I started a Silverlight 4 RIA Services application with the Navigation Application template,
instead of the Business Application template.
Now I want to add authentication to that application (to protect a page from unauthenticated users)
I've added an AuthenticationService to the project,
but I'm not sure what the steps are now to get it actually working and there doesn't seem to be a way to "upgrade" to the business application template.
I can add the [RequiresAuthentication] attribute to some of the normal service methods,
but I cannot figure out how to allow the user to log in or prevent a user from opening a specific page.
Is there any guidance for an "upgrade" like this?
You need to configure the hosting ASP.Net App to enable forms authentication, which will probably require the configuration of an authentication provider.
Try this
http://msdn.microsoft.com/en-us/library/ee707353(VS.91).aspx
edit: doh moments too late ;)
Related
I have created a project which on the client side uses ReactJS and on the server side .NET Core 3.1. I have API controllers, loggers, services, repositories etc.
Now I would like to add an Admin panel. I decided to add another .NET Core 3.1 project only for the admin panel and would like to use the same database and identity to control users.
The problem is that I'm not able to sign into the DB that is in use in first project... and I don't know really how to achieve that.
Or maybe I should add AdminLTE to main project - but how?
So, the problem was in my custom login page...in first project I decided to have login and password as a way to log in user.
In custom login there is an email instead of login to log in user.
And that is it.
I'm trying to implement IdentityServer3 into my architectural mix. I like the idea of registering Clients, Users, and Scopes. What I do not like is using IdentityServer3's built in login and registration forms.
I have 4 different apps that need to use my IdentityServer3 implementation (aka TokenServer). These 4 apps are AngularJs apps. I have various C# .Net WebAPI services supplying data to these 4 apps. Right now each of these 4 apps have their own authentication and registration process. I need to consolidate authentication piece using IdentityServer3.
Each of these 4 apps have different account registration/authentication needs. There's a mix bag of 3rd party authentication (Facebook, Google) as well as traditional forms authentication against an account the user has registered with.
So, I cannot have any of my AngularJs apps use the default Login/Registration forms that come with IdentityServer3. I've spent a lot of time now trying to find a way to turn off the default views and just wire each of my AngularJs apps to my TokenServer. I simply want to POST login credentials to the /token endpoint and return a token that can be used in subsequent calls to my WebAPI. I want to replace the authentication process I have for each app with IdentityServer3 without changing the existing login/registration UIs.
I cannot find a sample app or even documentation that shows how to do this. Is it even possible to 'turn off' every one of IdentityServer3's UI views and use my AngularJs client's login and registration forms?
Please point me in the right direction. Thanks for your time.
It seems you want to use the OAuth 2.0 resource owner flow - which means - your app posts credentials to the token endpoint and gets back an access token. That is totally possible - you will miss out on some features like federation and SSO. But these are the known constraints of this flow.
If you want to use a redirect based flow (which gives you SSO and e.g. Google logins etc) - you need to redirect. You can replace any of the IdentityServer views with your own. The documentation and samples have plenty of information how to do that.
https://identityserver.github.io/Documentation/docsv2/advanced/customizingViews.html
https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/CustomViewService
Is it possible to get Silverlight ASP.NET Forms authentication working on IIS?
I followed sample http://blogs.msdn.com/b/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx and it works on ASP.NET Development Server but when hosting on IIS I get Error: "You are not authorized to view this page due to invalid authentication headers.".
Any success out there?
I can help you get rid of this ""You are not authorized to view this page due to invalid authentication headers"." error. You need to enable Anonymous authentication on your deployed application. That's it.
But Enabling forms authentication along with anonymous authentication is what I am looking for. Point is that I need to get users download my .xap which requires anonymous authentication but once .xap is downloaded in user's silverlight player, it wants to use forms authentication for log in. Multiple authentication at once doesn't seem to work for me. If you know anything in this regard, let me know please.
I have spent many hours trying to get my Silverlight Business application to run on Azure. My findings so far (open to correction)
Asp net authentication works with a Silverlight web application but not if Ria services is added. This is because Azure only allows one form of authentication per hosting and WCF will not work if the authentication mode is not Anonymous. This mean using WebContext is out of the question.
For the same reason passive federated claims authentication (either OpenID or custom STS) will not work with Ria services.
There is some good stuff in the Identity Training Kit. Active federated claims should allow a login popup to by used. Again there is an example in the kit. I initially didn't look at the "Out of Browser" example until I realised that it should work In Browser as well. I created a custom STS which the Web app called successfully, but I got "service not found" - I assume on the return leg.
I have now decided to pull the plug on all this as I need to get my application up and running. The Silverlight client already communicates with my database via Ria Services - why do I need to create extra pipelines when the authentication data is going to be in the same database? Would security be comprimised by simply checking a user name and password against my database? Would the System.ServiceModel.DomainServices.Client.ApplicationServices namespace be useful in this?
Second statement in your list is not accurate. You can use claims based identity with Ria Services. See here:
http://blogs.msdn.com/b/eugeniop/archive/2009/11/22/updated-ria-and-wif-samples.aspx
http://blogs.msdn.com/b/eugeniop/archive/2009/11/25/ria-services-and-wif-part-ii.aspx
Good day!
I have an silverlight site (silverlight navigation application) and I want clients to log in on my site. I want to give them different rights of viewing pages.
A WCF service gives me true or false when I enter a login and a password. Then, if it returns true, I want to remember the logged user. How can I do it? Using cookies or global variable or something else?
You should look at WCF RIA Service in a combination with the ASP.NET Membership Provider.
There is also a Template for an AuthenticationService...
Examples here:
http://blogs.msdn.com/brada/archive/2010/03/26/silverlight-4-ria-services-ready-for-business-authentication-and-personalization.aspx
http://blogs.msdn.com/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx
Although www.codeproject.com/KB/silverlight/SL3WindowsIdentityName.aspx is based upon Windows Authentication, could you not adapt the first part of it for your needs?