I have imeplemented Auth server with Dot net core 3.1 and Identity Server 4 (3.1.3) version.
I am using ResourceOwnerPassword Grant type for token generation along with refresh token option.
I have hosted my application in Azure app service. It is been observed that memory consumption is everyday increases instead going down eventhough application is not in use.
If anyone has come across this kind of situation please let me know.
Thanks in advance.
I am developing an AngularJS application with some Asp.Net Core Web API support. This application is not using any database in backend. Now I want to implement a social login option for some privileged access. What is the best authentication mechanism without using any Asp.Net Identity tables?
As far I know OpenIddict is coupled with Asp.Net Identity So that I must implement a storage mechanism for that. Please correct me if I am wrong. I am also looking for other options like ASOS but it is too complicated compared to OpenIddict so I couldn't find a good solution with that.
Kevin Chalet published an excellent article but still I am struggling because of my poor technical knowledge on this subject.
http://kevinchalet.com/2016/07/13/creating-your-own-openid-connect-server-with-asos-introduction/
Can you please guid me?
I have this scenario ahead and I'm wondering if someone has already tried to run IdentityServer4 on mobile device since it supports .net core?
In theory you can. however IdentityServer4 is an ASP.NET Core middleware that relies on ASPNETCore.MVC which means it needs to be hosted. If you can figure out how to host a standard MVC application on the mobile device then you can add the IDS4 middleware to it.
You might need to jump through many hoops though but I have seen apps of phones that actually are "webservers" (AirDroid for example)
I've created a Asp.net MVC web application that has a SQL Server attached to it. I would like to update the database on an action (in this case a physical card swipe). I have a microcontroller that stores the identification number and then can connect via tcp to the site.
What is the best approach for allowing the microcontroller to add data to the database attached to my MVC website? I was considering setting up an API similar to the one described here, and just posting to the website constantly. Is this the best approach to the problem?
Thanks!
Yes, it'd be pretty straightforward to have the uC do an HTTP POST to a specific URL and have your website do something in your database as a result.
This example of dealing with POST in asp.net MVC might help.
I'd be strongly considering using SSL/TLS with a client certificate, if your microcontroller can handle it. Otherwise your application could be open to spoofing (someone pretending to be the card reader) or sniffing (monitoring of traffic between the reader and your web server).
There appear to be several options for embedded SSL/TLS stacks in a Google search for "embedded ssl".
Also, if you're dealing with credit cards you'll want to be sure you're aware of the Payment Card Industry Data Security Standard (PCI-DSS).
I have a Silverlight application that needs to retrieve some data from my database. This data is sensitive. Because of this, I only want my Silverlight application to be able to access the data. How do I ensure that only my applications can access the services that expose this data? Is there a way that I can validate a client attempting to retrieve the data?
Thank you!
These might be of interest:
Using ASP.NET Secure Services and Applications Services
Build Line-Of-Business Enterprise Apps With Silverlight, Part 2
MS Whitepaper: Security Guidance for Writing and Deploying Silverlight Applications
Well, everything your SL application does could be spoofed. So direct answer is NO, you cannot ensure that only your application will access to the data.
But there are number of options. For example you can implement authorization and then authenticate your user. In this way you can ensure that only users you trust access to the data.
Another option is to make spoofing harder. For example you can include sort of "secrete" token to all your requests. So other application will need to steal this token. This harder to achieve.
I think this question is more pertaining into implementing a web service or wcf service with authentication and authorization. If your service takes care of it, then you can be ensured about your data. Your silvelight app is just calling the service.
Whoever download the xap can decompress and reverse engineer your code, so your best bet is to build a web service as others suggested. Silverlight Ria ships with a full blown authentication membership that you can leverage.