I need Single Sign On for two types of application: Silverlight 3 and Windows Forms.
Do you have any advice about how I could implement this?
Windows authentication is one possible solution. Any other?
Thanks
Best regards
Is the user authenticating through a Windows domain? If so you could use the domain credentials from both IIS (assuming that will host web services for Silverlight) and your WinForms.
On the IIS side you would use windows authentication for the web site hosting the Silverlight.
You can get the current user with WindowsIdentity.GetCurrentUser(). From there you can get the username, etc, and map that security context to your application's internal authorization.
The overall idea here is that the single sign-on would occur when the user logged into their workstation, and both the Winforms and IIS (Silverlight) would use that security context.
Related
I have a windows application and a web application. Both are having a different login screen. Is there a way to implement SSO with the help of windows credential so that user don't need to login again for accessing the applications.
Note : I am new to ADFS , Domain Controller and SSO so don't have much idea on how that works.
Any leads is appreciated.
you can implement SSO for your corporate/internal/on-premises application using Windows Active Directory and Windows Authentication. A Domain Controller stores the Windows Active Directory database. ADFS will help you extend your Identity and SSO capabilities trusting 3ra party Identity providers. E.g. Azure AD. With this you will be able to access applications in both networks with a single set of credentials.
I have an interesting situation that I haven't been able to crack. Here is the environment that my Silverlight application runs in.
We have a SharePoint 2010 intranet that is the main host for the application. On a web part page, we have a Silverlight web part that contains the application. We use the Client Object Model to deduce who the logged in SharePoint user is. The users of this application access the SharePoint site OUTSIDE of the AD domain that they use to login; meaning they have an AD account, but their computers are part of various domains. The Silverlight application makes calls to a WCF service over https via SOAP protocol.
The question is, how do I secure the services so that the only valid requestor is the Silverlight application when being called from inside the context of a logged in SharePoint user?
Each end-user has an AD account that is created for them. The SharePoint site is an extranet that requires each user to login using their AD credentials. However, no end-user is accessing a site from a computer that is part of the domain.
I've attempted using Windows Authentication, but we have a requirement that the user must not be prompted to login (to the web services) after they have already logged into SharePoint. I've attempted using the Client Object Model to "pass" authentication/credentials to the service, but no luck there.
We have to disable Anonymous Authentication before we go to live, so I've got to figure out a way to secure the services but not make the users login a 2nd time inside the application.
out of the box you cant, silverlight cant delegate to any external service for security reasons. What you can do is to secure your WCF channel via some other method (certificate based for example) and send through the current username manually. On the SharePoint end you can then impersonate the user.
It will be quite a fiddly thing to get going though :)
I have a silverlight application. I want the user to be able to logon using their windows credentials or better yet not have to logon at all, the application will just know who they are and approve them based on their user name.
Possible? If so then how?
Yes it is possible but not directly with Silverlight, you must use ASP.NET authentication for that.
Just create a separated webservice that is using Windows Integrated Authentication to get your data then the user validation will be on the server.
Heres two good article on how to do it :
http://msdn.microsoft.com/en-us/library/dd744835(v=vs.95).aspx
http://msdn.microsoft.com/en-us/magazine/ff646975.aspx
Is it possible to get Silverlight ASP.NET Forms authentication working on IIS?
I followed sample http://blogs.msdn.com/b/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx and it works on ASP.NET Development Server but when hosting on IIS I get Error: "You are not authorized to view this page due to invalid authentication headers.".
Any success out there?
I can help you get rid of this ""You are not authorized to view this page due to invalid authentication headers"." error. You need to enable Anonymous authentication on your deployed application. That's it.
But Enabling forms authentication along with anonymous authentication is what I am looking for. Point is that I need to get users download my .xap which requires anonymous authentication but once .xap is downloaded in user's silverlight player, it wants to use forms authentication for log in. Multiple authentication at once doesn't seem to work for me. If you know anything in this regard, let me know please.
Scenario: I need to configure a WPF application to send credentials from integrated security to an ADFS server and receive tokens back. I can't find guides describing in detail how to do this. The focus seems to be on web applications, web services, & WCF.
What are the steps to configure a WPF client? Is it possible to setup through a config file the same way a web app is configured?
You want to implement an Active WS-Trust scenario. Follow Lab 4 - Federation with ADFS with "active" clients" from here: http://claimsid.codeplex.com/releases/view/68061 .
If you chose to call ADFS manually to get tokens follow WIF, ADFS 2 and WCF Article Series by Dominick Baier here: http://leastprivilege.com/2010/10/14/wif-adfs-2-and-wcfpart-5-service-client-more-flexibility-with-wstrustchannelfactory/
Both of those resources have helped me to implement Active WIF Scenario.