Custom Authorization/Authentication with Repository pattern - asp.net-mvc

All greetings
Anyone can do their implementation Authorization system?
Do not use the Membership API?
Of course we could implement custom providers to plug a different database into this framework, as detailed at MSDN, but if my application is going to use a repository pattern for data access, and I’m going to have specific controllers and views for creating/editing users, why should membership and authorization be routed through this other framework?
If yes:
I'm just interested in how not to make holes in security.
Use FormsAuthenticationTicket?
How about IPrincipal?
Maybe you have some example or project on codeplex.com on other Authorization/Authentication

I use Kristoffer Ahl's excellent FluentSecurity library to manage authorization in a centralized place in my ASP.NET MVC applications. The thing I like most about it is that it keeps me from forgetting to secure controllers because it throws an Exception when a Controller is accessed for which there is no security policy specified.
Resources:
Project Website: www.fluentsecurity.net
NuGet Package: install-package FluentSecurity (see NuGet Gallery)
Source Code: GitHub » kristofferahl » FluentSecurity

Related

Generate application metadata file for ADFS configuration

I've followed the steps on http://www.cloudidentity.com/blog/2014/02/12/use-the-on-premises-organizational-authentication-option-adfs-with-asp-net-in-visual-studio-2013/ to create a new MVC application using ADFS to authenticate my users. Now the team behind the ADFS configuration needs the application metadata file to allow the application to connect the ADFS.
How can I generate this metadata file?
It normally "lives" at /FederationMetadata/2007-06/FederationMetadata.xml in your STS website. If you used a standard solution like thinktecture then that is the case. Otherwise, you can generate it yourself using the .Net classes in System.IdentityModel.Metadata. You can find some inspiration at https://github.com/IdentityServer/IdentityServer3.WsFederation/blob/25a2101f9bfe78e4ec856eb15c9bf19a9a9b256c/source/WsFederationPlugin/WsFederationController.cs and related classes.

neo4j.Asp.Net.Identity Sample Project

I'm new at neo4j and I want to use neo4j.Asp.Net.Identity for authentication and authorization but I can't find any sample that implements that.Anybody knows how can I find a sample for that?
I'm also want to use Token-Base authentication for authentication and authorization.
The project is here: https://github.com/assimoes/Neo4j.AspNet.Identity the problem you'll have is that it doesn't implement the third-party authentication - i.e. you can't just drop it in and it'll work with something like MVC's Facebook/Twitter stuff.
Your best bet is to get the code from GitHub and reference the project directly as you're going to have to implement some new interfaces, and personally - I would change the implementation of the data structure - roles, authentication tokens don't work (if I remember correctly) - so you'd probably need to fix them.
You might actually be better off using my fork: https://github.com/cskardon/Neo4j.AspNet.Identity which I've been playing around with for a while in an MVC5 project and it's working so far (I'll create a demo version of the MVC5 soonish).
There is now a NuGet package for it. Click on the link in the Nuget documentation, and it should take you to the appropriate web-site.

Is it possible to remove all .Net MVC components in a .Net Web Api application so that I can use AngularJS as the front end?

I'm creating an application with a .Net Web Api project wanting to use pure AngularJS as the client side. Since Web Api is built on top of MVC, it creates MVC specific and default items that I feel is not needed. These items include the HomeController, _ViewStart.cshtml, _layout.cshtml, etc. I tried removing them but it comes up with errors. Has anyone tried to remove the MVC stuff out of the web api project and used separate client side front-end? Is it even possible to remove the MVC items without errors?
Remove RouteConfig.cs from App_Start, remove the Views directory and all sub-directories including the Views internal web.config file. Comment out or delete all the lines in the Global.asax.cs Application_Start method except GlobalConfiguration.Configure(WebApiConfig.Register). Remove the HomeController, add an index.html and any needed Angular scripts and go at it. I also added solution folders to organize my views as reusing the existing Views folders did not work. I'm using VS 2015 but is should work for 2013 also. PWE
Web API is not built on top of MVC.
The default templates bring in MVC for the sake of supporting a help page, but you don't need to use it.
You can start with an empty web project and just check Web API.
The routing piece is server routing and it's part of what maps the URL to Controllers+Actions, it has nothing to do with Angular routing.
As Mike Cheel alluded to, there are no dependencies between MVC and Web API. However, if you use the built-in templates, it's easy to get the impression that the 2 are linked. They include a lot of stuff in these templates because they can't anticipate where you want to go with your project... so they try to cover all the bases.
For your purposes, you would probably be better off to start with an empty project and add only the components that you actually need. For this approach, some of the best tutorials and starter projects are from Taiseer Joudeh's "Bit of Technology" blog. His tutorials helped me to build an "MVC Free" web application from scratch that uses JSON Web Tokens and AngularJS Interceptors for security and Web API 2 and Entity Framework to serve up the data.
He has many tutorials on his website... but you might want to start with "AngularJS Token Authentication using ASP.NET Web API 2, Owin, and Identity". What what.. you didn't ask about security? Well... security is an issue that you will need to confront at some point anyway... and Taiseer presents a nice solution for securing an Angular/Web API application.

Elmah.MVC vs. Elmah.contrib.Mvc

I'm new to ASP.NET MVC and I'm looking for the least painful way to get global error handling, logging, and reporting (via email) set up. FYI, my ASP.NET MVC app is being hosted as a web role in Azure, but I'm trying to avoid using any Azure-specific hooks.
It looks like getting ELMAH installed and configured is a good first step.
When I look in NuGet, I see:
ELMAH ("ELMAH with initial configuration for getting started quickly...")
Elmah.Contrib.Mvc ("...designed to add ease-of-use inside MVC projects...")
Elmah.MVC ("...painless integration into MVC...")
Which of these packages do I want to install?
EDIT: After some experimentation, I'm more confused. I compared the project files after installing each of the three options on top of a default MVC 4 app. It appears that neither Elmah.Contrib.Mvc nor Elmah.MVC add the elmah.1.2.2 package (which I get when I install basic ELMAH). Also, neither package adds the <elmah> section to Web.config.
So... do I need to install ELMAH first, and then install one of the "...MVC" packages to get whatever nifty improvements they presumably get me?
ELMAH - This is the default ELMAH package with no mvc specific code in it, if you dont do what is described here I don't believe ELMAH will log any errors that occur in you're controllers, and you may not be able to access the ELMAH log page
Elmah.Contrib.Mvc - This is an enhancement on ELMAH specifically for MVC based upon one of the creators of ELMAHS answer to a stack overflow question.
Elmah.MVC - This is simliar to the above package however I believe it provides much better support for mvc features like routes etc, It is also quite easy to install and configure, it removes a lot of the messing around you would have to do with ELMAH to take out various parts that arent required when running in a mvc project
You can read the authors posts to get a better idea of how it works:
Integrating ELMAH to ASP.NET MVC in right way
ELMAH MVC controller released on NuGet
ELMAH.MVC v.2.0.0 - Release Candidate
Personally I believe the last package would be the best one ot use, it seems to be the more up to date and maintained of the two mvc ones.
You might consider using Elfar instead of Elmah. Elfar is "inspired" by Elmah but is designed to be MVC specific and is very simple to configure.
Just open NuGet, and search for Elfar. You will find a number of different packages, but in general you want the one that conforms to the technology you are intested in using. I'm not familiar with Azure web roles, but if you have access to a standard Sql Server then you can simply use Elfar.SqlClient.
More info here:
https://github.com/stevenbey/elfar/wiki

integrating YAF.NET in my MVC3 Razor Solution

I would like to know if there is a way to integrate YAF.NET to my MVC3 Application?
I dont want YAF to be inside my page like using my masterpage or stuff like that, I just want it to be in a subfolder like /forum and if a user clicks the "forum" link he will be redirected to the forum.
In the future I also would like to use a login system for my page, so I have to think about membership provider. I know that there is a way to make YAF use your basic asp.net membership provider but will yaf work with mvc 3 in that way? Since yaf isn't a .NET 4 application I wonder how I could migrate the membership provider?
If there isn't a solution for the membership stuff, I should be able to just link from my page to YAF?
EDIT:
My solution ->
1)I added a subdomain and config both of mine domains to use an A-Record which points to the Server where IIS is running.
2)I added 2 Websites. The first one is my Main Website with my MVC3 Application and the second one is the YAF.NET Forum.
3) I edited the binding settings of both of the websites (IIS Manager -> Sites -> yoursite -> Binding) and removed the IP binding insteed i added a HTTP header. For mainsite = mydomain.com and for the forum forum.mydomain.com
For the first part, you can just install YAF in a virtual directory on your website like www.mywebsite.com/forums/ and let it run standalone there.
Create a new Virtual Directory in the folder you like. (/forums)
Set permissions, .NET settings etc accordingly and install YAF there.
For the second, what you could do is use from your MVC app, directly read YAF's database of users (wherever it is) and use it to authenticate your users.
The Latest build of YAF is on ASP.net 3.5, you could try getting the source and building it for .NET4, although this would not be necessary since you said you don't want to mash your app with it but run it side-by-side and have them interop. (There also is some UserControl feature for CMS's you might want to check that out)
On the features page it says YAF supports asp.net memberships and roles, so you shouldn't have a problem there either.

Resources