Is there a de-facto solution for ASP.NET MVC 3+ one should use in case he needs to allow users to sign in/up via:
OpenID
OAuth
Trivial registration / manual authentication
?
What I'm basically looking for is "Membership API" that works for OpenID, OAuth and whatever else. Key features are:
Roles support (for ASP.NET MVC)
Ability to bind multiple auth methods to single user (for instance, somebody first signed up with "trivial registration", then he wants to bind his Google account and then his Yahoo account, so he should be able to auth with any of these 3)
Thanks!
DotNetOpenAuth is your friend.
See this blog post: OpenID Authentication with ASP.NET MVC3 , DotNetOpenAuth and OpenID-Selector
Also, you can see the official tutorial on ASP.NET MVC.
Please visit this links:- you can find a good solution....
OpenID Authentication with ASP.NET MVC3 , DotNetOpenAuth and OpenID-Selector
And you can download code from the SocialAuth-net project and modify source code and implement. I have also done this, from here.
Related
I am going to create an web app using Dot Net Core. In future, i will also create mobile application for the same application. Now, i am in thinking the architecture of the project. I want to use WEB API core using Asp.net Identity Core. Also, i will consume WEB API in MVC Core application. But the question i have in mind that how i can handle ASP.net identity with MVC and WEB API? Do i need to include in MVC as well or only in WEB API?
I tried to think hard but still confuse. Need suggestions.
You can use token based authentication .
In a resource owner flow scenario , your client app( mvc application/native application) will consume your web api by providing user's credential , web api will validate the credential(using ASP.NET Core Identity) in database , If the username and password are correct then a JWT authentication token and the user details are returned. Your client app could validate the token and sign in user :
ASP.NET Core 2.2 - JWT Authentication Tutorial with Example API
Tutorial built with
Token Authentication in ASP.NET Core 2.0 - A Complete Guide
In addition, IdentityServer4 is a good choice when you want to roll your own full-fledged OpenID Connect authorization server that can handle complex use cases like federation and single sign-on.
So your question is maybe a bit open-ended for Stackoverflow and you don't really show what you have tried so far.
I will try to answer though. First you just need to start out with a template for your project. Start an MVC project in which you can easily have API endpoints as well. I would suggest splitting those in two projects for clarity - but if it is just a small personal project then you probably are fine having them in the same project. Microsoft have a pretty good resource on MVC:
Microsoft MVC walkthrough
For the Identity part. You would need some kind of authority for it to work. I suggest you take a look at IdentityServer4. Which offers an excellent walk-through of how to set it up and how to integrate it with Asp.NET Core Identity:
IdentityServer4
I'm confused on how the Web API implements the authentication?
I have gone through the links 1.
Link1
Link2
and need to summarize what I understood.
Owin katana is a mechanism that can be implemented for authorization.
There will be Iprincipal which can be created either in the host or
in the httpmodule which will be attached to the currentthread to
validate.
Token based authentication implements owin.
I have very little idea about the authentication mechanism in web api. If someone can help me to understand this, It would be great.
I have the following doubts.
Owin is a new way of authentication in MVC? or its already exists as
a part of windows and form based authentication?
If I wrote a module to authenticate what are the different ways I can use to authenticate an api method/controller?
The answer to your question could be quite big, I will try to give you some guidelines:
Katana is Microsoft's implementation of the OWIN standard
https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/getting-started-with-owin-and-katana
Token based authorization is supported by OWIN and , therefore, by Katana.
There are two very usual ways to implement this token authorization, you can use Windows Authorization
https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/enabling-windows-authentication-in-katana
or you can use a more standard and recommendable way using OAuth:
https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
With ASP.net (netfx, not core), you use attributes on controller level to provide the metadata necessary to implement the authorization and authentication.
I am adding authentication to an existing .net MVC project that is mostly APIs with a SPA interface. I don't want to hook up the whole ASP.net identity library for something as small as this project. I just want simple accounts with name, email, and password, and an API method to register(), login(), and logout(). What's the simplest way of implementing bearer token authentication without ASP.net identity?
I took #BradChristie's advice and created a super simple OWIN authentication layer.
I've posted all of the essential files, install instructions, and test instructions to a separate GitHub Gist.
Does anyone know of any code samples on how to use DotNetOpenAuth with Facebook using ASP.NET MVC 3 (or any version of MVC for that matter)? The samples that come with the library do not have any Facebook examples (it looks like they used to according to some posts but not anymore).
Any help would be appreciated.
Facebook uses OAuth 2.0 instead of OpenID for logins, so you must download the DotNetOpenAuth CTP in order to get the Facebook login sample. And the sample isn't for MVC, it's for web forms. But since it's all code in the code-behind anyway, you hopefully can make the translation yourself.
If you don't have your heart set on DotNetOpenAuth, you could also take a look at Windows Identity Foundation. It also supports OAuth 2.0 and Will give you the flexibility to use other authentication providers.
Is there a simple example of OpenID authentication implemented using MVC ?
DotNetOpenAuth. You can also take a look at this blog post from Scott Hanselman.
RPX is yet another OpenID library.
Authenticating users with RPXNow (in ASP.NET MVC)
You cant get much simpler than this:
I just installed dotnetopenauth through nuget to a new project (forms authentication included), and then followed this tutorial which is pasting 3 small chunks of code and it worked.
http://andrewblogs.com/blog/openid-for-asp-net-mvc-a-quick-setup/
I know a im a bit late but look here
http://nuget.org/packages/SimpleID
Now i haven't tried it but it seems like the fastest solution and its based on DotNetOpenAuth
Here is a complete step by step article how to add OpenID authentication to ASP.NET MVC 3 application. It shows how to combine OpenID with stanard FormAusthenication model, so you can use either e-mail/password or OpenID.
Complete solution code is available. It worked for me with some minor tweaking to get user's e-mail, first and last name in addition to OpenID :-)
OpenID Authentication with ASP.NET MVC3 , DotNetOpenAuth and OpenID-Selector
http://weblogs.asp.net/haithamkhedre/archive/2011/03/13/openid-authentication-with-asp-net-mvc3-dotnetopenauth-and-openid-selector.aspx