When you create a new MVC project in Visual Studio, you get an AccountController that supports user self-registration and self-help changing passwords. This is great as a basic first step for a public internet site. But for an intranet site where an admin is responsible for creating users and assign them roles, is there any equivalent pre-existing template to start from?
To clarify, I am looking for a template that continues to use basic auth and that continues to use the ASP.Net membership and role services, as does the internet template, but provides UIs for user and role management that are intended for use by an administrator. The site is going to be on the internet but is not going to be "public" per se. There will be one or more sys-admin accounts that will have the ability to provision other users. The site will hosted by a yet-to-be-selected hosting provider.
Yes, it's called the Intranet Application. I know, who would think an Intranet application was an Intranet application?
MVC3 has 3 templates, Empty, Internet Application and Intranet Application.
Related
I have read all the stack overflow posts and other blogs regarding mixed-mode authentication. I could not find a step by step implementation anywhere.
So here is my scenario. I have developed asp.net MVC 4.5 and asp.net identity 2.0 for individual user accounts. Some of our clients use active directory to authenticate their users whereas others use individual user accounts. Also, those that use active Directory can also remotely access the web portal and in that case authentication would be from database(Form Authentication/individual user account authentication).
My findings so far
create another web application. If this client does not use "active Directory", then redirect to login screen, else, authenticate from active directory (but how?)
Some of the links show that there is no need to create another web application like
Mixed mode authentication with OWIN
ASP.NET Identity + Windows Authentication (Mix mode - Forms + Windows)
ASP.NET MVC and mixed mode authentication
Truly confused as to what to do and how to do..most solutions seem vague and general
There's no need to create a second web application.
Owin is designed to let you use all available providers (such as, Windows authentication and form-based authentication) given that you enable them in IIS.
Briefly, you have to
Enable Anonymous and Windows authentication on IIS - Authentication
(with server or site scope as it best fits to you)
Anonymous authentication - Edit - Use Application Pool Identity
I recently implemented just this kind of authentication on an MVC project and it works like a charm. I suggest you to read this post https://github.com/MohammadYounes/MVC5-MixedAuth it's been really helpful to me.
I have inherited an existing ASP.Net MVC C# web application solution.
Currently, there are two separate Web Application projects.
An Admin site - used to managed the content of the public facing site.
The public facing site
Currently, the public facing site is not in production; only the Admin site is deployed on Windows Server 2012 running IIS 8.0 using the client's domain e.g. www.mysite.com
The client would like the public facing site and the admin site to be accessibile via the same domain:
Public: www.mysite.com
Admin: www.mysite.com/admin or admin.mysite.com
Is there any way to achieve this given the two sets of functionality are currently encapsulated in different Web Applications?
I'm wondering if:
Is there a way to achieve the above with sub-domains or some other feature of IIS
Or if its best to move all the Admin functionality into an MVC Area within a single Web Application
Discussions on the pros/cons of each approach (or links to resources) would be most appreciated.
I would rather move admin site and public facing site in single web app in separate area as OP said.
You can use host-header facility in IIS to adjust root domain url to admin.mysite.com (or such).
advantage of such approach is maintenance will be easier as code base is part of single vsnet solution, Assuming public facing site will have lot more content/controller/views and admin site will have less of those, there is no point in maintaining separate .SLN for admin.
I've got a simple MVC 4 application with a user and role defined in the ASP.NET Configuration. They work fine locally (Running with F5) but when published to Azure Web Site the users don't exist or at least, when trying to log in I can't. Could either be the user doesn't exist or that the passwords isn't matching.
e.g. I have a page for Admins only, I have one admin user. Locally I created the user and role in the ASP.NET Configuration page and I can log in as Admin and access the secured page. After publishing to Azure Web Site I can't log in as Admin.
Can anyone help? How do I publish my ASP.NET Configuration?
I'm using Visual Studio Express 2012 for Web
As #Sound pointed out, you are probably missing the users from the DB that is hosted on Azure. You can access Sql Azure using Sql Management Studio once you open up the firewall through the Azure portal. From there, you can run a script to insert the users, or do it manually through SSMS.
There are many options for migrating data, the above just being a few. You might also look into EF Data Migrations as that might be a good fit as well.
i have created web site with mvc. i have created security part of this web site. users can register on it. and information about user will stay on aspnet_users and aspnet_membership(roles in aspnet_roles). i looked at this tables and saw that all information are belong to a application(to my current web site). but i want to make so that when i will create a new web site all users which has registered on first site can logon without registration. how i can do it?
You could configure both sites to point to the same SQL database for authentication and authorization. For this you will need a separate instance of SQL server accessible from both sites.
Scenario:
I have an ASP.NET MVC 2 site using ASP.NET Forms Authentication.
The site includes a Silverlight 4 application that needs to securely call internal web services.
The web services also need to be publically exposed for third party authenticated access.
Challenges:
Securely accessing webservices from Silverlight using the current users identity without requiring the user to re-login in in the Silverlight application.
Providing a secure way for third party applications to access the same webservices the same users credentials, ideally with out using ASP.NET Forms Authentication.
Additional details and limitations:
This application is hosted in Azure.
We would rather NOT use RIA Services if at all possible.
Solutions Under Consideration:
I think that if the webservices are part of the same MVC site that hosts the Silverlight application then forms authentication should probably "just work" from Silverlight based on the users forms auth cookies. But this seems to rule out the possibility of hosting the webservices seperately (which is desirable in our scenario).
For third-party access to the web services I'm guessing that seperate endpoints with a different authenication solution is probably the right answer, but I would rather only support one version of the services if possible...
Questions:
Can anybody point me towards any sample applications that implements something like this?
How would you recommend implementing this solution?
You can extend WCF to use Membership as authencation store and reuse the FormsAuth Cookie (send by the MVC site) to the browser by the Silverlight app.
I would recommend using an STS with Windows Identity Foundation so you can have your app use claims identity and then change authentication outside the app. For third party you can use Windows Azure Access Control Service (ACS). We are updating our guidance on this and you can look at the new code to show you how to do this at our codeplex site. The original book is available at Amazon. I would focus on the updated guide because it has ACS has websites and an active client talking to WCF. The client is WPF but it would similar for Silverlight.