There is the UserController class that lets us access and save user data.
I think UserController was meant to be used from within the context of a DNN website application, since it somehow already knows the connection string and other DNN settings.
So I take it that DNN Controller classes can't be used outside the context of a DNN website application, thus I can't add/revoke roles, reset password, and other administrative actions from a desktop application, correct?
If it's possible, please let me know. Thank you.
That's not possible out of the box but some reference can be available here which does somewhat similar things: http://iweb.codeplex.com/
Most of what you are asking for are pretty simple DB operation. You could use Entity Framework to map tables into classes in your .Net App and then issue Update commands. However, these will be executed outside of DNN and may not impact a currently logged on user unless you clear the cache of DNN or restart app.
You could write custom WebAPI methods to do so as Hammond suggested above. You need to ensure that these methods are secure though and only Admin / Host can execute them.
Related
We are developing a Grails web application, where different users (customers) need to be pointed at different databases containing only their organization's data. Unfortunately, the separated databases are a requirement, and we are being asked to be able to have only 1 web application for everybody.
However, Grails expects only a single datasource pool connecting to one database.
We want to be able switch database connections, per session, based on the user that is logged in, where the different connections are read in from properties files during the BootStrap init().
So far, we have been unable to find a solution that does not seem to have race conditions, there is no plugin we can find, and it doesn't seem to be a popular issue.
Our most promising was creating a custom dynamic data source, set up in Bootstrap to define a map of organization->dataSource, and utilizing a closure defined in Bootstrap to find the appropriate dataSource before GORM behavior, but this seems to cause race condition when there is latency.
Does anyone have an idea how this switching can legitimately be performed?
Thanks
Considering Grails is built upon Spring your best bet is to develop your own resolvable datasource.
Dynamic datasource routing
Example of datasource routing
It's not clear in your question if you're deploying your application once, and trying to configure the DataSource used by User, or if you just want to configure by deployment.
If it's just per deployment, Grails allow you to externalize the configuration. You can set this to use a file in the classpath or in a static location.
I'm consuming a lot of WCF Services from a Silverlight application in a totally disconnected-way.
I want to ensure that I know the user who is calling every service and I don't know if there is a "standar way".
I've thought of a Login method to get a Token and then pass the username and its token in every call to ensure he/she is logged and has permissions to execute it.
Is there any "almost-done" way with ASP.NET authorization in my own SQL Server? Or I can only use its tables but I'll have to do it "manually"???
Thanks in advance!!!
It sounds like using ASP.NET Membership might be a good fit for you. There's two approaches you an use with this. The first is to use the default membership tables as generated by aspnet_regiis. This option has the advantage of being basically done for you. In this case, all you'd need to do is run the aspnet_regiis tool, then add the necessary portions to the Web.config for your WCF service as described here. Then, when calling the service you need to set credentials for your binding as described here - specifically the portion about setting ClientCredential for your binding when consuming the service.
The other option is to write your own custom membership provider as described here. This allows you to do whatever you want behind the scenes in terms of storing and managing your users, rather than using the pre-built ASP.NET mechanisms. This is a good approach if you're mating with an existing user base or want to have more control over how things are implemented.
Also, keep in mind that ASP.NET Membership isn't your only option for securing your WCF service. Spend some time reading up on your options, which include:
Windows Authentication and Windows Authorization via transport level security on basicHttpBinding
Windows Authentication and Windows Authorization via message level security on wsHttpBinding
UsernamePasswordToken Authentication with ASP.NET Membership and ASP.NET Role Authorization via message level security on wsHttpBinding
UsernamePasswordToken Authentication with custom validator via message level security on wsHttpBinding
Authorization using a custom Authorization Policy
Impersonation using Windows credentials
That list comes from this blog post, which is a good place for you to start exploring your options. Reading up on them will give you the opportunity to learn the strengths, weaknesses, and features of each so that you can choose the one that best suits your purposes. You can also begin with the MSDN articles on WCF security here.
In summary, yes there is an "almost-done" way to do it with ASP.NET Membership, and it shouldn't be too hard to implement, but take some time to explore your other options as well before just diving in with one, because they all have trade-offs and you don't want to have to re-implement it in the future if you decide the approach you chose is a bad fit.
One way to do this is if you can impersonate all users for that You need to add following in your service behaviour
<serviceAuthorization impersonateCallerForAllOperations="true" />
more details here http://msdn.microsoft.com/en-us/library/ms731090.aspx
and if you want to know the user then inside your service methods you can use
System.Threading.Thread.CurrentPrincipal.Identity.Name
to find the user name who is using your services
Edit:
You can use membership api details here
http://msdn.microsoft.com/en-us/library/ms731049.aspx
http://blogs.msdn.com/b/pedram/archive/2007/10/05/wcf-authentication-custom-username-and-password-validator.aspx
http://social.msdn.microsoft.com/forums/en-US/asmxandxml/thread/8a679fb2-e67e-44a9-b491-eb95d5144068
I am new to DotNetNuke, but I'm an experienced web admin and programmer.
I have an ASP .NET website / web application that I want to integrate into DNN 5 so I can easily add / modify content, etc. My existing site uses it's own login system to display user information. I have successfully placed (using iframes) all of my existing pages inside DNN pages.
The problem I am having is that I need to conditionally hide certain pages in the menu until a user is logged into my application. To be clear, my users are logging in using my existing authentication system, and will not actually login to DNN, so I can't simply grant permissions to those pages.
My question is this: is there some way (perhaps by modifying the DNN code) to conditionally hide menu items until certain requirements are met, such as authentication through my login system?
You can write your own DNN Authentication module that leverages your current system and code.
Our shop uses DNN, but hands off authentication to our university's centralized authentication system. I didn't write it, but I don't get the impression that it was too hard. Now when we create a portal, we install and enable our authentication module and then turn off DNN Authentication. Works like a charm.
We used DNN Garden menu for this (we do some thing sort of like that) the menu has a Node manipulator interface you can code against
http://www.dnngarden.com/
http://www.dnngarden.com/Menu-structure-manipulation.T104.aspx
we have had great success with this -
The other option which we have done as well is to write your own menu provider - not really that hard
I am going to be developing an application for work, and I am trying to decide whether to use Silverlight Business App or Asp.Net Web App. My manager is concerned about the performance and download time it would take if I created the entire application as a Silverlight app, with authentication. I have been playing around with some tutorials over the last week trying to get a perspective on my situation and have come up with a design question I need to ask those that are more experienced than me.
Is it possible to use a Asp.Net application and just embed a silverlight application in one of the pages that will be used inside a folder that is configured with the roles authorization? And if so, would it be possible to get user credentials from the client silverlight app without passing them through the initParams.
I understand that I can set the authentication to "useCookies", so I was thinking I would be able to get the cookie on the client and hopefully get a property verifying if the user is authenticated.
Also, would this be a risky practice? Thanks for any advice and direction.
There are a few approaches you could take. While I know you don't want to expose the credential in init params, you could generate a "ticket" (claims-based authentication) for the credential, and include the ticket (for example, a GUID) in the init params. When the Silverlight application launches, it would consume the ticket, possibly validating it via a secured web service call, and the ticket would no longer be valid so even if someone spoofed it or viewed the source, it couldn't be used.
Quite a bit depends on your architecture. For example, if you are using the roles-based authentication, and most of the business logic and/or decision making is based on web service calls, the web services can use HttpContext.Current.Identity to validate the user. Even if someone opens the Silverlight application, any service calls would fail unless they were appropriately authenticated. Otherwise, I would either go with passing a ticket so Silverlight trustst the user is valid (you can create a service that accepts the Guid and returns the role information) or have the user log in from Silverlight (you have a service facing in front of the authentication mechanism and then return a ticket and/or role information).
It gets even more interesting if you decide to use WCF RIA, check out these examples for baked-in authentication:
http://code.msdn.microsoft.com/RiaServices/Release/ProjectReleases.aspx?ReleaseId=2661
1.) It's absolutely possible to embed a Silverlight xap on an ASP.NET page.
2.) As far as credentials, using cookies could work, or you could pass in a token over initparams and validate that token via a web service to see if the user is valid
It's always a risk passing credentials around, especially when it's running on a clients computer. That said, Silverlight buys you a lot, so don't let the challenge of authentication hold you back.
Im currently working on registration of our application. Basically we have a simple concurrent licensing system so when the user logs in we store their computer name and logon name to uniquely identify them. This is done from a simple winforms app that allows us to retrieve this data.
We now have a brother silverlight project that must work in the same licensing. The situation being that if a user logs into the winforms app they will use one license and if they log in on our silverlight app it will still use the one license because they are accessing it from the same computer.
The problem is that we cannot retrieve the clients machine and logon name with the silverlight application.
Can anybody think of a way of handling this? Or am i going bout it totally the wrong way.
Thanks
Forms or Windows authentication.
Once authenticated you can retrieve anything you want (such as user claims, user profile...etc) which is provided through a web service. This of course mean you are communicating with some database somewhere.