Is it possible to get Silverlight ASP.NET Forms authentication working on IIS?
I followed sample http://blogs.msdn.com/b/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx and it works on ASP.NET Development Server but when hosting on IIS I get Error: "You are not authorized to view this page due to invalid authentication headers.".
Any success out there?
I can help you get rid of this ""You are not authorized to view this page due to invalid authentication headers"." error. You need to enable Anonymous authentication on your deployed application. That's it.
But Enabling forms authentication along with anonymous authentication is what I am looking for. Point is that I need to get users download my .xap which requires anonymous authentication but once .xap is downloaded in user's silverlight player, it wants to use forms authentication for log in. Multiple authentication at once doesn't seem to work for me. If you know anything in this regard, let me know please.
Related
I am developing an ASP.NET MVC website. It is hosted in Azure and users are authenticated with AAD for our single tenant. I intend to make the website available in a Teams app, so that my coworkers can navigate to my website via the Teams Windows app and the mobile app.
I follow these steps to integrate security in a web browser: https://learn.microsoft.com/en-us/learn/modules/msgraph-build-aspnetmvc-apps/5-exercise-add-auth
I followed these directions to integrate security with Teams: https://learn.microsoft.com/en-us/microsoftteams/platform/tabs/how-to/authentication/auth-aad-sso. I'm not sure that I did this correctly.
At this point, I can:
Login with a web browser
Login via Teams mobile app
Load Teams in a web browser then load my app (not a use case that I need to support, but this worked and I was not prompted to login. I assume that I wasn't prompted to login because I was already logged in directly in another browser tab).
I cannot:
Login via Teams Windows app -- This is my primary use case unfortunately.
When I try to login with the Teams application on Windows (using the same pages and forms as on mobile), the page just disappears. I'm not prompted with the usual Microsoft login page.
How can I diagnose the cause of the problem? I don't see any obvious errors reported in Teams. Is there any way to get access to the root error?
EDIT:
login.microsoftonline.com is reporting "Your browser is currently set to block cookies. You need to allow cookies to use this service." I'm now aware of the SameSite changes (https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-handle-samesite-cookie-changes-chrome-browser?tabs=dotnet) and I've implemented the recommended SameSiteCookieManager code to address the SameSite issue.
I'm still running into the same issue. No exceptions or errors reported except that Teams does not accept cookies.
May have to break this down further, here's how I would decipher it.
First of all, you will have to figure out if the issue is with Teams or on the Auth side.
Figure out which line of code is executing last? You can debug or write to terminal/logs.
Do you see any exceptions? Ideally debuggers can help or you can add some code to catch any exception.
If it's failing before executing any code, do you see any http requests going out, you can use fiddler for this. See if you are seeing any error codes.
If you are using Windows then check Event Logs for any errors or exceptions for Teams App. Look at the Application logs.
Look out for Audit logs and sign in logs and check if you see any activity in your tenant when you run this app.
https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-activity-logs-azure-monitor
Some other points would be to check if you can repro this with a sample app or a different user(elevated user). If there is any additional info do share.
We have created an application and a web api which are hosted in various domains(or ports). I want to integrated both windows authentication as well as Forms authentication. So I need logged in user name in the web api.
I have added header withCredentials in ajax post and i am not getting the username. I have used HttpContext.Current.User to get the username. But the same is working properly when the application and the webapi are hosted in the same port or same domain.
Can any one help me out??
Regards,
ganesh. k
I'm currently try to develop an Office web addin, integrated in the Outlook (Read and Compose).
Everything works fine, except the authentication process.
Indeed, We have to authenticate the user from within Azure AD to access another application (our own application using the Azure AD Architecture where we need to call some web apis)
The solution I used is issued from this great article from Richard diZerega :
Connecting to SharePoint from Azure web app
This solution (we opt for the last scenario) works fine in our Desktop and Web based solution.
But it clearely doesn't work in phone web app , IOS app.
The problem comes from the popup Windows allowing the user to log in.
Actually, window.open, window.location.replace etc ... don't work "as expected" in our Outlook frame.
Everytime it open a popup window. (This is a good solution when the user use the desktop or web Outlook application)
I remember read somewhere that the Office Window where the plugin is loaded, is a secured Window where we can't do any sort of redirection.
I tried to work with ADAL.js, enabling the implicit flow of course, but the problem is the same. We need to redirect the frame to the Azure AD login page.
Finally, the question is : How to deal with an OAuth2/OpenID authentication in an Outlook web addin, and when we want it to work with all kind of devices ?
Login in Adal.Js is a page redirect by default. You don't have pop up issue. Adal.Js gets idtoken initially to be used for your own back end. It also does iframe requests to get access tokens for API endpoints. Office365 APIs support CORS api requests and you can use adal.js to send requests. Tokens will be attached to the requests if you define the endpoints in the config.
You can read about examples here: https://blogs.office.com/2015/03/06/increasing-opportunities-javascript-developers-office-365-platform/
or here : http://www.andrewconnell.com/blog/adal-js-cors-with-o365-apis-files-sharepoint
I'd like to use Google AppEngine with Silverlight client. I'm hoping to use the Google login authentication mechanism within the Silverlight client. Is this possible? Does anyone have any example sites where a RIA client used in conjunction with Google AppEngine security?
Thanks.
You need to have your users log in via a regular HTML page, then send them to the page with the silverlight client. Anything else would be encouraging users to enter their credentials into a third-party site, which is a Bad Idea.
I really don't believe that is true, meaning if you have an installed application Google has a login that allows you to enter username and pwd in your application. I believe silverlight is closer to windows application. Here is the login mechanism
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html
I need Single Sign On for two types of application: Silverlight 3 and Windows Forms.
Do you have any advice about how I could implement this?
Windows authentication is one possible solution. Any other?
Thanks
Best regards
Is the user authenticating through a Windows domain? If so you could use the domain credentials from both IIS (assuming that will host web services for Silverlight) and your WinForms.
On the IIS side you would use windows authentication for the web site hosting the Silverlight.
You can get the current user with WindowsIdentity.GetCurrentUser(). From there you can get the username, etc, and map that security context to your application's internal authorization.
The overall idea here is that the single sign-on would occur when the user logged into their workstation, and both the Winforms and IIS (Silverlight) would use that security context.