Authentication silverlight to .NET MVC 5 - asp.net-mvc

So my first project at this new company is to convert a silverlight project to HTML5. I get mostly done with it but then in gets down to the nitty gritty. I have a legacy database. I essentially recycled the backend and made a client-side SPA solution using HTML5/CSS/Javascript. I come from an Apple/Linux background, so .NET is super new to me. I have learned that it's generally good to ditch the command line and let windows take control. Either ways, here's the problem. I figured out how to query this Pronto DB, and realized the passwords are hashed as they should be, but the mechanism that encrypted them client side was probably windows/silverlight related and I have to do the same in .NET MVC 5. Would have preferred some newer tech but all we got on the server is .NET 4.5 as the runtime env and it's in the red as far as space on the C drive, so upgrading to better software isn't an option. So basically, can anyone tell me how to tell .NET MVC 5 to reuse my DB for authentication in the same manner that a silverlight app would? Essentially, it's the same concept as how I'm re-using the backend with AJAX, but I imagine some pre-packaged GUI solution for telling windows that it should hash the client password and send it to a legacy DB. Tall order but I know they're some extremely intelligent people out there.

Related

Offline and online application using asp.net mvc

brief history of my project:
2 versions of application, one running in windows form, another running in the web using asp.net
current task: to revamp the project to use asp.net mvc 4 to use only one version of code base.
In final product, there will no more windows form; but only the asp.net mvc. this is with regards with short development timeline.
concern:
my concern is for offline users.
maybe i can host the asp.net mvc4 offline using localhost and sql lite.
When offline users click on check update, there will be able to get the latest version of asp.net mvc 4 ?
any other better solution that is feasible ? i prefer the architecture fits the vb.net
Have you take a look at SPA. That kind of projects, by nature, can work in online and offline mode. One thing to take into account is the ammount of data that the offline mode should handle (most SPAs are using the local storage for offline use, which is a little small)
By looking at this site you will find a lot of resourses on SPA.
http://www.johnpapa.net/spa/
Deploying MVC app with Sqlite in localhost will be quite a challenge in term of maintenance. Maybe you can develop HTML + jQuery solution which can run locally on client system and make use of client cache to hold the temp data. Also it can interact with live app by making ajax calls.

Sessions when one has an ASP.NET MVC 4 + Node.JS Hybrid application

I have already done a proof where I can include Node.JS within an ASP.NET MVC application.
Assume that I am going to use an external session provider like windows server appfabric Cache or memcache.
I have an application where there is a quite sophisticated assembly that we use to build middle tier objects that we then store in the session. The assembly and the objects it produces is our most valuable piece and I cannot justify rewriting this C# project into something this is more Node.JS friendly.
This data is stored in an external cache, and now the node.JS developers need access to that.
What techniques have you guys used in situations like this? I am pretty sure that I am going to have to have some sort of service interface provide by the asp.net side as it is the one that owns this system of record.
I am also looking for a green field option for new projects that allow both ASP.NET MVC and Node.Js work together well in a hybrid fashion anyway, so perhaps this could be solved by data being stored in a convention that works for both.
Thanks.
I wouldn't use ASP.NET session at all. Maybe a database would be a more interoperable approach. SQL Server or even NoSQL solution such as RavenDB might be a good choice.
The problem with ASP.NET out-of-proc session state providers is that they use non-interoperable serializers (such as BinaryFormatter or NetDataContractSerializer) so you cannot read the data back from NodeJs. There might even be differences in the serialization mechanism between the different versions of the .NET framework so even with 2 ASP.NET applications running on different versions of the framework it might be a challenge to share session data.

Can Meteor run with a Microsoft back end (ie EF and ASP.net MVC)

Perhaps like some of you, I am inundated by the number of JavaScript MV* out there. When I thought I was going KO, I found Backbone, then Ember.
I recently saw some demos on Meteor and I am extremely impressed. But I know nothing of Mongo and I "think" Meteor requires it. (http://www.meteor.com/screencast)
I am too heavily invested in Entity Framework & ASP.net MVC to move away from them but Meteor looks like a terrific client side MV*.
Does anyone know if Meteor can work with a Microsoft back end (ie EF and ASP.net MVC)?
Thanks.
UPDATE:
Yes I see the NuGet package for MongoDb, but truth be told I am only interested in Meteor. Is it a both or nothing situation? Meteor looks like bleeding edge and I really would appreciate any links to documentation on its use with a MS backend.
For anyone still reading this in 2013 or later - it's now possible to run Node.js on Windows under IIS (just install the support with the Web Platform Installer).
There's also versions of Meteor and MongoDB for Windows and Meteor supports deploying a bundle that will run under "pure" node.js
As far as I know, You can't. it runs over Node.js, additionally there is a client implementation of a MongoDB like API that would be a pain to implement with a EF backend I think
Yes, sort of. Meteor runs server-side code using node.js, but also provides some very useful services on the client side like templates, routes, collections, session variables, and reactivity.
The way to use it with a .net back-end (or any other language) is to create an api that can be accessed with Meteor. You can create Meteor collections in the client code, which don't need a mongodb instance. Simply access the api to load the collections with the correct data, and then you can use Meteor as you would normally.
However, for most apps it would be much simpler to implement everything in Meteor.

Restful Web services for Mobile App - What language, framework,infrastruture?

I am very new to IOS development.I wonder which language/framework everyone is using to create RESTFUL web services for high traffic, scalable IOS app backend.
The solution requires:
1. Secure Login
2. Restful web services (JSON)
3. High traffic
4. File upload/download
5. Quick search result from large volume database
I am from .NET and MSSQL background. I heard people are using PHP, Java, Python, RoR with IOS webservice development. I understand every language can have pros and cons, just want to know what is prefered in today's trend.
And for database, is NoSQL database a prefered choice than RDBMS for scalable large volume databse? I am checking MongoDB.
Apologies if I am asking wrong questions. I am investigating the technologies for this new project, and any input will be greatly appreciated!
Thanks
I have worked in three major projects that all of them have desktop clients, web clients, and mobile clients (Android, iOS). The 3 have completed different server side approach, and all of them make me and the users happy:
Project 1:
Server: Delphi + RemObjects
Clients: Delphi desktop apps, PHP Web apps, Java applets, Android apps, iOS apps
Why Delphi? Because the existent project was already a Delphi multi-tier app, the development team have domain of Delphi platform, ans was easy with RemObjects (or even with the standard DataSnap) to return JSON, SOAP or XML-RPC to be invoked by the clients;
Project 2:
Server: PHP
Clients: ExtJS Web apps, Android apps, iOS apps
Why PHP? The development team was experienced with PHP, the projects was originally a PHP web app with some classes well defined and not coupled with the UI. Some new classes in the server that reused the existing code base, just converting to/from JSON were enough to allow the clients to talk to the server, with minimum effort.
Project 3 (initial development):
Server: C# ASP.NET
Clients: ASP.NET apps, Android apps, iOS apps
Why C#? Again: the development team was experienced with C# and ASP.NET, the projects was originally an ASP.NET app. We are refactoring some app logic into web services that will be consumed for both the ASP.NET app and the clients.
As you see, there is no need to make the team learn something completely new on the server side.
I'd suggest you to keep your development in .NET with MSSQL, taking advantage of your current skills.
If the application traffic grows you can move the server app to an IaaS server (like Amazon AWS EC2) that supports SQLServer, or even better to a PaaS server, which in this case Windows Azure will probably be your best friend.
These are all loaded questions that can't be answered without more information about what you're making, etc. I use a combination of Ruby with Sinatra and DataMapper (and SQLite/PostgreSQL) for most of my projects, but that's my personal preference and probably won't be of much help to you.
Rather than choosing a technology stack based on trends, why don't you just pick something with a good user base for help and go from there?

MVC2 Apps (and others) sharing WCF services and authentication

I've seen several similar scenarios explained here but not my particular one. I wonder if someone could tell me which direction to go in?
I am developing two (and more later) MVC2 apps. There will also be another (thicker) client later on (WPF or Silverlight, TBD).
These all need to share the same authentication. For the MVC2 apps they (preferably) need to be single log on - ie if a user logs in to one MVC2 app, they should be authorised on the other, as long as the cookie hasn't timed out.
Forms authentication is to be used.
All the apps need to use common business functionality and perform db access via a common WCF Service App. It would be nice (I think) if the WCF is not publicly accessible (ie blocked behind FW). The thicker client could use an additional service layer to access the Common WCF App.
What this should look like is:
MVCApp1 -> WCFAppCommon
MVCApp2 -> WCFAppCommon
ThickClient -> WCFApp2 -> WCFAppCommon
Is it possible to carry out all the authentication/authorization in the WCFAppCommon?
Otherwise I think I'll have to repeat all the security logic in the MVCApps and WCFApp2, whereas, to me, it seems to sit naturally in WCFAppCommon. On the otherhand, it seems if I authenticate/authorize in WCFAppCommon, I wouldn't be able to use Forms Authentication.
Where I've seen possible solutions (that I haven't tried yet) they seem much more complex than Forms Authentication and a single DB.
Any help appreciated,
Phil
I thought I should come back to this with what I've learned (and re-learned).
First the re-learned lesson - don't become fixed on an architecture and then try and make everything else fit. I'm fixed on .Net, SQL Server, WCF, MVC2, EF4, and IIS7. Fixing in my mind how I want these to fit together is slighly dumb! Better to go out and look at what guidance exists.
Which brings me to what I learned - here's a link:
http://wcfsecurityguide.codeplex.com/
I discounted this article a couple of times because it's a bit dated. However, I'd say it's actually very relevant and if you're starting a project remotely concerned with securing services go take a look. Part IV had everything I needed.
We are using WCF Web Application hosting Reporting system (we are accessing it from Silverlight) and since it's using same machine keys as our MVC application - we can share cookie authentication as well.
Otherwise, you have to send authentication ticket (custom or not) to your WCF application.

Resources