How to wire up a ClaimsAuthenticationManager in ASP.NET 5 (vNext)? - wif

In ASP.NET 4 (vCurrent), you can wire up a ClaimsAuthenticationManager for claims transformation in the <system.identityModel> configuration section:
<system.identityModel>
<identityConfiguration>
<claimsAuthenticationManager type="Security.CustomClaimsAuthenticationManager, Security" />
</identityConfiguration>
</system.identityModel>
Where can I wire this up in the new version -- ASP.NET 5 (vNext)? I saw this issue in the Identity repository on GitHub. It's kind of vague, so I'm not sure if it's related. Perhaps this is simply not yet implemented or the approach has changed?
Thanks, Pete

Related

How do i set Session Token Lifetime programmatically in .NET 4

Able to configure session token lifetime in web.config like below.
<add type="Microsoft.IdentityModel.Tokens.SessionSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
<sessionTokenRequirement lifetime="00:45:00"></sessionTokenRequirement>
</add>
</securityTokenHandlers>
But I couldn't figured out how to configure through programmatically in .net 4.0.
I really appreciate any help you can provide.
I dont know how to configure session token lifetime but you can
Set DefaultTokenLifetime of STS configuration
Implement GetTokenLifetime method of SecurityTokenService class
Brock Allen wrote about a way to do that for .NET 4.5 at:
http://brockallen.com/2013/02/14/configuring-session-token-lifetime-in-wif-with-the-session-authentication-module-sam-and-thinktecture-identitymodel/
Since their library is open source, learning from it and writing a similar method for .NET 4.0 should be doable.

How to switch Authentication in MVC Application?

I've created Internet MVC Application with Individual User Accounts Authentication, but now this project should be intranet with windows authentication... How to switch authentication, when project is almost done? I'm not guru in MVC and this is new technology for me, so any help please and if possible with all steps in description=)
In the Web.config of you project. The first step would be change:
<authentication mode="Forms">
</authentication>
to
<authentication mode="Windows">
</authentication>
Selecting your project and hitting F4 for the properties window allows you to change the authentication method.
However instead of me putting step by step in here just use this very easy to follow tutorial:
Enabling Windows Authentication
Since I found this question through google attempting the same thing, and Firearm's link doesn't quite do the process justice, I'll attempt to list the steps I went through here. Obviously, if I tell you to remove something, that only means if you aren't using it otherwise. I don't think you have to do these steps in any particular order.
Also, I'm using Entity Framework, so you'll have to look elsewhere to remove it.
in the solution explorer, highlight your project and press f4. This will bring up the properties window for that project. Disable anonymous authentication. Enable windows authentication.
Tools -> NuGet Package Manager -> Manage NuGet Packages for Solution... uninstall anything with "owin" in the name, Microsoft.AspNet.Identity.EntityFramework, and Microsoft.AspNet.Identity.Core.
Open your Web.config. Under runtime, under assemblyBinding, remove all the dependentAssembly's for Owin stuff that got left behind. Under system.web, replace <authentication mode="None" /> with <authentication mode="Windows" />
<authorization>
<deny users="?" />
</authorization>. Under system.webServer, remove handlers. under modules, remove <remove name="FormsAuthentication" />.
Remove the Account and Manage controllers and views. Remove the ManageViewModels from your models.
Under App_Start, get rid of IdentityConfig and Startup.Auth.
At the top level, right next to your web config, is Startup.cs. Get rid of it.
Make a new ApplicationDbContext. It should derive from DbContext. Get rid of throwIfV1Schema: false in your constructors. Then you can get rid of IdentityModels from your Models folder. Add a new migration and update your database.
Obviously you'll have to clean out any references you've made yourself to Identity.
Possible additional step:
* remove _LoginPartial view. The _Layout view will then be updated to replace partial display of that view with this line:
<p class="nav navbar-text navbar-right">Hello, #User.Identity.Name!</p>
Searching the exact same problem led me to this article, however the answers are a bit old, so with ASP.NET using MVC 5 this should be detailed documentation from Microsoft:
To detect Windows Authentication in an MVC project, the wizard looks for the authentication element from your web.config file.
<configuration>
<system.web>
<authentication mode="Windows" />
</system.web>
</configuration>
To detect Windows Authentication in a Web API project, the wizard looks for the IISExpressWindowsAuthentication element from your project's .csproj file:
<Project>
<PropertyGroup>
<IISExpressWindowsAuthentication>enabled
</IISExpressWindowsAuthentication>
</PropertyGroup>
</Project>
Found at Diagnosing errors with the Azure Active Directory Connection Wizard
For my specific problem it was switching to Azure AD rather than Windows Authentication (which was preset), there are more steps found at the developer network website.
I'm afraid I'm a bit late with my answer to you're question on how to implement the SwitchUser functionality, but for those of you who are still struggling with this (even Microsoft SharePoint still can't get it to work...), here's how it's done: (I just finished writing the article)
Switch User Functionality using MVC4 and Windows Authentication
If you need more information on how to get Windows Authentication workong for an Intranet Website using AD and Windows Server 2012 (or Higher), then take a look at my following article:
Windows Authentication on Intranet Website using AD and Windows Server 2012 (or Higher)
Happy coding!

How to share ASP.NET Authorization cookies between DotNetNuke 7 and non DotNetNuke 7 sites?

We are building a ASP.NET MVC 4 website that will display information specific to the DotNetNuke logged in user. In order to accomplish this we are setting up the machine keys in the web.config to be exactly the same, and we are also setting the <authentication> config section to match across the websites in order to see what DotNetNuke user is logged in from the MVC site.
There are many examples of how to accomplish this. This is a guide we used: http://msdn.microsoft.com/en-us/library/eb0zx8fc.aspx
However, this only works if we setup trust between two DotNetNuke sites or two non DotNetNuke sites. If the ASP.NET auth-cookie is set in in DotNetNuke, we don't have access to it in the MVC site. After logging into the DotNetNuke site, then browsing to the MVC site, the HttpContext.Current.User.Identity.Name is empty.
The two sites are setup on the same server, each running under a different port. Anonymous and Forms Authentication are both enabled in IIS 8 as this is running on Windows Server 2012.
Here are the web.config values that are set across both sites:
MachineKey Values:
<machineKey decryption="3DES" decryptionKey="C7DE3391E9E25BC1106BA55B1A86EB825A66A06A2AA720CF" validation="SHA1" validationKey="F41C305583E22214850AD9B2B989588F5045EE2A99EFF68849B81EF154CFF745230F12D4BCFEBB0214BB24F8A6EDB34A9B45BB0849F6CB60E5D23528A69DBBC6" />
Authentication Section:
<authentication mode="Forms">
<forms timeout="60" cookieless="UseCookies" ticketCompatibilityMode="Framework40" />
</authentication>
Any insight would be appreciated.
Thanks!

I can’t find the <modules> about UrlRoutingModule When Create a Asp.net MVC 3 Application

I have downloaded the source code of the MVC 3 to learn How it runs .
Many people said that the MVC interceptes Http’s requests by the UrlRouting Moudle Class.
I know when you custom a HttpModule ,you need to register it like that:
<system.webServer>
<modules>
<add name="test" type="WebApplication2.MyModule1,WebApplication2"/>
</modules>
</system.webServer>
So Asp.net mvc application Web.config file Should be have the configuration section:
<add name="UrlRoutingModule"
type="System.Web.Routing.UrlRoutingModule,..." />
But I can't find it int the web.config file,when I create a new Asp.net MVC application .
Someone said the IIS 7 would automatically added it .
When to IIS7 add the configuration section?
How the IIS7 Difference it is a MVC application or WebForm?
you have a few questions in there. The web.config is located in the root of your start up project when you open it in Visual Studio, else if you 'explore' the application within IIS, this should take you to it also.
Not all modules are included in the web.config, some are also in the machine.config. This is usually in C:\WINDOWS\Microsoft.NET\Framework\<version>\CONFIG
Hope that helps.

ASP.NET MVC 2 using Visual Studio 2010. Changing the Roles Manager through web.config

I have implemented my own custom Role manager object. When I run my web app using the visual studio version of IIS, it works fine. I can see the username and I can drill into my Role Manager class and see what it's doing. When I debug the app using IIS 7, HttpContext.Current.User.Identity.Name is blank and it does not use my Role Manager class when determining what roles my user has. I've checked that all my dlls are in the bin directory.
I'm guessing that the problem is on IIS 7. What do I need to configure on IIS 7 to make this work and to make it use my Role manager?
Here is a snippet of the web.config that sets the role manager.
<membership>
<providers>
<clear />
</providers>
</membership>
<roleManager defaultProvider="HyperionRoleProvider" enabled="true">
<providers>
<clear />
<add name="HyperionRoleProvider" type="Census.BUD.Common.HyperionRoleProvider" applicationName="/" />
</providers>
</roleManager>
From:
http://learn.iis.net/page.aspx/528/how-to-use-the-sample-read-only-xml-membership-and-role-providers-with-iis-70/
"These samples are excellent for use with IIS 7.0 for demonstration or test Web sites, but they don't work as-written with IIS 7.0 because of the way that IIS 7.0's security is designed. The original instructions allowed you to deploy the sample membership/role providers into the App_Code folder of your Web site, but IIS 7.0 requires that providers are registered in the Global Assembly Cache (GAC) before they can be deployed. With that in mind, the following steps will walk you through compiling and deploying the read-only XML providers on a development system."
Make sure your assembly is in the GAC

Resources