I have an asp.net mvc application that I'd like to use forms authentication with two other asp.net apps that don't have the same machine key. Any thoughts on this? I don't have control of the machine keys for the other apps and they aren't the same.
You can point your connection string for authentication to a database that all application can access.
So if you have the default database that .NET creates, you can point your other application to that as well for authentication.
If you use the Database Publishing Wizard from MS then you can take the created database and copy that to any SQL database and then point each applications membership provider at that database.
Hope this helps.
You can also delegate you authentication operation to a service and use it from each app.
Related
I have a WinForms application that accesses an Azure SQL database via a WiFi connection. I would like to know how I can use ASP.NET Identity to register and login a user with their username and password. I have seen how a sample ASP .Net MVC 5 project does most of the work for you but can't seem to duplicate the functionality in my WinForms app. Appreciate any help.
There are many different ways to accomplish this, I would start here: http://msdn.microsoft.com/en-us/security/aa570351.aspx
One way is to use domain security, another way would be to use ASP.Net Membership by adding the necessary configurations to your app.config along with a reference to System.Web. In your app.config you could use a SQL Azure connection string.
Microsoft has provided us with ASPNETDB that takes care of Membership and roles.
Can I use and share Membership and Roles across Web, Intranet and Desktop applications?
We have some C# desktop applications and some ASP.Net Web applications. Currently we are using Windows authentication for desktop applications and Forms authentication for web applications. I was wondering if we can simply use ASP.Net Membership and roles feature for all applications.
Please advise what is your opinion.
Thanks.
If you want to store all of your logic for authentication and authorization in one place, then you can have your website expose a service that the desktop application can call to verify users. This service could leverage the providers you have written for your website.
This would require the desktop application computer to have a network connection, but unless you plan to store a copy of the aspnetdb database locally, it would need a network connection anyways.
You can use asp.net membership from a desktop application. You need to make sure your target framework is not a client profile, and add a reference to System.Web
I'd like to make an OOB Silverlight app based on the Silverlight Business Application template in Visual Studio. The template uses the default ASP.Net membership provider. I understand how to use that to add users and roles, etc. I've found plenty of tutorials on that. What I'd like to be able to do, is configure the Silverlight template so that it uses an existing ASP.Net membership base. We'd like this app to have a companion website (ASP.Net based).
To clarify: We've been able to setup an ASP.Net website and have created a SQL database with the required tables (aspnet_Users, aspnet_Membership, etc.). I'd like to configure a Silverlight app to access the same users and roles that are in those tables.
Can anyone help me out in terms of what I'd need to put in the Web.config? Do I just need a connection string? I'm new to ASP.Net authentication, but I'd rather use what ASP.Net gives me out of the box than have to write my own authentication service. I feel like this should be really easy, and is just a matter of pointing the Silverlight app in the right direction.
I'd like to use Silverlight 5 and .Net 4.5 if I can but I don't mind using an older version of either if it makes things easier.
You can just point the connection string to the existing database.
From this answer:
You can point your connection string for authentication to a database that all application can access.
So if you have the default database that .NET creates, you can point your other application to that as well for authentication.
NET web application and a WCF Application that share the same ASP.NET membership database.
They are both sharing the same ASP.NET membership database.
It is basically like:
WCF: is https://ServerName/Services.svc
ASP.NET: is https://ServerName/Default.aspx
(both are two virtual folders in the same web application and both are using the same ASP.NET membership database).
The user logs on to the ASP.NET application and can then decide to call the WCF service.
What are my options for setting the security for the call between the ASP.NET and the WCF service that make the call using the credentials supplied by the user when logging to the ASP.NET application?
If you run you application in ASP.Net Compatibility mode. You will get all the security features available with ASP.Net. Things such as HttpContext.Current.User will point to the logged in user.
For the fastest implementation (by fastest I mean to get up and running) get Juval Lowy`s ServiceModelEx library from http://www.idesign.net and use his declarative security library.
I have used this library a lot and it works well.
We're planning to use standard ASP.NET user authentication for our application. However, by default this requires us to have our user database on our web server in the App_Data folder.
This is usually a big no-no for us - our databases are all behind the firewall and all access is done via a WCF Service layer.
If the database was on a different server, but directly accessible from the web server then this still vioates our usual architecture rules.
Should we worry about our user database living on our web server? Does ASP.NET offer an out-of-the-box alternative?
NOTE: We're using .NET 3.5 and SQL Server 2005
You can install the neccessary db tables etc. in any SQL Server database.
Use the aspnet_regsql.exe Wizard found in C:\WINDOWS\Microsoft.NET\Framework....... to set up the target database.
Then simply update the connection strings in the provider configurations in the web.config.
Yes and Yes.
If you ever need to move to multiple web servers you shouldn't have the user data on one of those servers.
There are multiple was to do this, but check out this link for details on one MSDN How To: Use Forms Authentication with SQL Server in ASP.NET 2.0
you can create your own Custom membership provider by overriding the methods and properties of the following abstract class: public abstract class MembershipProvider. Once you override them, then you can use any valid datasource to authenticate the user. For example, you can use MYSQL, SQL server or even XML file to authticate your users. These provider models are really really cool.
Yes, you should worry. No, there is no out-of-the-box solution. ASP.NET only ships with a SQL Membership Provider and an Active Directory membership provider (reference). You will have to use a custom membership provider to provide your functionality.