do such, But wondering can asp.net authentication is also able to do such.
Yes the authentication infrastructure can be shared between ASP.Net and SilverLight. If both the sites are under one domain, we can implement the standard authentication using ASP.Net Membership and role provider.
You can then use the WCF Authentication Service to and authorize user. This authentication is is good only for any server side functionality. If you want to authorize on client side (SilverLight) application you need to build your own infrastructure. Role and Membership provider data available can help you in that.
You can host your SL application in ASP.NET page and when somebody comes on this page do authentication. For instance, you can use FormAuthentication on the site, so when you are navigating from some page to page with Silverlight - access will be hovered by very FormAuthentication. OpenId you can use if ASP.NET app and Silverlight on different sites (domains), but if the Silverlight app is hosted on asp.net page you can also authenticate using asp.net infrastructure on server side.
I need to integrate my sharepoint site and ASP.net site. So, First login will occur in the SharePoint site with Active Directory authentication and from there i need to traverse to ASP.Net site through a link. Now my question is whether its possible to pass my SharePoint Active Directory credentials to ASP.Net site? Will i be able to do this through a query string? Will i be able to navigate to and fro between SharePoint and ASP.Net sites.
The main point here is the user should not enter his credentials twice ( ie.. He should be authenticated automatically while navigating between two sites.)
What are the options available for me?
Do these things possible to achieve? SharePoint will be hosted using Windows SharePoint Services 3.0.
Thanks in advance,
ReplyQuote
Is the ASP.NET site on the same network? If so, then you can use AD (Windows Auth) for authentication on the ASP.NET site just like you're using it on the SharePoint site. You don't need to pass the credentials, and you can't anyway since all you have is an authenticated identity. If you configure the ASP.NET site to require Windows Authentication, you'll be able to get the user's identity from the server variables (AUTH_USER).
See How to: Use Windows Authentication in ASP.NET 2.0
I have an ASP.NET 3.5 site that exposes web services as part of the web project for jQuery HTTP/POST calls to access. The site is using forms authentication. I currently have the web services denied to anonymous users. By using Firebug, I can see the ASPXAUTH cookie coming across on every web service call from jQuery, and I would like to use it to fetch the membership user from my ASP.NET membership database in the web service code. Is this possible? I'm having trouble both finding how to access a cookie on an HTTP/POST in the web service code & how to take that cookie and get the membership user.
Looks like it's a simple as just using Membership.GetUser();! I was having a brain fart and not realizing that it was that simple.