Is there support for Client Certificate Authentication in Swagger UI? If yes, could someone provide an example of enabling it in a solution using asp.net core 5 and Swashbuckle, or point me to a url which has a good example of the same.
Related
I currently have a .net core api setup to use swagger. I need to protect the swagger documents with windows authentication. Since there isn't an actual swagger folder with swagger html files, it seems like i can't setup the authentication through IIS manager. Is there any way to do this?
I have been reading today about the auth implemented in asp.net core for google and facebook, and prototype-ed a lot. Something that's not clear to me at all, even after going through the MSDN docs. and several blogs: Is any support for backend API validation added in .net core or do I still need to call into the google auth library to validate the auth tokens received from the client.
Note: I am using asp.net core as Web API and I don't use the MVC/Razor part.
thanks for any detail added on this!
I'm looking for a complete step-by-step guide or a sample project about implementing a RESTful Service using .NET 4.0 using Custom Basic Authentication over HTTPS hosted in IIS.
I've been googling about it for 3 days and I could only find either an implementation with WCF 3.5 which is very different, or without Custom Basic Authentication, or without SSL.
Basically I implemented my REST service on WCF 4, and added SSL, but I can't use a custom authentication using my custom users database.
Any references would be really appreciated.
It's not currently possible using the available WCF extension points.
It is possible with custom HTTP module allowing basic authentication against custom credential store. Built-in module in IIS supports only windows accounts.
I wrestled with this for a while and ended up just implementing basic auth in my service. Check WebOperationContext.Current.IncomingRequest.Headers for an 'Authorization' header. If it's missing or the credentials don't match set the challenge header and return a 401 status:
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException<string>("Username and password needed", HttpStatus.Unauthorized);
That's enough to trigger a browser to prompt the user for credentials. See https://www.rfc-editor.org/rfc/rfc2617 for more on basic auth, http://ithoughthecamewithyou.com/post/Basic-HTTP-auth-for-an-IIS-hosted-WCF-4-RESTful-service.aspx for more on this frustrating missing capability.
Could any one suggest me the best sites to learn Authentication and Authorization Roles with some sample code ?Because am the beginner to security system in asp.net.
Tutorials here are very informative and in detail with sample code.
http://www.asp.net/web-forms/security (including videos)
https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx
There aren't any major changes in 4.0 in terms of authorization and authentication.
So any tutorial with 2.0+ should be fine.
I am working on a asp.net mvc application and a WCF service which will be accessed by the mvc app. I am using WIF based STS website to do authentication and authorization on mvc app. Now I want to achieve the same thing on each method of web service.
I am thinking whether I can pass the claims info I have in MVC App to the WCF to do authentication and authorization. I dont want WCF to contact STS again for authentication. I cannot use windows authentication. I also want to make use of ClaimsAuthorizationManager to achieve this.
If anybody has some about it please share. It will be a big help for me.
Joe
If your WCF Service is not REST, then maybe you can find the answer here Identity Delegation with AD FS 2.0 Step-by-Step Guide
If your WCF Service is RESTful, check-out the example 8-ActiveRestClientFederation (download from Identity Guidance); Dominick Baier's guide Token-based Authentication for WCF REST Service and from Stefan's blog Secure your REST-based WCF service with WIF.
Hope this helps.