I'm developing a web application with (MVC5 + AngularJS) for UI and WebAPI2 for webservices. Theose are two seperate projects hosted in different servers. And i'm Authenticating my webapp against an Active Directory. I enabled Windows Authentication for it and everything works perfect so far.
Now the problem is, I want to enable Windows Authentication on my WebAPI too. Only the authorized active directory users should be able to consume the web services. I enabled Windows Authentication features in IIS.
If i do so, the login prompt is fired twice. One for my MVC5, and second one fired when a webapi call is sent from angularjs. So literally i'm entering credentials twice.
So my question is, Can we inherit/pass the credentials of first login to the WebAPI ajax call, so that we can supress the second prompt.
Thanks in advance...!!
Related
I am working on a webapp, the Front-end is implemented in AngularJS which talks to back-end server by invoking REST API. The back-end is Java REST Server implemented using reslet framework deployed in Jetty.
Currently, when a user logs into a web app, a REST API is invoked which then goes to the Java REST server. The server then authenticates the user.
I want to implement SSO using SAML. So when a corporate user tries to login to the app, the user must be redirected to ADFS. If the user is successfully authenticated he must be allowed to login to the app.
I want to know how do I start? I have seen sam2-js library, however it seems to be for NodeJS based server. I am not quite sure if it can be used with AngularJS on frontend.
SSO with SAML involves browser redirects so the flow is between angular and ADFS.
There's no Java backend.
So Jetty is irrelevant.
SSO has nothing to do with REST. They are two different flows handled in two different ways.
SAML is not a suitable SSO protocol for angular. That's why you can't find any examples.
You need to use OpenID Connect with ADFS 4.0. ADAL is the way to go.
I'm using IdentityServer 4. I have a setup very similar to the asp.net Identity quickstart as on the IdentityServer documentation here .
I want to be able enable a single logout from the IdentityServer web application, so that when I call this POST method, it logs out from all of the connected applications.
I have an IdentityServer web application, and an MVC web application which uses Asp.net identity mediated by the IdentityServer application.
What's happening with the default setup (as per the quickstart) is that when you logout from within the IdentityServer app, if you've already logged in on the MVC web application, you will remain logged in on the MVC web application until the MVC cookie has expired.
Is there a way of adapting the quickstart so that you have a centralized sign-out method within the IdentityServer application that you can call from anywhere?
For HTTP based logout add a logoutUri to each of your clients and http://localhost:5000/account/logout should do that. You'll see an iframe with the endsession url which contains an iframe for each logoutUri that you've logged into for that session (stored in the cookie)
see:
http://docs.identityserver.io/en/release/topics/signout.html
Make sure your account controller and logged out view match the quickstart samples.
We have created an application and a web api which are hosted in various domains(or ports). I want to integrated both windows authentication as well as Forms authentication. So I need logged in user name in the web api.
I have added header withCredentials in ajax post and i am not getting the username. I have used HttpContext.Current.User to get the username. But the same is working properly when the application and the webapi are hosted in the same port or same domain.
Can any one help me out??
Regards,
ganesh. k
I'm currently try to develop an Office web addin, integrated in the Outlook (Read and Compose).
Everything works fine, except the authentication process.
Indeed, We have to authenticate the user from within Azure AD to access another application (our own application using the Azure AD Architecture where we need to call some web apis)
The solution I used is issued from this great article from Richard diZerega :
Connecting to SharePoint from Azure web app
This solution (we opt for the last scenario) works fine in our Desktop and Web based solution.
But it clearely doesn't work in phone web app , IOS app.
The problem comes from the popup Windows allowing the user to log in.
Actually, window.open, window.location.replace etc ... don't work "as expected" in our Outlook frame.
Everytime it open a popup window. (This is a good solution when the user use the desktop or web Outlook application)
I remember read somewhere that the Office Window where the plugin is loaded, is a secured Window where we can't do any sort of redirection.
I tried to work with ADAL.js, enabling the implicit flow of course, but the problem is the same. We need to redirect the frame to the Azure AD login page.
Finally, the question is : How to deal with an OAuth2/OpenID authentication in an Outlook web addin, and when we want it to work with all kind of devices ?
Login in Adal.Js is a page redirect by default. You don't have pop up issue. Adal.Js gets idtoken initially to be used for your own back end. It also does iframe requests to get access tokens for API endpoints. Office365 APIs support CORS api requests and you can use adal.js to send requests. Tokens will be attached to the requests if you define the endpoints in the config.
You can read about examples here: https://blogs.office.com/2015/03/06/increasing-opportunities-javascript-developers-office-365-platform/
or here : http://www.andrewconnell.com/blog/adal-js-cors-with-o365-apis-files-sharepoint
I'm making a mobile app using web api 2 as a back end with an angularjs/html5 front end. As a result, razor is out.
I've found a bunch of third party log in solutions but nothing specific for windows authentication. I wound up restarting my web api project to "individual user Accounts" instead of "windows authentication" since that seems to automatically put in oWin and oAuth. But I'm unsure of where to go from there.
I feel like this is something simple that I'm missing. Can anyone point me in the right direction?
You should configure your WebAPI and IIS to support Windows Authentication.
I assume that you had included
<authentication mode="windows">
in Web.Config of WebAPI. Hope IIS is also configured appropriately.
And when you call your WebAPI from HTML (say $.ajax or equivalent) make sure you include
xhrFields: { withCredentials: true }
in that call.