I'm new on ASPNet MVC 5, I'm confused about IISExpress. I am developing intranet site and I use windows authentication. After publish and run site on IIS I saw that authentication pop-up which not came on IISExpress. Why there is something like this? After searched about preventing that pop-up I saw that I have to add site to trusted website, however, I didn't do this for IISExpress, did IISExpress do it for me automatically? In addition to this I have a problem about EWS Managed API on IIS
IIS Express is a process that runs in the context of the currently logged on user, meaning you. Your account usually has enough (or too much) permissions to access files and other resources.
The 'big' IIS uses different user accounts to run your application, these accounts have limited permissions and may not have access to files and resources. If IIS can't access a file with its normal process account, it needs a different account to access that file and asks for one in a popup.
Related
I have a WPF application who uses the azure AD with open id to authenticate users and the WPF application then uses the refresh_token to renew the access_token and use that access_token to call our protected API.
I now want to create a SPA, is it possible to get SSO working between these two applications - so if the user is signed in on the WPF application they will automatically be signed in on the SPA application as well without the need to re-enter any credentials?
Absolutely, it will work, you just have to configure 2 applications. Actually it's what OAuth is used for.
The answer depends a little on how you have implemented things. In both cases the 2 apps will each do a redirect to sign the user in, and you need 2 different OAuth client registrations, as agua from mars says ...
OPTION 1 (PREFERRED) - DESKTOP APP USES SYSTEM BROWSER
This will enable SSO to work due to a shared Identity Provider cookie. Also, password autofill for one app will also work for the other app, so that re-logging in is not too painful. However, the Login UX is a little strange, since the user has to switch to the browser to sign in.
OPTION 2 - DESKTOP APP USES WEB VIEW
This is easier to code but can be more problematic in Login UX terms, since the web view acts as a private browser session, which may require the user to sign in again. Also password autofill may work less well.
ONLINE DEMO
To see both cases working together you could run both samples from my Online Quick Start Page. You can run the SPA from an online URL, but the desktop app is NodeJS based and needs to be run from your PC.
You will see that after logging into one of them, there is a redirect when starting the other, but authentication will be automatic.
I have an external program that I have scheduled to run once a day (i.e. no user interaction). This program should upload a file to a SharePoint Online site, using Microsoft Graph API. I'm able to enable this in Azure Active Directory by registering an app, and giving this app the application permission File.ReadWrite.All, then sending a PUT request to
https://graph.microsoft.com/v1.0/drives/{drive-id}/items/{parent-id}:/{filename}:/content
However, by granting File.ReadWrite.All, the program will have access to all files in all site collections for my organization. I want to limit access to a specific site, or perhaps just a specific folder within that site. How can this be achieved? (without the need for a user to interactively sign in when the program is run)
Edit (2021-03-04): This is possible now: https://developer.microsoft.com/office/blogs/controlling-app-access-on-specific-sharepoint-site-collections/
It is not currently possible to restrict app-only access to a specific SharePoint site, through Microsoft Graph.
I have a ASP.net MVC project hosted in Azure and with Azure AD authentication
Everything works fine when I publish my project, but after a while when trying to login again, I get the famous login loop.
If I restart the app service, everything works fine for a while again...
I have read many posts and blogs regarding this subject and I think I have tried evertything.
Reply url and keys are correct both in Azure and web.config
Applicaton is forced to https
I have tryed the katana cookiesaver fix.
Reply url other than root
Other suggestions?
I’m working on an app that will be deployed to a fleet of corporate Windows laptops that are bound to Active Directory. Part of the app would need to allow the user to access the company's intranet URL. Would it be at all to automatically authenticate that user for their intranet without forcing another login? They've already logged into their AD account when logging into the laptop so I want to avoid it if possible. I've searched and haven't been able to find any information that covers this case.
Depending on your security strictness, the username package could be a good fit for you.
My ASP.Net MVC3 web site that logs into Facebook is no longer working after moving to an Azure based cloud project. I am using the Azure SDK 1.6 and fail during the the OAuth steps.
I had a working site that ran locally at http://localhost:1200 which matched the Application Url setting that was registered for the application on Facebook. Now when I try to start the project in debug mode, it goes through the Azure emulator which maps the web site (role) to http://127.0.0.1:82/. I've tried updating the Facebook app url to the same address but it fails.
I've been investigating this and I've noticed that the Azure emulator automatically creates on the fly a new IIS web site and employs a load balancer for its created virtual IPs for the individual projects within the cloud solution. Is there a way to get a project to debug successfully and still talk to Facebook when running the Azure emulator within Visual Studio?
Any insight is greatly appreciated.
I would not use localhost for Facebook applications.
What I did, I had registered my real domain in Facebook (such as myapp.com)
Then I created a record in my hosts file (Windows\system32\drivers\etc\hosts)
127.0.0.1 dev.myapp.com
which is sub-domain of my production domain, so it's allowed by FB;
And then I used dev.myapp.com as callback address for Facebook; I also setup Visual Studio to run http://dev.myapp.com:anyport on start application debugging.