I have a requirement for project to build a ASP.NET MVC4 (razor engine) "Front-end" and a WCF service as "backend" (with a sql server 2012 database).
A requirement is to login, register etc. I want to put this logic in the backend, but in the front-end I would like to make use of the [AllowAnonymous] and the logic to authenticate a user with roles (for example use of formauthentication, webmatrix.WebSecurity, Membership provider?).
Is it possible to realize? Do I have to create a login and register (and roles etc.) features by myself? Or can I use a built-in features/libraries of the ASP.NET MVC or WCF? Or both?
Could you give some examples/suggestions/tutorials to realize this?
Thanks in advance
I think this should work for you:
http://msdn.microsoft.com/en-us/library/bb386582.aspx
Edit: To elaborate you can use custom logic for WCF authentication including calling the ASP.NET membership providers which should work fine with MVC and the security attributes you mentioned.
Or is the WCF service on another server and you want to call from your ASP.NET controller to your WCF service for authentication? This is a bit more complex, but you should be able to do it by implementing your own Membership provider.
Depending on the scenario you can reuse some or all of the login and register views that come with MVC.
Edit: In the second scenario here are some pointers that might help:
http://singlesignon.codeplex.com/ - Seems to be what you need, but I didn't check out the code.
Custom membership that uses web service for authentication - No code, but it confirms that it should work.
Related
I am developing an MVC5 application and use Entity Framewerok 6 code first on this. Now we we will also develop an android application that will interact with the MVC application (CRUD operations) by using the web services. At this stage I want to be clarified about the issues below:
1) I think WebAPI is better option for us as we use the services on android apps. What do you suggest?
2) In order to integrate WebAPI to an MVC project, which changes should be made? On the other hand, can we use the same controller and data layer methods (i.e. SaveChanges, etc.) by making some modifications i.e. inheritance? Or do we have to create a seperate methods for web services? Could you give an example by code?
3) Does integrating WebAPI to the MVC project affect the MVC project's abilities or methods? I mean that is there any disadvantage integrating WebAPI to an MVC project?
Any help would be appreciated.
1) That's a good idea. Web API is easy to implement and consume
2) You don't need to make changes to intergate Web API in your application: just start using it. As you want to expose CRUD operations from EF a good idea would be to implement ODATA services. Or use something like Breeze (depending on how you want to consume the services). See "MVC and Web API" bwelow
3) Web API doesn't affect at all the MVC part, unless you make a mistake setting the routes. Although they run in the same host, they work completely independent of each other.
MVC and Web API
Unless you need to do something special, like exposing Web API in a different URL or "domain name", MVC and Web API are implemented in the same web application project. To start using Web API in your MVC project simply add a new controller. Perhaps you'll have to include also the WEB API route configuration, and some other Web API configuration.
If you want to expose the EF model throug Web API you simply have to follow the instructions in the link to create an ODATA controller, which will expose the EF model as a RESTful service, allowing you to execute the CRUD operations to the EF model through URLs.
NOTE: What you want to do is a very frequesnt pattern in MVC applications: MVC is used for generating the views, and Web API fos exposing functionalities that can be easily consumed from the views usin Javascript + AJAX. Don't be afraid to use it. You'll find no problems at all
I am currently developing an ASP.Net MVC web application that requires username and password authentication. I started looking into using ASP.Net Identity for this however I have a very important requirement, the requirement is that the web application itself has no direct access to any databases, all DB Access is to be exposed to the application via an internal REST service. This is due to certain security polices we follow.
I realise that ASP.Net identity is capable of supporting external authentication methods but my question is split into 2 parts.
1) How would I configure ASP.Net Identity to use my custom REST service for authentication?
2) How would I go about developing a service that can be used by Identity for authentication ? (what would need to be returned from the service to ASP.Net Identity)
Any help on this would be most appreciated.
I just did what you are asking about. First, as FPar suggested, you need to implement an IUserStore and pass that to your UserManager. Your custom IUserStore will implement the interface, I used Resharper to generate stubs, but instead of using entity framework, you will use HttpClient to make calls to your REST service.
The REST service will have one action on a controller, I called my identityController, for each of the interface methods you actually need. I implemented the userstore, userloginstore and the rolestore, with code for about 10 calls I actually used. The identitycontroller then is what actually accesses the database.
I also retained the fully async pattern, using async REST calls and Database looks, both with and without entity framework. A shortened version of my data access code is in another question here, regarding IUserLoginStore::AddLoginAsync. In that class I actually used the original entityframework implementation of the user store for part of work, and eventually settled on plain (except for async) ado.net for the parts I couldn't make work that way. The tables are simple enough, using your ORM of choice would not take a lot of time.
Good luck!
You want to implement your own IUserStore and then pass a reference to the UserManager. Look into the Startup and the IdentityConfig files in the standarad ASP.NET MVC with individual user account authentication, to see, how to use them.
You can look here for an IUserStore implementation with entity framework. This is a template, you could start from and change it to your needs. However, you don't have to implement all interfaces, just implement the interfaces, you really need. The UserManager is able to handle that (it throws an exception, if you call a method, that requires an interface, that you don't implement.)
These are two excellent articles on this subject:
http://www.asp.net/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
http://www.codeproject.com/Articles/762428/ASP-NET-MVC-and-Identity-Understanding-the-Basics
I am using the Repository/Service pattern with a MVC 3 application.
My question is two fold:
1) Where do you manage the authentication at? In the service layer or in the MVC application itself?
2) Should I be using a custom membership provider and forms authentication?
Thanks,
Sam
In my case, I tend to create an authentication service that handles the logic for this.
In the actual application, I use Forms authentication, but calls to a custom service to handle the details. That way, I can reuse the authentication mechanism(s) for other applications, or trade them out to a different standard altogether, whatever is best.
The answer is always it depends,
Normally I delegate every tasks to Service Layer including authentication when MVC application is merely one of the many interfaces.
I think you should use it if it fits your requirement
In learning WCF, I'm a bit confused where to go to figure out how I should be handling user authentication. My MVC 2 app uses an Active Directory Membership Provider and this works and is good, but my MVC app doesn't really do anything but call my WCF services. My business logic on the other side of WCF is what really does everything (as it should be).
How should I be handling authentication with WCF? Can I somehow have my MVC calls to my WCF services kinda impersonate my users' AD accounts or something? And yeah, I know I can do identity impersonation, but what is the right way to do something like this? My business logic is what needs to really do the heavy lifting when it comes to deciding what data and functionality a user can have.
We have decided to use the Identity Stack Propagation in iDesign's ServiceModelEx library. This allows us to track what user has logged in via Forms Authentication on the Service side without having to impersonate anybody.
A Guide to Designing and Building RESTful Web Services with WCF 3.5, this article explains the foundations of REST and how it relates to WCF. MVC uses REST as the architectural model. I am guessing one can use the .NET MVC to create web applications that have both a front end and an API point, but I am not sure if the safe way of building the API is to build it with WCF and then use it in the MVC as a controller.
Please comment if the question is not clear, I will add or modify the text.
Theres actually a third option, ADO.NET Data Servies. Anyway, here how I see them.
MVC REST: Gives you full control over how to expose your data, you have to write all the code to get it up an running tho, e.g. serialization, deserialization, all the CRUD methods etc etc. Worht metioning that this being an MVC site means you are limited to exposing your service via IIS over HTTP(S)
WCF REST: More automation than MVC, a much more solid frameowkr than MVC REST, i.e. caching, security, error handling etc (basically all the stff you'd have to write yourself using plain MVC). Being WCF, you can host this in a variety of ways (e.g WS-, TCP) etc.
ADO.NET DATA SERVICES: The quickest way to get up an running with everthing ready to use, all you need todo is configure the global.asax, however you have to use an Entity Data Model, which you many not want to.
Personally, I would use either ADO.NET DATA SERVICES or WCF REST to build an API, consue that API in MVC site and then expose that API either directly, or by passing it through another layer.
ASP.NET MVC can serve as a REST endpoint for light services work, so I guess the answer to your question depends on how you define "safe."
Clearly WCF is designed specifically for creating REST endpoints, with all of the security implications that are implied thereof, whereas ASP.NET MVC is designed to create REST endpoints which can be used by ASP.NET MVC itself.
The following article shows how to create a web service using an ASP.NET MVC controller:
Create REST API using ASP.NET MVC that speaks both Json and plain Xml
http://msmvps.com/blogs/omar/archive/2008/10/03/create-rest-api-using-asp-net-mvc-that-speaks-both-json-and-plain-xml.aspx
See also the following article from Phil Haack, which discusses an SDK the WCF team put together for users of ASP.NET MVC:
Rest For ASP.NET MVC SDK and Sample
http://haacked.com/archive/2009/08/17/rest-for-mvc.aspx
They are two different sets of technologies, only related by being built on .net
MVC is used to create websites and provides a model where URLs are routed to controllers and controllers deliver views to the user as the user interface.
WCF is a set of libraries in .net that are used to abstract the type of service (is it hosted in a windows service, as a webservice in IIS etc.) as well as the protocol (HTTP, TCP, MSMQ etc.) from the client and server which are communicating.
An MVC website may use WCF to connect to a web service, but that is just one of many options.