I am writing an ASP.NET Core 6 application and have to have user logins. The choices are either ASP.NET Core Identity that is a part of the ASP.NET Core 6 framework or to use Active Directory.
This will all be hosted on Azure so if I use Active Directory it will be Azure Active Directory used solely for this application.
As I see it the trade-offs are:
ASP.NET Core Identity
Integrated into the framework - easier to use.
Active Directory
Supports more MFA options
Need it if I'm going to also have a Web API available too
Can connect another Active Directory to provide users eliminating the need for duplicate logins for users on associated systems.
Am I missing something here? Because it appears to me that it's a slam dunk to use Active Directory.
Related
Reading this it looks like the ASP.NET Core I&A system can not use ActiveDirectory. And that same page says for the API part of the web service, that should use ActiveDirectory.
Since I don't want users to have to create 2 logins, is there any way to point the ASP.NET Core I&A system to call down to Active Directory?
And if not, is there a good example about how to use ActiveDirectory for the forms part of an ASP.NET Core app?
I have two applications using MVC Core 2.2 with Entity and Identity
These two applications need to use the same user base. All applications and database are on the same server.
Permissions and roles will be different per site, my main goal is SSO (Single Sign On).
In this case, do I need to use some tool like Identity Server 4? Or can I do it in a simpler way?
I'm building a system with 3 projects and I'm struggling with how to implement user management. I have 3 projects, an asp.net core MVC, an asp.net core Web API and an identityserver4. I want to use asp.net core identity for user management because the framework provides a lot, but I don't know where to place it. The system itself is not a big system yet, but I want it to be scalable in the future. I've read that the only thing identityserver is suppose to do is the authentication and authorization and not deal with the user management part(create users, change permission, etc.)
In the system itself, I need to have an admin that has access to the users (through the frontend MVC) and can create new or delete users, etc.
so the question is, Should i implement all the user management functions that asp.net core identity provides in the identityserver4 project or should I build it in the web API and have the two projects access the same database. I don't want the 4th project only for user management, though I know that is the ideal solution.
Currently, the mvc app only connects with the web API with the bearer token that identityserver provided.
Or, should I go in a new direction and use jwt token and asp.net core identity and only have two projects?
I'm very confused about this part, and I want to know what is the best practice.
Only Identity Server project (and any projects that are related to it) should have access to the user database. All user info a client or a API resource needs, it needs to get it from the IS its self. Now, setting up Identity Server properly depends on your needs. If you want a simple one for a few apps to use, go with a single project that can sign in users and register them, and setup your clients and API resources in the config.cs files. This is not a great way to do it though. Generally, you should have a IS project for user sign in and registration, and one more project that manages those users, as well as clients and API resources. You can see a great example of it here, it also uses ASP.NET Identity, and has a STS project(Identity Server), Admin project(User, Client, API manager) and an API project(for all related db access). Hope this helps.
I created a MVC 4 project using MS Visual Web Developer 2010 Express. It by default uses "SimpleMembership" and it connects to a database (A) on my local SQL Server. I ran the web project and registered a trial user, and it was successful. When I checked the database A with Management Studio, the user was there.
However, when I turned on debug and opened the ASP.NET Web Application Administration Web Tool. It showed User: 0. Obviously the Admin Tool did not check the database A. Then I was able to create another user via the Admin Tool. Surprisingly it was found added to the "aspnetdb.mdf" in "App_Data" folder of my project.
My questions are:
how I can make the Admin Tool connect to the database A on my SQL Server instead of the "aspnetdb.mdf" file as I don't want to store my user profiles in two separate places.
Why "aspnetdb.mdf" uses ASP.Net Membership instead of "SimpleMembership"?
Thanks!
The Web Application Administration Tool was developed for SimpleMembership's predecessor ASP.NET Membership. When Microsoft released SimpleMembership they never bothered to provide support for any admin tool; you have to create one yourself. Take a look at this QA which explains in more detail.
Be aware that Microsoft has dropped SimpleMembership in MVC 5 for ASP.NET Identity. ASP.NET Identity is a much better solution, but it still does not come with an admin tool. I would move to ASP.NET Identity if possible. Here is an article on how to migrate to ASP.NET Identity.
I'm building a website from scratch using ASP.NET MVC 4.
The application is hosted on Windows Azure.
It's a rather basic website application.
Next, I would like to authenticate my users.
The authentication requirements are, again, rather basic and straight forward.
I did some reading, and it seems that the best two options for me to achieve users authentication are:
1. ASP.NET SimpleMembership
2. Windows Azure Active Directory Access Control
Now, my questions are, which one should I choose? which one is more secured?
It is dependent on what you want. WAAD -ACS gives you option to integrate various identity providers like google,yahoo etc or federate with Active directory services.
But if do not want such options and simply use your existing asp.net membership you can do that as well.