Windows Live ID in ASP.NET MVC - asp.net-mvc

does anyone know is there a way to implement Windows Live ID authentication into your ASP.NET MVC site. There is some info about OpenID implementations and it uses some libraries.
So is there a way to implement Live ID or it is not yet supported.
Thank you

The same way you would with Memberships:
http://www.eggheadcafe.com/tutorials/aspnet/48857836-0c72-4efb-9d29-fbcb8e17ef3a/integrate-windows-live-id.aspx

Actually this is a valid business case, and I've gotten it to work with asp.net mvc. I used the sdk sample code a posted by Filip and created a controller that handled auth response. The only issue I had was during the windows live app verification process. I couldn't get the verification process to work with the mvc site up. I had to do the verification before I upload site. See: link text

Newer information at
It's pretty independent of mvc or webforms I think.
Windows Live Messenger Connect Developer Guide
http://msdn.microsoft.com/en-us/library/hh243641.aspx

Related

Looking for a secure and robust STS implementation

I am faced with a project that uses custom authentication via a WCF service that returns a set of claims based on some data identifying a user, close to user name and password. Then on top of this, I have a custom STS, derived from Microsoft.IdentityModel.SecurityTokenService, that resides in an ASP.NET web site project. This project looks like it was created with the VS2010 template, and not carefully had-crafted.
My gut feeling, and lots of on-line advice tell me that this web site STS project is very far from production ready. I am now looking for an MVC based STS that I can use in anticipation of being production ready. TinkTecture's IdentityServer looks promising, but it is so much more than simply implementing a custom derivation of SecurityTokenService, I have no idea where to start. If somebody could steer me toward an open project or walk-through that does this, or offer some guidance as to where and how I can start extending or modifying Identity Server, that would be great.
Have you looked at Thinktecture.IdentityServer v3? I'm at the moment using it and very simple to use.
It is still in Beta but RTM will be available soon. It has good documentation and samples too.
https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki/Getting-started
https://github.com/thinktecture/Thinktecture.IdentityServer.v3/wiki
Update:
Identity Server 4 is also available. It supports cross-platform deployment with .NET Core.
https://github.com/IdentityServer/IdentityServer4/
Have you looked at the MSDN article by Michele Leroux Bustamante?
It's a little old and based on WCF, but it has code accompanying it.
Building A Custom Security Token Service
If you want ASP.NET based example, Microsoft published this:
ASP.NET Security Token Service Web Site
There's also this STS project on CodePlex.

Claim based security with MVC custom login page

I am developing MVC application and want to use WIF & Claim based security.
However I am very disappointed with the way login is perfomed. I mean redirection to STS login page and then redirecting back to my page. That is not user-friendly at all.
I want to implement login page in my application (it fact it will be popup dialog). Than using Web API I want to be able to perform STS request and get security token and initialize WIF infrastructure (Principle etc).
Is it a good way to go with?
Did anybody do something similar?
Does anybody have some samples of what I am trying to do?
I just worry that I don't have control over the STS login page layout & style.
Also I will have mobile application and must perform login using Web API service.
What can you advice?
Thanks
Well - you can do that of course. This does not need to be WIF specific. Call a service, pass credentials - and when OK set the login cookie.
But if you want SSO you have to make a user agent roundtrip to the STS - otherwise you cannot establish a logon session.
Consider using MembershipReboot membership provider which uses claims-based security and is not based on microsoft's traditional membership provider.
It does not have a documentation, but in the zip file you can find 2 sample projects that uses MemebershipReboot provider, which explains all you need to know about it.
In fact after reading this blog post today, I decided to use this approach in my current project. I'm still struggling with it now and I'm so excited !
In addition to Ashkan's recommendation Brock Allen provides solid documentation about how to implement MembershipReboot in association with IdentityServer. You can find that their is a way to configure a custom implementation Here. Also their are a few tutorials on vimeo from Dominick Baier (leastprivilege) that will provide a full walk through on getting started! I hope this helps!

Authentication from Asp.Net Mvc4 Project to Another Asp.Net Webapi Project, backed by SQL Server CE 4

I've been searching for an answer to my question for a while now, but can't find what I'm looking for so I hope someone can help me :)
Scenario:
3 Projects:
Asp.net Web Api Project (SQL Server CE 4 database + Asp.Net Membership)
Windows Phone 7.5 App (Authenticates to the SQL Server CE database using REST)
Asp.net MVC 4 Project (That wants to communicate to the same SQL Server CE database, also using REST)
The WP7 app's authentications is already working. But I'm having problems with trying to figure out on how to let my MVC app authenticate with the same SQL Server CE database.
I'm probably able to create my own controls and use the same logic to authenticate that I've used in the WP7 app, but I want to keep the existing functionality that the [Authorize] attribute offers.
So my question is:
how can I let my MVC project authenticate through the Web Api project, and still maintain the functionality that when a user tries to access a page that needs authentication, he will be redirected to the login page and such
I hope my question is clear enough! If not, don't hesitate to ask some additional questions!
Kind Regards,
Gert
Ok, after some rest and some logical thinking, I just realized that I had to change the Login method in the AccountController in the MVC project.
I'm not able to provide any code because I'm not on my dev pc, but it's just any authentication code you would use anywhere else. For example using REST authentication or authentication through a WCF service.
Kind regards,
Gert

ASP.Net MVC4 Web Api with Help Page of WCF possible?

I am starting to develop with Web Api MVC 4 and created the whole stack. My services are working but I wonder if it is possible to see a Help Page similar to what exists on WCF.
Does anyone know?
Thanks
Checkout the ASP.NET Web API Help Page which is available as a NuGet package:
http://blogs.msdn.com/b/yaohuang1/archive/2012/08/15/introducing-the-asp-net-web-api-help-page-preview.aspx
Not currently but this is in the MVC 4 roadmap:
http://aspnet.codeplex.com/wikipage?title=ASP.NET%20MVC%204%20RoadMap
Web API Help page generation: We want to make it easy to generate rich, web-based documentation
for your web APIs, including the resource URIs, the allowed HTTP methods, expected parameters, and
sample message payloads.

Getting Live ID to work via WIF

I'm attempting to use WIF to have my ASP.NET MVC app rely on Windows Live ID for authentication. I've followed this example exercise:
Exercise 4
However, it does not work for me. Mileage varies, sometimes I get an error about Windows Live ID experiencing problems, but most of the time it simply does not redirect back.
Has anyone got WIF and Live ID to cooperate?
Make sure you download the latest bits from the Training Kit just in case. One of the easiest ways of integrating with LiveID is through Windows Azure AppFabric ACS (Access Control Service). In addition to LiveID it gives you integration with other Identity Providers (Google, Facebook, any WS-Federation STS, etc).

Resources