I have a web site I'd like to switch to ADFS/WIF (Windows Identity Foundation).
The web site has some ASP.NET MVC and other regular (WebForms) ASP.NET.
I've seen examples for MVC and examples for WebForms, but how can I have a blend of both flavors of ASP.NET living side by side in the same web site (same domain) which still supporting WIF for SSO in each?
WIF doesn't care whether the app. is ASP.NET or ASP MVC. Just bind your app. to ADFS using FedUtil and it will work. FedUtil just changes the web.config.
You'll lose your current authentication pages (in the sense they won't be invoked) but the rest of the app. is untouched and will work as per normal.
If your app. is not currently claims-based, you'll have to make changes to consume the claims.
Related
I did some research around but I have some doubts still about following topic...
I have Silverlight/RIA Services project that needs to have ASP.NET MVC look as well as WebAPI for some different clients.
So my question is following
Can we use somehow RIA Services with ASP.NET MVC 5?
And if not what is a painless way to represent all existing logic in ASP.NET MVC?
Thank you!
Ria services have nothing to do with look and feel.
A Silverlight app or a non plugin, which uses RIA services can be hosted in a web page created using ASP.Net.
Can we use somehow RIA Services with ASP.NET MVC 5?
Yes.
RIA services which could be used by an asp.net backend would not gain the benefit of RIA services because changes made in the backend end are not generated forward to an application such as a Silverlight plugin. It just becomes another way of accessing data.
I am currently at the beginning process of starting a new application and am quite new to MVC and Angular. So far i have created a custom authorize attribute using asp.net MVC, this enables me to use the [Authorize] tag. Is it possible to use with an AngularJS front-end?
Any resources that will point me in the right directions would be appreciated.
AngularJs is really good for single-page-applicaitons (SPA). So just separate your front-end and back-end layers. Use Angular to implement all the views and front-end stuff. Use ASP.NET WebAPI to expose REST API for front-end (and maybe mobile) app.
A few useful links:
Angular Routing module
ASP.NET WebAPI Bearer token authorization with AngularJs
Routing in SPA with AngularJs
The answer is YES! So you can still benefit from ASP.NET MVC features like authentication and authorization etc. and still use AngularJS on the client.
I actually had the same question and after a bit of research I discovered the following.
It's true we should embrace SPAs (single page apps) but at the same time we should not just discard mature server-side frameworks such ASP.NET MVC. You can simply have a hybrid web app or mini SPA as we also call them. These web applications use normal ASP.NET MVC routing to show views and then, once the view loads you can leave all the responsabilities to AngularJS. Miguel Castro uses the term SPA silos. Plus you can benefit from AngularJS' routing as well. Miguel Castro also explains how to use them both together to get the best of server and client side. I really suggest seeing his presentation (link below).
In that way you can still benefit from ASP.NET MVC great features like Authentication, Authorization and others but still have AngularJS run your views.
I got this answer on the following locations that you definitely should check out:
Miguel Castro: AngularJS for ASP.NET MVC Developers
PluralSight - Cooper, Eames: AngularJS for .NET Developers
StackOverflow: Mixing Angular and ASP.NET MVC/Web api?
StackOverflow: ASP.NET MVC and Angular JS tipping point
We are going to start a new solution for both "desktop/mobile responsive web site" and "mobile app". Both projects (web site and mobile app) need to access same business/data layer.
The tier structure for web site is going to be something like the following:
Browser -> ASP.NET MVC Web Site -> Business Layer -> Data Layer -> Database
The tier structure for mobile app is going to be as follows:
Smart Device -> ASP.NET Web Api Service layer -> Business Layer -> Data Layer -> Database
We don't want web site to consume web api.
We also don't need to integrate with any social identity in our scenario. I heard that ASP.NET MVC discourages token approach for security (authentication and authorization) and encourages the cookie approach. However, consuming Web Api will be lot easier, if we employe token approach and cookies are obviously discouraged in REST services.
While we are fine to start with new ASP.NET Identity system, we are not quite sure on how to deal with both scenarios without rewriting and supporting code for both scenarios.
Based on the above grounds, how can we design a common security pattern which works for both of our scenarios i.e., ASP.NET MVC Web site and ASP.NET Web API.
If you self-host using OWIN, you can look at creating an OWIN middleware. If you web-host using IIS, you can create an Http module to authenticate and establish the identity by handling authenticate event. Http module can be written in such a way to look for a token and if not present, fall back to cookie. By cookie approach with MVC, I believe you mean Forms Authentication. With that, FormsAuthenticationModule comes into play. So, your module just need to be aware of this and play along nicely. Ultimately, identity is established on Http context and you can use Authorize attribute in both MVC and API controllers. Here is an example of how to create an Http module for authentication. Basic authentication is implemented here but you can modify it for tokens.
I have a classic asp project and a teammate created a new functionality, but it's in asp.net mvc. I also know how to work with mvc, but I never used classic asp and mvc together.
For example, is it possible, in this classic asp project, to have a link that will redirect to a mvc page on the same project?
Thanks!!
Yes, you can have a link point to any other page you'd like regardless of technology. Likewise for a redirect. To redirect in classic ASP, use Response.Redirect
Absolutely, the pages (and that term is used lightly in the MVC side of things) can link between each other without any problems. Now, any built-in authentication or session management or anything like that will be considerably more challenging, but if all the sites need to do is link to each other then they can do this like any other two websites. The ASP pages can host manually-crafted (vs. HtmlHelper-crafted) links to the MVC actions, and can host forms that post values to the MVC actions (provided the field names line up properly).
There's nothing inherently special about the MVC actions. They're just handling HTTP GET/POST requests like anything else.
Scenario:
I have an ASP.NET MVC 2 site using ASP.NET Forms Authentication.
The site includes a Silverlight 4 application that needs to securely call internal web services.
The web services also need to be publically exposed for third party authenticated access.
Challenges:
Securely accessing webservices from Silverlight using the current users identity without requiring the user to re-login in in the Silverlight application.
Providing a secure way for third party applications to access the same webservices the same users credentials, ideally with out using ASP.NET Forms Authentication.
Additional details and limitations:
This application is hosted in Azure.
We would rather NOT use RIA Services if at all possible.
Solutions Under Consideration:
I think that if the webservices are part of the same MVC site that hosts the Silverlight application then forms authentication should probably "just work" from Silverlight based on the users forms auth cookies. But this seems to rule out the possibility of hosting the webservices seperately (which is desirable in our scenario).
For third-party access to the web services I'm guessing that seperate endpoints with a different authenication solution is probably the right answer, but I would rather only support one version of the services if possible...
Questions:
Can anybody point me towards any sample applications that implements something like this?
How would you recommend implementing this solution?
You can extend WCF to use Membership as authencation store and reuse the FormsAuth Cookie (send by the MVC site) to the browser by the Silverlight app.
I would recommend using an STS with Windows Identity Foundation so you can have your app use claims identity and then change authentication outside the app. For third party you can use Windows Azure Access Control Service (ACS). We are updating our guidance on this and you can look at the new code to show you how to do this at our codeplex site. The original book is available at Amazon. I would focus on the updated guide because it has ACS has websites and an active client talking to WCF. The client is WPF but it would similar for Silverlight.