I need to implement Role/Group based authentication in my ASP.Net web application using Active Directory Domain Services and LDAP. i want to use user’s windows logon identity credentials for authentication. I have no clue where to start.
If anybody have implemented the similar requirement, please reply with some pointers.
Also, please let me know, how i can test this in my organisation network and What should be the LDAP server credentials? Can i add our custom groups?
Please reply asap.
I'm just looking into this myself. In the past I've implemented Azman (authorization manager) on windows 2003 (it comes with windows 2003). This seems to work well; my app's been in production for 3 years with a fairly complex config and has held together ok.
Azman has been developed further with windows 2008, but I haven't implemented on this platform yet.
The thing that I liked about Azman was that it abstracts the authorization management away from the app code itself and can give very granular permissions. That said I'm still looking around for alternatives; the biz rule functionality always felt abit flaky for some reason and at least for my app became very important (biz rules let you set context around rights... so for example bob can edit some textbox, but only for specific records). Anyhow here's a few links that might help:
http://support.microsoft.com/kb/324470
http://msdn.microsoft.com/en-us/magazine/cc300469.aspx
I'm not sure if these articles answer all your questions.. or maybe you've found another solution? If after reading you have more questions just yell :)
Related
I am a little confused as to how the identity framework works. For example in VS 2013 we can create an MVC application that the authentication is individual user accounts. Once we create it we can register with a username and password. But what if we wanted to have also a DOB in the registration or some other fields such as email or phone etc? Can we do this with the identity framework? What about the way the data base is structured, can we have a custom structure? Or if I want this should I be using forms authentication? Also what is the difference between the Identity framework and Forms authentication in terms of authentication?
Although your post has already been marked as answered, I’d like to add a little more info for future readers.
The first thing we need to understand with VS and Microsoft is that they’ve always tried to provide us with Templates to help us get started. There are many Pros and Cons to using Templates but the idea is that it gets you started quickly without having to manually include stuff yourself.
The idea of Templates is great but to the untrained eye, it provides Microsoft an opportunity to include stuff that THEY think you’ll need or better yet, what your application will need.
This opportunity includes promoting products such as Identity, Knockout.js etc...
In short, Microsoft is not wrong in doing that since the majority of the people do not second guess what is included in their project and because they…well…trust Microsoft.
A great analogy is when you purchase a new computer from a major retailer. When you arrive home and start your computer, you quickly notice that you have a bunch of pre-installed software running in the background (that you never asked for).
To the untrained eye, they will never realize that these are running in the background and their computer will work regardless. But for someone that is aware, he will most likely uninstall all of them and have a cleaner plate.
So Templates are similar to this...
As for the rest of your questioning, I’m sure by now you’ve found the answers.
Even though Microsoft sells ASP Identity as a single solution, Forms Authentication and Identity (Membership) are two distinct frameworks that work together, but serve different purposes:
Forms Authentication manages authentication session/cookies.
Membership/Identity is the store for user information (credentials, user demographics, etc.)
Look here for some additional information and links.
I'm developing Asp .Net(MVC3) web application for my company.Some users use this site in internal network and some will use internet site.I've to Authenticate Users using the website.How can i do it?
Whether it is possible to check the Authentication code only after deploying the Solution? How can i check it in my local solution?Can Anyone Explain Step by step Process involved in this?
Its hard to give you a step by step procedure given that I don't know much about your infrastructure, or your dev environment.
With that said, it sounds like you want forms authentication for your external site, and integrated authentication for your internal. In both cases, the back end authentication would be done by Active Directory. A VERY common scenario.
All you need to know is the right terms to use, and you'll quickly find examples online. Google up something like "mix form and windows authentication mvc". But again, given all the different versions of IIS and MVC, there are quite a few scenarios so you may not find a definitive guide and instead you'll have to wind up evaluating each and mashing up a solution for your environment.
I have a website and I wanted to become an open ID publisher. How to do that?
Depending on your exact requirements, you might want to try OpenID delegation instead. You can then use your website as a layer of abstraction over a third party provider.
As you're building for asp.net - take a look at DotNetOpenAuth. It's a free, open-source library that can make your asp.net webrite an OpenID provider (your website can be used to identify you) or a relying party (users can log in on your website using OpenID).
In fact, StackOverflow uses it as well, and so do I. It has a number of examples, and it's pretty reliable and secure.. Definitely recommended! :)
If you just want to run your own identity server, then a good place to start looking is here. I run phpMyID on my site that acts as an openID server for me, it was easy to set up, seems to work, and no-one has stolen my identity ..yet.
I'm trying to use the asp.net (3.5) built in user management framework but I'm not 100% sure how to do this on godaddy. Google didn't help much, anyone have experience with this?
You can roll your own or find one. You cannot run the Asp.net configuration tool directly against your GoDaddy account. (If you notice, it's just another asp.net website runing in another dev web server via Visual Studio).
You can use the System.Web.Security.Membership and Roles static classes in the Membership Provider to hook into it. This is very easy to do. Membership.GetUsers(), etc.
You can also use the stored procs to manually add/remove users and roles.
-Nathan
Go to your hosting control center
in menu Content on top, go to IIS Management,
there will be list of web folder,
on top of the list you can see asp.net runtime versions and (modify) link in brackets, click on it. There you'll see if you are using asp.net 3.5.
I have also had this problem. About a year ago. So I am curious to know what the solution might be, if there is one! I was told by Go Daddy, back then, that they had ASP.net admin stuff "locked down" pretty tight. I went back and forth with their help people, who had to actually escalate it - because the general help team didnt understand what I was asking. What I ultimately did was I canceled my hosting service (they did give me a refund for unused time!) and I went over to a different host. Hope this helps and I will be listening carefully to responses as I am curious to see if they changed OR if someone has a workaround.
To get the tables that the membership provider uses, look in %WINDIR\Microsoft.NET\Framework\v2.0.50727. That is where the SQL statements used by the wizard are located. Also, check out:
http://www.asp.net/Learn/Security/tutorial-04-vb.aspx
for a more thorough explaination of how memberships tables are set up. You can do all the same work that the admin tool does, just not in a GUI format.
How come one user in the local Administrators Group has no problem hitting http://localhost:8080/services/v1.0/Registration.asmx while other users in the local Administrators Group get 403 (access denied) errors (with nothing in the Event log)?
Have you checked the permissions of all three areas. You need permisssion on server, reporting service and sharepoint for this.
I would strongly recommend you download Team Foundation Server Administrator tool to do this as otherwise it can be a right pain.
rasx, yea, the interface isn't the best on that tool. It basically allows an easy way to set up permissions to the Team Foundation Server, Reporting Services, and Sharepoint.
Most of the security problems I've come across always resolve down to one of those three permissions messed up on a particular user. I'm pretty sure that's what you're experiencing. Without the Team Foundation Administrator Tool that dove mentioned, you can still just add permissions to each of those areas manually.
It sucks that TFS doesn't come with an easy way to manage all permissions everywhere, but there you have it.
dove, I’m not sure about how the Team Foundation Server Administrator tool would help here. I installed it on the TF server and got an empty interface that looks like it is expecting pre-exiting Team projects.