I have two ASP.NET web applications.
A legacy web forms application built using .Net Framework 4.6.1 with a Membership Provider
An AspNet Core application that uses Core Identity 2.1
The two web applications comprise the overall web application.
The plan is to have both applications hosted in IIS and allow the Core web application to manage authentication/authorization for both web apps.
I have already implemented cookie sharing between the two applications using an OWIN startup class in the web forms app and corresponding middle-ware in the Core app.
The flow is as follows:
The requests coming into the webforms application will be intercepted by a Http moudule which will redirect to the AspNet Core login form if the user is not authenticated.
Once the user enters their credentials in the Core Login form, they are redirected back to the Web forms application Home page or whatever other page as if they had logged into the app directly.
The issue I am currently having is that I haven't been able to find a programmatic way of authenticating the user as though they had submitted the Login form in the web forms app.
Is there a way to programmatically authenticate a user by using the Membership Provider via Core Identity?
Related
I'm currently working on an ASP.NET Core 5 MVC web project, I used default created Single User Account generated template for user management. I have applied the migration and it's working fine as expected. I need to set SSO cookie so other web applications can use that and work without sign in. In .NET 5 AccountController is not visible. What is the best way to set SSO cookie?
It is "Share authentication cookies with ASP.NET Core Identity". You can see guide at reference document at https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-5.0#share-authentication-cookies-with-aspnet-core-identity
You persistence it to web-browser by
services.AddDataProtection().PersistKeysToFileSystem("{PATH TO COMMON KEY RING FOLDER}").SetApplicationName("SharedCookieApp");
services.ConfigureApplicationCookie(options => {options.Cookie.Name = ".AspNet.SharedCookie";});
Depend on your second web-application what received your cookie sharing, you can see case with ASP.NET Core Identity or with-out ASP.NET Core Identity.
https://learn.microsoft.com/en-us/aspnet/core/security/cookie-sharing?view=aspnetcore-5.0#share-authentication-cookies-without-aspnet-core-identity
I have an asp.net core web application that using OpenIddict. It works fine and users can login.
Now I want to add web.api hosted on separate subdomain, but because the user is already authenticated I want to somehow share that authentication.
Is it possible? How can I do it? I see in the examples for OpenIddict user have to authenticate again, but I do not want that.
My Setup:
ASP.NET Core Web App: app.domain.com
OpenIddict server: login.domain.com
Web API .net Core App: api.domain.com (that is new requirement)
My web application has views that display data from controllers, I want to add extra javascript logic, and I can have web.api as part of the asp.net core domain: app.domain.com/api/
in that case, it works, the authenticated shared between web application and API,
but my goal is to have web.api on a separate subdomain: api.domain.com
I know I have to create a Bearer token, but it is not clear how to do it without authenticating the user again. So I want somehow share ASP.NET Core web application authentication to access api.domain.com
Can you please point me in the right direction? Where to start looking?
There seem to be plenty of tutorials on how to use third-party authentication providers for Blazor WebAssembly, but there doesn't seem to be a documented process for using Windows Authentication (on-site Active Directory domain) from an ASP.NET Core hosted server.
Is this actually possible? I would like the Core server to authenticate the user with the roles and policies, and for this information to be accessible from the WebAssembly client also. I understand that the Client can only use authentication to show/hide UI elements, and that any actual securing should be done on the Server, but is there a way to access the Windows authentication/authorization from both sides of the application?
ASP .NET Core(2.1) Web API authenticate LDAP users(intranet app - windows authentication ) and external tool requests against application key.
How to authenticate two type of authentication in ASP.NET Core 2.1?
I'm porting a web application from ASP.Net to ASP.Net Core and need to support both Windows Integrated Authentication and Cookie Authentication with users stored in the apps database (the app is self-hosted by customers and different customers use different authentication methods and sometime migrate from one to the other).
In order to share as much code as possible between the authentication methods I'm using a ClaimsTranformer to add claims to the Windows Auth Users that match those that Cookie Auth (using ASP.Net Core Identity) gives me. However, I would like these claims to be stored in a cookie (in a secure way, like Identity does for the cookie auth) so that I don't have to be hitting the database on every request. Is there a way to do this?
In ASP.Net, I used to look up the user details for the Windows user on the first request and then SignIn with ASP.Net Identity cookie auth; The app would then just use cookie auth the same as if the user had been authenticated with user/password. Unfortunately in Core, it seems that as soon as I call services.AddIdentity in Startup.ConfigureServices, it disables Windows Integrated Authentication.
I'm using ASP.Net Core 2.1 on .Net Framework 4.7 (although we have plans to migrate to .Net Core in a future version, when we can remove some dependencies).