universal security in mvc - asp.net-mvc

i have created web site with mvc. i have created security part of this web site. users can register on it. and information about user will stay on aspnet_users and aspnet_membership(roles in aspnet_roles). i looked at this tables and saw that all information are belong to a application(to my current web site). but i want to make so that when i will create a new web site all users which has registered on first site can logon without registration. how i can do it?

You could configure both sites to point to the same SQL database for authentication and authorization. For this you will need a separate instance of SQL server accessible from both sites.

Related

How to make Windows Authentication with specific users and roles that can access the application? (ASP.NET CORE MVC)

I have an intranet application with Windows Authentication. And I want to have a database table that contains the allowed users that can access the application.
I want to get the username after someone try to log into (successfully, thinking about the user existence into domain), to check if it is present into database to allow the access, besides that, redirect to a static HTML saying he can't access the application.
How can I achieve something like that?
And about the [Authorize], User Roles that ASP.NET Identity provides can be used in Windows Authentication mode to solve this problem?

Single Sign-On for Web Applications (ASP.NET MVC) together with LDAP

Our customer is using LDAP and 3 web application. The problem is the user is constantly forced to log on to each different web application.
He shall be able to use Windows authentication / LDAP together with single sign-on in order to be able to use all 3 Web apps without redirect to each login page.
So far, I have found this solution:
https://msdn.microsoft.com/en-us/library/ms972971.aspx
in this case "This Web site verifies (Step 2) the user against their Windows credentials (through Active Directory)." I don't understand how to check users password.
In this example is used only userid. Does it mean, that I'm only able to get users ID and check if a user with the same ID exists in LDAP ?
I would like to know, if there's an another and better way how to implement described functionality.
Please help

Azure # many sites - one login ( Single Sign On )

Plan :
Many asp net 4.5 sites hosted on azure (will be mapped to different domains) -->
How to share login between the sites?
Option 1 :
Use 1 database for all sites - how each site login and which site is the "master site" which hold
the database?
Option 2 :
Use database for each site with extra 1 global database for users(+forums posts)
Option 3 : ( combine 1+2 ?! )
2 database , 1 for users users(+forums posts) + 1 for data
Either option , I don't know how to do it ...
I'm using CodeFirst Membership Provider
If I login to SiteA is like login for SiteB and etc ( you got the point )
Is it "same domain" if all sites sits on Azure?
You need to use Azure Access Control Service (ACS) which is a part of Windows Azure Active Directory.
Create one ACS namespace and add all your applications urls as relying parties in this namespace through the portal. After that you need to Add a STS Reference from Visual Studio (that comes up when you install Windows Identity Foundation) for each of your application by giving the url of your ACS service namespace.
You will have to add your custom Identity Provider against which you need to do authentication. For example, in your scenario you can have a single database and create a custom STS that authenticates using forms authentication, and you will have to use the url of this service as your Identity Provider in ACS namespace. You have option to Add default identity providers such as Windows Live, Google, Yahoo and Facebook as well in case you want.
For some detailed steps refer this link
There are few sample codes available at MSDN Code Gallery as well.
Use database for each site with extra 1 global database for users
This option sounds good for me.
You can use CAS (Central Authentication Service) and this way you'll have a central point to authenticate the users. CAS will be configured to authenticate in the Global Database.
**It's necessary to configure each ASP Application to authenticate using CAS.
The basic authenticate flow is:
User tries access a specific ASP site.
The ASP site identifies that the users isn't authenticated and redirect the user to CAS (that runs in other web site).
User types your login and password.
CAS checks in the Global Database if the login and password are correct.
If yes, CAS redirects the user to the specific ASP site (step 1).
You will need to install Java and Tomcat (or other java application server) to run CAS. Because of that, I don't know if CAS is a good option for you.
http://www.jasig.org/cas
I'm using CAS authenticating against an Active Directory instance.
Sorry my english.

Method for Sharing Forms Authentication Login between MVC.net and Web API Sites on the Same Domain

I am going to have an ASP.net MVC web site (example.com) and a Web API site (api.example.com) running on the same domain. What is the best and most secure way to use Forms Authentication to allow a user to log in to the MVC site, and have that login accepted by the [Authorize] filter in the API site? Additionally, there is the possibility that both sites will be hosted on multiple servers (each of which might have its own subdomain), so a solution that would allow for a single sign on approach to work among all of the servers in the cluster would be preferred.
Take a look at this link http://www.codeproject.com/Articles/27576/Single-Sign-on-in-ASP-NET-and-Other-Platforms this covers the answer in detail.
You will need to ensure all machines and separate applications on the site share a common (but unique to production) machine key to allow the authentication cookies to be trusted by all the machines/applications.
If you are simply using virtual directories under the same sub domain then simply harmonising the web.conig Forms Auth settings and machine keys should get you up and running very quickly.
If you want this to work between a second level domain then you need to change the "Domain" setting on the Form's Auth cookie. See the article for details.

Pre-Existing Code or Template for Intranet User Provisioning (i.e. role assignment) in MVC3

When you create a new MVC project in Visual Studio, you get an AccountController that supports user self-registration and self-help changing passwords. This is great as a basic first step for a public internet site. But for an intranet site where an admin is responsible for creating users and assign them roles, is there any equivalent pre-existing template to start from?
To clarify, I am looking for a template that continues to use basic auth and that continues to use the ASP.Net membership and role services, as does the internet template, but provides UIs for user and role management that are intended for use by an administrator. The site is going to be on the internet but is not going to be "public" per se. There will be one or more sys-admin accounts that will have the ability to provision other users. The site will hosted by a yet-to-be-selected hosting provider.
Yes, it's called the Intranet Application. I know, who would think an Intranet application was an Intranet application?
MVC3 has 3 templates, Empty, Internet Application and Intranet Application.

Resources