I have built a small web application with asp.net core 2.0 MVC. In this web application, I did not implement any authentication methods so far.
Right now I have an MSSQL database running in the background and I can add/view/edit/delete users from the database.
I adapted this tutorial and followed it pretty closely. However I also added some functionality like localization and stuff, and everything is running pretty smoothly.
My next goal is to enable authentication and authorization. The authentication part shall be straightforward. The goal is that the application will be running as an intranet solution. This means the authentication method just shall check if the Windows User is existing in the previously mentioned database. I don't want to create a separate login. However, it might be that there is a Windows user in the active directory, which is not part of the database. This User should just be able to see a default error page.
I made quite a huge research and I also tried a lot of different stuff, however, I do absolutely not find any "database first" tutorial for this part or any other documentation which explains what to do.
I actually "just" want to teach the asp.net core 2.0 identity framework that it shall look into my user-table and check if the current windows user is existent and if not to forward him to the error page.
A second step would be to load all the roles which this user is assigned to from the mapping table.
Any kind of help would be highly appreciated.
Dosc Microsoft has a lot of posts regarding authentication for ASP.NET Core. Here are some of the links to get you started:
ASP.NET Core Authentication
ASP.NET Core Authentication Identity
and a lot more.
Related
I think I finally understand OAuth/OIDC/IdentityServer/IdMgr/IUA/ASP.NET Identity well enough to recognize the answer to my question.
Can anyone point me at a full-featured end-user self-registration example/add-on for IdentityServer 3 or 4?
I'm aware of the admin UI products. I'm looking for an end-user, not administrator, self-registration and contact info admin UI similar to Individual User Accounts in MVC projects.
I'd also like the functionality, including UI, to reside on the STS and integrate with the STS OIDC authorization functionality.
A user registration add-on for IdentityServer 3 or 4 would make my day.
Or, is it true that comprehensive turn-key end-user self-registration for IdentityServer does not exist?
I have reviewed and ran the IdSvr3 AspNetIdentity integration samples. If end-user self-registration is there I don't see it.
I have seen a few examples that showed how to add an end-user self-registration page to identity server but they seemed more like a hack than comprehensive user self-registration/contact info admin feature, ALA MVC Individual User Accounts.
Using IdentityServer4 hosted in a .NET Core web app as the STS is an option I've explored. I didn't find any complete examples there either.
The simple answer, is, buy their AdminUI solution. https://www.identityserver.com/products/#AdminUI
If you don't want to buy it, the answer is you have to dive into the complexity and build it all yourself.
The Skoruba admin IdentityServer4 ad-on has end-user self registration.
Nahid Farrokhi's web API and MVC articles, see links below, explain how to configure IdSvr4 and .NET Framework 4.5.2 MVC and web API to work together.
https://nahidfa.com/posts/identityserver4-and-asp-.net-web-api/
https://nahidfa.com/posts/identityserver4-and-asp-.net-mvc/
Does anyone know is it possible to do a single sign up web application with ADFS in a "pure" angularjs enviroment? I am at the point to decide which framework for my next project. One of the main requirement is the ability to do "single sign up" with ADFS, but I don't want to "mix" angularjs with asp.net, just make thing more complicated. I would like to go pure angular without any asp.net framework, is it even possible?
I know there are a lot of questions on this topic, but it seems no one is really answering the question. Is it because it's not doable?
By the way, It is an intranet web application.
The problem is not with your ADFS server, the ADFS protocol itself, AngularJS, JavaScript or the browser.
It's with the way you tell your client-side application that the user is logged in from your server-side application.
As far as I know there is no way to do "pass-through" authentication over HTTP so you will need to have your users go through the preauthentication step.
With ASP.NET you get an access token "for free" because the ASP.NET application runs on a machine that's in the "trusted" ADFS network. Your browser on the other hand is not. The only way for ADFS to know you are who you say you are is to preauthenticate you.
I just implemented it using the Azure Active Directory for JavaScript library. After IT registered my app for me, I was up and running in 10 mins. There is an AngularJs example in the source code. https://github.com/AzureAD/azure-activedirectory-library-for-js
You should also register your development workstation so you can test locally.
I'm trying to authenticate my silverlight application to get windows user name, which then I use to get some further information. Have looked it up, but the answers I found were about configuring the web service to get it. Is there a way, to get windows credentials strictly in Silverlight? I cannot find .Credentials, the only thing I see is .ClientCredentials, but apparently it doesn't show the required information. I am getting the string "System.ServiceModel.Security.UserNamePasswordClientCredential". It actually allows me to set up the name, not retrieve it. Also there is a web service called authentication.asmx, but as before it applies to other purposes. Neither do I have any web service I could reference to and configure them. Or am I missing something? Perhaps I can retrieve the windows credential by NTLM or Kerberos? I am using Visual Web Developer 2010 Express with Silverlight 5.
My Experience is that the Membership framework that is present in the asp.net world is not available in silverlight. In order to achieve something similar I had to implement a web service (WCF) that was directed at the domain's active directory (ldap) server. Silverlight is a very strict framework in terms of interoperability, its good for security but has some limitations.
I am not sure about your level of knowledge of the active directory but here is a link that deal with a lot of the possible operations and has sample C# code to go along.
http://www.codeproject.com/Articles/18102/Howto-Almost-Everything-In-Active-Directory-via-C#40a
Currently I am working on a LOB Silverlight application. Eventually, I need to implement a single sign-on for the new app and an old Classic ASP web app. Right now, the Silverlight App is secured using Forms Authentication through a custom Membership Provider.
Reading online, I've come to think that Passive Federated Security is what I need. But, I am struggling with following questions:
1) What is a relatively painless way to set up STS. I don't really want to spend a lot of time setting this up. I've take a look at WIF - it seems to require some platform changes so that really is not an ideal solution [Even though it seems relatively easy to set up]
2) How do I integrate Classic ASP app to use the STS? - Currently it is validating against a custom userStore and putting the authentication/authorization info in the session.
3) Eventually, users will be accessing both apps through a third-party portal that authenticates them outside of our organization. So, somehow the portal would need to be able to issue Security Tokens [SAML??] that the STS will understand.
I am currently focusing on 1 and 2. If anyone has even a slightest insight into this, that would be greatly appreciated.
Thanks,
Ravi
The latest Identity Training Kit contains a full lab that demonstrates SL + claims identity.
There are a number of questiosn on StackOverflow that ALMOST hit this topic head on, but they are either for other technologies, reference obsolets information or don;t supply an answer that I can suss out. So pardon the almost duplication :)
I have a working ADO.NET Data Service, and a WPF client that hits it. Now that they are working fine I want to add authentication / security to the system. My understanding of the steps so far is...
Turn on forms authentication and configure it on the server (I have an existing asp.net membership service DB for other aspects of this app, so that isnt a problem) so that it is required for the service URL
In WCF apply for and recieve a forms authentication "ticket" as part of a login routine
Add that "ticket" to the headers of the ADO.NET service calls in WPF
Profit!
All well and good - but does anyone have a line on a soup to nuts code sample, using the modern releases of these technologies?
Thanks!
I have an example of doing this from Silverlight on my blog.
Check it out here : Forms Authentication and ADO.NET Data Services
You should be able to adapt this to a WPF application with minor code changes.