I have one ASP.NET MVC 5 application wherein I have implemented ASP.NET Identity. That is, all stuff related to Login, Registration, Edit User, Manage Users, etcs has been implemented there.
Now there is another MVC 5 application where I want to consume the User account related activities from the above MVC 5 application. (Similar to single signon).
How can I implement this kind of architecture?
Configure both applications to point to the same database for the membership information used by ASP.NET Identity and then configure both applications to share cookies as described in this article.
Related
We are looking to utilize Multi Factor Authentication in a custom MVC App which connects to Kentico. I want to ensure i'm getting the right direction, is this the starting point: https://docs.kentico.com/k11/managing-users/user-registration-and-authentication/configuring-multi-factor-authentication#Configuringmulti-factorauthentication-Customizingmulti-factorauthentication
can we leverage the Kentico API to utilize the MFA functionality or do we have to write our own?
Given, the fact that Kentico MVC memebership is built on a good part on ASP.NET Identity it seems easier, to actually implement this with NET Identity.
Kentico MVC package is available on github for review. Package implements a user store in which Kentico (application) users are loaded per request and this store manages their authentication.
Store implements IUserTwoFactorStore which means store can be used with above idenity for multi factor authentication. It also has a retrieval method:
GetTwoFactorEnabledAsync
while SetTwoFactorEnabledAsync throws NotImplemented exception. Meaning you can have users stored and managed within Kentico backend and you can enable MF authentication for them via administration interface, while you can use .NET methods to have MF authentication on MVC site.
It seems easier than to actually reference Kentico DLLs for MF authentication in MVC project.
We have a multiple applications under one domain, and every application is built in asp.net mvc. Currently single sign on is facilitated using forms authentication, shared machine key. All applications are on same server for now.
For one our new application we considering asp.net core with framework option. We have an Accounts application which handles authentication(login/logout) for existing application. And we have build STS, using Identity Server3 into the same application.
www.mydomain/Accounts
www.mydomain/app1
www.mydomain/app2
www.mydomain/asp.netcoreApp1
The new test asp.net core application(client) using openIdConnect communicates with STS, Identity Server3 and is working fine.
Challenge: Have to facilitate single sign on between existing applications, which uses Forms Authentication, and new Asp.Net Core.
Operational/Environment Facts:
All applications are on same machine.
Access to machine key.
On navigation from app1 to asp.net core cookies are available in Request header.
Problem Scenarios:
If user successfully logins to app1 and navigates to asp.net core the user has to logon again for authorized access. No issue with anonymous access.
Similar to #1 vice versa case.
If user logout in any one of the application then user should be log out from all the applications.
Since test application built using Asp.net core with framework option, will FormsAuthentication be compatible? direct me to documentation or code snippet?
Please share your ideas.
I have an asp.net MVC 3 website and a silverlight 4 business application. Separately, they both use the asp membership system (the silverlight app through RIA Services). I can run them both separately and create users or login from either the website or Silverlight business app. In this respect, they also share the same database, so registering a user from either one will go to the same tables in the same database.
What I would like to do is host the Silverlight business app in the MVC 3 website and share authentication across the two. This means that the website will have a link to launch the silverlight app, so if I login through the website and launch the silverlight app, I would like the silverlight app to know I am logged in already.
Alternatively, I would like to be able to launch the silverlight app as a standalone desktop application and login through RIA Services there. This part I can do already, but I need to maintain that.
Does anyone have any good ideas of how to host a Silverlight business app in an MVC 3 website and share authentication? Is there a way to convert the default web application that generates when you create a business app into an MVC 3 web application, and might that do the trick? Even if the website can't be MVC, can the authentication sharing be done?
Sorry for the complex description, any help is appreciated. I really am at a loss to find any tutorials or examples of this, which I figured would be a common desire.
If your Silverlight application was initially developed to handle login then you shouldn't have a problem doing this. You can authenticate from an ASP.NET MVC3 app (FormsAuthentication.SetAuthCookie) and have a view that hosts your Silverlight application. When the SL application starts up part of its process is to check if WebContext.Current.User.IsAuthenticated so it will take over from there, if the user is already authenticated your SL app should bypass it's login.
In the ASP.NET MVC3 application you can stick an [Authorize] on the controller for the view hosting the SL plugin. It won't display this view unless the user is authenticated.
Scenario:
I have an ASP.NET MVC 2 site using ASP.NET Forms Authentication.
The site includes a Silverlight 4 application that needs to securely call internal web services.
The web services also need to be publically exposed for third party authenticated access.
Challenges:
Securely accessing webservices from Silverlight using the current users identity without requiring the user to re-login in in the Silverlight application.
Providing a secure way for third party applications to access the same webservices the same users credentials, ideally with out using ASP.NET Forms Authentication.
Additional details and limitations:
This application is hosted in Azure.
We would rather NOT use RIA Services if at all possible.
Solutions Under Consideration:
I think that if the webservices are part of the same MVC site that hosts the Silverlight application then forms authentication should probably "just work" from Silverlight based on the users forms auth cookies. But this seems to rule out the possibility of hosting the webservices seperately (which is desirable in our scenario).
For third-party access to the web services I'm guessing that seperate endpoints with a different authenication solution is probably the right answer, but I would rather only support one version of the services if possible...
Questions:
Can anybody point me towards any sample applications that implements something like this?
How would you recommend implementing this solution?
You can extend WCF to use Membership as authencation store and reuse the FormsAuth Cookie (send by the MVC site) to the browser by the Silverlight app.
I would recommend using an STS with Windows Identity Foundation so you can have your app use claims identity and then change authentication outside the app. For third party you can use Windows Azure Access Control Service (ACS). We are updating our guidance on this and you can look at the new code to show you how to do this at our codeplex site. The original book is available at Amazon. I would focus on the updated guide because it has ACS has websites and an active client talking to WCF. The client is WPF but it would similar for Silverlight.
Is it possible to use the commom ASP.NET role's configuration on an ASP.NET MVC application?
Thanks!!
Yes. ASP.NET MVC and ASP.NET Web Forms can both use the role configuration that ships with ASP.NET.
Yes! The role provider just provides a set of common contracts to manage users and groups ("roles") they are in. Everything works the same in MVC as in traditional WebForms - once the user is identified via login or however you handle that (authentication provider and membership provider), any role-specific code you write will work in either.