Currently I have an application that is running asp.net MVC 5 utilizing Owin.IAppBuilder for authentication. This was the standard authentication method when building mvc applications. This auth method connects to a SQL database and uses the standard aspNetUsers table method.
I am looking to start building a .net Maui mobile app. This .net Maui app I would like to allow existing and future users of my MVC 5 application to authenticate.
I researched many options but unsure the best method to start implementing. Does anyone have suggestions on what Path I should take?
If you want to use your own web service for authentication, you can use WebAuthenticator to achieve it.
For more information, please refer to: Web Authenticator | Microsoft
Related
I am going to create an web app using Dot Net Core. In future, i will also create mobile application for the same application. Now, i am in thinking the architecture of the project. I want to use WEB API core using Asp.net Identity Core. Also, i will consume WEB API in MVC Core application. But the question i have in mind that how i can handle ASP.net identity with MVC and WEB API? Do i need to include in MVC as well or only in WEB API?
I tried to think hard but still confuse. Need suggestions.
You can use token based authentication .
In a resource owner flow scenario , your client app( mvc application/native application) will consume your web api by providing user's credential , web api will validate the credential(using ASP.NET Core Identity) in database , If the username and password are correct then a JWT authentication token and the user details are returned. Your client app could validate the token and sign in user :
ASP.NET Core 2.2 - JWT Authentication Tutorial with Example API
Tutorial built with
Token Authentication in ASP.NET Core 2.0 - A Complete Guide
In addition, IdentityServer4 is a good choice when you want to roll your own full-fledged OpenID Connect authorization server that can handle complex use cases like federation and single sign-on.
So your question is maybe a bit open-ended for Stackoverflow and you don't really show what you have tried so far.
I will try to answer though. First you just need to start out with a template for your project. Start an MVC project in which you can easily have API endpoints as well. I would suggest splitting those in two projects for clarity - but if it is just a small personal project then you probably are fine having them in the same project. Microsoft have a pretty good resource on MVC:
Microsoft MVC walkthrough
For the Identity part. You would need some kind of authority for it to work. I suggest you take a look at IdentityServer4. Which offers an excellent walk-through of how to set it up and how to integrate it with Asp.NET Core Identity:
IdentityServer4
I'm working on an application that allows people to authenticate with the same credentials in both MVC and Windows Phone apps. Data access for the phone and MVC client should be via Web API (or alternatively via WCF).
I've already read dozens of articles on authorization frameworks and it gave me a headache as there's quite a few of them and I don't even know how to start.
So my questions are: how can I accomplish these goals? What authorization framework should I use?
If I have an MVC application that has an authenticated user, and either from client-side JavaScript, or from an MVC controller, I wish to call a Web API that is in a different project to the MVC application, but use the same user credentials.
How would I go about this?
I am using the latest in VS2013 - MVC 5 with Web API 2. Currently to authenticate I am using forms auth.
Please refer the following link to solve your problem
Works fine for me
Web api authentication and MVC 4
I've been searching for an answer to my question for a while now, but can't find what I'm looking for so I hope someone can help me :)
Scenario:
3 Projects:
Asp.net Web Api Project (SQL Server CE 4 database + Asp.Net Membership)
Windows Phone 7.5 App (Authenticates to the SQL Server CE database using REST)
Asp.net MVC 4 Project (That wants to communicate to the same SQL Server CE database, also using REST)
The WP7 app's authentications is already working. But I'm having problems with trying to figure out on how to let my MVC app authenticate with the same SQL Server CE database.
I'm probably able to create my own controls and use the same logic to authenticate that I've used in the WP7 app, but I want to keep the existing functionality that the [Authorize] attribute offers.
So my question is:
how can I let my MVC project authenticate through the Web Api project, and still maintain the functionality that when a user tries to access a page that needs authentication, he will be redirected to the login page and such
I hope my question is clear enough! If not, don't hesitate to ask some additional questions!
Kind Regards,
Gert
Ok, after some rest and some logical thinking, I just realized that I had to change the Login method in the AccountController in the MVC project.
I'm not able to provide any code because I'm not on my dev pc, but it's just any authentication code you would use anywhere else. For example using REST authentication or authentication through a WCF service.
Kind regards,
Gert
Scenario:
I have an ASP.NET MVC 2 site using ASP.NET Forms Authentication.
The site includes a Silverlight 4 application that needs to securely call internal web services.
The web services also need to be publically exposed for third party authenticated access.
Challenges:
Securely accessing webservices from Silverlight using the current users identity without requiring the user to re-login in in the Silverlight application.
Providing a secure way for third party applications to access the same webservices the same users credentials, ideally with out using ASP.NET Forms Authentication.
Additional details and limitations:
This application is hosted in Azure.
We would rather NOT use RIA Services if at all possible.
Solutions Under Consideration:
I think that if the webservices are part of the same MVC site that hosts the Silverlight application then forms authentication should probably "just work" from Silverlight based on the users forms auth cookies. But this seems to rule out the possibility of hosting the webservices seperately (which is desirable in our scenario).
For third-party access to the web services I'm guessing that seperate endpoints with a different authenication solution is probably the right answer, but I would rather only support one version of the services if possible...
Questions:
Can anybody point me towards any sample applications that implements something like this?
How would you recommend implementing this solution?
You can extend WCF to use Membership as authencation store and reuse the FormsAuth Cookie (send by the MVC site) to the browser by the Silverlight app.
I would recommend using an STS with Windows Identity Foundation so you can have your app use claims identity and then change authentication outside the app. For third party you can use Windows Azure Access Control Service (ACS). We are updating our guidance on this and you can look at the new code to show you how to do this at our codeplex site. The original book is available at Amazon. I would focus on the updated guide because it has ACS has websites and an active client talking to WCF. The client is WPF but it would similar for Silverlight.