We have created an application and a web api which are hosted in various domains(or ports). I want to integrated both windows authentication as well as Forms authentication. So I need logged in user name in the web api.
I have added header withCredentials in ajax post and i am not getting the username. I have used HttpContext.Current.User to get the username. But the same is working properly when the application and the webapi are hosted in the same port or same domain.
Can any one help me out??
Regards,
ganesh. k
Related
I have a Spring Application, That authenticates the user name and password, And uses the JWT token for the SSO, I have deployed it in the Web Sphere Application Server, (**I have used the WAS 9 )I need the application to generate the LTPA token so that it can be used to authenticate the other application which is deployed in another web sphere application server, in the IBM Documentation, However the issues is. I am not aware where it needs to be added in the project. Or do I need to do anything needful. I have enabled the LTPA from the Security>> Global Security and enabled the SSO as well. I am aware that the generation is automated, But as the application needs to create the LTPA token for specific user. And it needs to be redirected to the URL of the other application, Which has the same domain name as well, The issue remains, What are the modification that I need to do in order for the application to generate the LTPA token and send it to the application that is deployed in other WAS server. And can I use the restapi for it. OR can be added in the URL, or use cookies.
Thank you in advance.
I'm developing a web application with (MVC5 + AngularJS) for UI and WebAPI2 for webservices. Theose are two seperate projects hosted in different servers. And i'm Authenticating my webapp against an Active Directory. I enabled Windows Authentication for it and everything works perfect so far.
Now the problem is, I want to enable Windows Authentication on my WebAPI too. Only the authorized active directory users should be able to consume the web services. I enabled Windows Authentication features in IIS.
If i do so, the login prompt is fired twice. One for my MVC5, and second one fired when a webapi call is sent from angularjs. So literally i'm entering credentials twice.
So my question is, Can we inherit/pass the credentials of first login to the WebAPI ajax call, so that we can supress the second prompt.
Thanks in advance...!!
I wanna authenticate my AngularJS Site users with on premise Microsoft active directory. Is there any AngularJs plug-ins or way available to do this?
SO can we use windows authentication from front-end only, without involvement of server side code?
I'm currently try to develop an Office web addin, integrated in the Outlook (Read and Compose).
Everything works fine, except the authentication process.
Indeed, We have to authenticate the user from within Azure AD to access another application (our own application using the Azure AD Architecture where we need to call some web apis)
The solution I used is issued from this great article from Richard diZerega :
Connecting to SharePoint from Azure web app
This solution (we opt for the last scenario) works fine in our Desktop and Web based solution.
But it clearely doesn't work in phone web app , IOS app.
The problem comes from the popup Windows allowing the user to log in.
Actually, window.open, window.location.replace etc ... don't work "as expected" in our Outlook frame.
Everytime it open a popup window. (This is a good solution when the user use the desktop or web Outlook application)
I remember read somewhere that the Office Window where the plugin is loaded, is a secured Window where we can't do any sort of redirection.
I tried to work with ADAL.js, enabling the implicit flow of course, but the problem is the same. We need to redirect the frame to the Azure AD login page.
Finally, the question is : How to deal with an OAuth2/OpenID authentication in an Outlook web addin, and when we want it to work with all kind of devices ?
Login in Adal.Js is a page redirect by default. You don't have pop up issue. Adal.Js gets idtoken initially to be used for your own back end. It also does iframe requests to get access tokens for API endpoints. Office365 APIs support CORS api requests and you can use adal.js to send requests. Tokens will be attached to the requests if you define the endpoints in the config.
You can read about examples here: https://blogs.office.com/2015/03/06/increasing-opportunities-javascript-developers-office-365-platform/
or here : http://www.andrewconnell.com/blog/adal-js-cors-with-o365-apis-files-sharepoint
We are the process of developing a android phone app using IONIC framework and Web Api as the backend.
My question is ,is it sufficient to use Forms Authentication along with SSL to keep the phone app secure.
Our background is in Asp.Net web development and we could not see any examples that uses Hybrid mobile app development along with forms authentication,that makes me wonder if we are in the wrong track.
We implemented CORS along with WithCredentials both on Angular and Web API side, and the authentication piece seems to work fine for all subsequent calls in debug mode.
Do we need to take additional steps for security ,since its a phone app ?
Edit: I was reading about bearer token authentication with Web Api, is this a recommended way to go with phone apps ?
Thanks !
Yes my recommendation is to go with bearer tokens not with forms authentication.
You need to use OAuth 2.0 Resource Owner Credentials Flow which means that end-user provides the username/password only once for a specific endpoint i.e(/token) and then if the username/password valid you obtain something called Bearer Access Token.
This token is valid for specified period and you can configure this in your Web API. Once you obtain the access token, you need to store it securely in your android/hybrid app, then you keep sending it with each request to your web api protected end points using the Authorization header (Bearer scheme). I've written very detailed post which covers your scenario 100%. Please check the post Token Based Authentication and another one for authentication with AngularJS authentication which should work with your case. Let me know if you need further help.