OAuth security for calling Controllers using Attrubutes? - asp.net-mvc

Is there anyway, that you can lets say use OAuth in MVC and enable acces to a controller using Attributes like in validation process.
Lets say i have
public class myownController
{
[LoginRequired]
public ActionResult Index(){
//this can be accesed only of the user is logged in.
}
}

If you're using ASP.Net MVC 4 this should be built in using the default AuthorizeAttribute. If not I'd recommend manually integrating the standard Forms Authentication mechanisms with your chosen OAuth provider. Take a look at ASP.NET MVC Authentication - Customizing Authentication and Authorization The Right Way
Since you are using ASP.Net MVC 4, I'd highly recommend reading SimpleMembership, Membership Providers, Universal Providers and the new ASP.NET 4.5 Web Forms and ASP.NET MVC 4 templates. There are significant changes available in MVC 4 that make the entire Membership and OAuth really easy.

Related

authenticating MVC 5 application using Third part other then Social networks

I got MVC 5 application Using asp.net identity for authentication works fine.
I want my MVC 5 application to use authentication from an already existing application with Traditional Asp.net authentication
I want Existing Traditional Asp.net authentication application to be used as single Sign-on and mvc application to use auth cookie
Sure you can.
You can create your own custom ApplicationUser (IdentityUser) and also create your own UserStore that implements the IUserStore interface.
Just check out the default ApplicationUserManager in the first line of the Create function you will see that ApplicationManager get constructed with a new UserStore. There you can plug in your custom User & UserStore.
Here is some good info.
http://www.asp.net/identity/overview/extensibility/overview-of-custom-storage-providers-for-aspnet-identity
I believe you should be able to use the old FormsAuthentication module in MVC5 application.
http://joeylicc.wordpress.com/2013/07/15/forms-authentication-in-asp-net-mvc/
Just make sure to redirect unauthorized requirest to your original login page.

Communication between two ASP.NET MVC application

I have one ASP.NET MVC 5 application wherein I have implemented ASP.NET Identity. That is, all stuff related to Login, Registration, Edit User, Manage Users, etcs has been implemented there.
Now there is another MVC 5 application where I want to consume the User account related activities from the above MVC 5 application. (Similar to single signon).
How can I implement this kind of architecture?
Configure both applications to point to the same database for the membership information used by ASP.NET Identity and then configure both applications to share cookies as described in this article.

Custom oAuth client in ASP.NET MVC 5

I am confused about how to build the custom oauth client in asp.net mvc 5.
In mvc 4 it was a simple operation. Implementing custom class from IAuthenticationClient. And then in AuthConfig.cs call the function OAuthWebSecurity.RegisterClient. But how it can be done in mvc 5?
Mvc5 authentication is built on Katana (OWIN components by Microsoft). Check following article for detailed overview of Authentication changes in MVC5.
https://www.simple-talk.com/dotnet/.net-framework/creating-custom-oauth-middleware-for-mvc-5

MVC authentication and authorization

I am using MVC 4 and am using Forms authentication. I have heard that MVC has it's own implementation of authentication and authorization but am not sure what it is and how to use it. What is MVC's implementation called and is it easy to migrate from forms to use it instead?
The answer is. Sort of.
MVC (versions 1-3) used standard Membership databsaes and Forms Authentication. MVC 4 uses standard Forms Authentication as well, but uses a system called WebSecurity to access it's membership system. WebSecurity was created for the WebMatrix project and MVC 4 has adopted it's use in the default templates.
You can still use the standard Membership system if you want, however WebSecurity (and in particular SimpleMembership) allows greater customization of the data.
MVC also can be configured in several ways for authorization. You can use the older web.config method, or you can use AuthorizationFilters such as the [Authorize] attribute. This still uses FormsAuthentication, however under the covers, it's just a way to configure the use of it.

ASP.NET MVC - Can I use the commom ASP.NET user's role configuration with MVC?

Is it possible to use the commom ASP.NET role's configuration on an ASP.NET MVC application?
Thanks!!
Yes. ASP.NET MVC and ASP.NET Web Forms can both use the role configuration that ships with ASP.NET.
Yes! The role provider just provides a set of common contracts to manage users and groups ("roles") they are in. Everything works the same in MVC as in traditional WebForms - once the user is identified via login or however you handle that (authentication provider and membership provider), any role-specific code you write will work in either.

Resources