From an external application, I am calling a rest web service that is implemented in Jspresso.
In the Jspresso web service, I would like to initialize the environment/context in order to act like a user connected by the login module.
Is there a method to call to initialize the environment (userPrincipal, ...)
Normally, your web services classes should extend org.jspresso.framework.application.startup.AbstractBackendStartup.
Then you can use the following protected methods :
protected Subject createSubject(String userName)
protected void configureApplicationSession(Subject subject, Locale locale)
This will initialize a session with all necessary information.
Related
I am implementing a 2 step authentication system, to send the sms I have multiple provider (aws, twilio and on prem). I created an interface ISMSService and have three concrete classes implementing the method "send" in the interface. My problem is that each service like aws or twilio requires different setup pararmeters to send a message so I cannot define those in the interface. I can access those parameters in the implementation of "send" from the web.config but I don't want to do that. Is there any abstract way to do that and still be able to send the sms using ISMSService reference?
You could have your send method take a Map options. e.g.
public void send(Map<String, Object> options) { }
So, IResourceOwnerPasswordValidator is supposed to replace IUserService.
In the old version IdentityServer3 I could do the following:
factory.UserService = new Registration<IUserService>(typeof(MyIdentityUserService));
factory.Register(new Registration<IUserRepository>(userRepository));
which passes a custom userRepository object with the proper connection string.
Now in IdentityServer4 I need to Connect to the proper Portal database in order for ID4 to authenticate the user against the correct portal database.
If I could pass a parameter to the constructor of the ResourceOwnerPasswordValidator class like below , then this would be fine but this is not possible with ASP.NET CORE.
public ResourceOwnerPasswordValidator(string MyConnString)
{
_connstring = MyConnString;
}
This can't work because the ConfigurationService registers this class without the ability to pass values. This makes sense since this registration process begins before the pipeline is built. How do I dynamically pass a connection string to the ResourceOwnerPasswordValidator class? I am trying to authenticate against the portal making the call. In ID3 I could do this by using the acr_value.
I am trying to get ID4 to authenticate as a MultiTenant Authentication Server.
You could inject a service or a DTO into a ResourceOwnerPasswordValidator constructor:
public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValidator
{
public ResourceOwnerPasswordValidator(IAuthRepository repository)
{
}
}
Hence it is possible to pass a service which returns your connection string.
By default, validator's implementation is registered as Transient which means it will not be a singleton until it is resolved in a singleton (which is not a IdSrv4 case I guess).
If you need a Scoped connection string (i.e. per web request), register a scoped DTO with a factory method: services.AddScoped<T>(() => ) or use AsyncLocal<T>. Check this thread to get more details:
How to Per-Request caching in ASP.net core
What error logging solution should I use for my ASP.NET Web API 2.1 in a high volume production environment?
I'm trying to keep my Web API as lightweight as possible so there's no MVC in it. Just plain old Web API and I'd like to keep it that way if I can.
I'd take a look at Elmah
http://www.asp.net/web-forms/overview/older-versions-getting-started/deploying-web-site-projects/logging-error-details-with-elmah-cs
using: http://www.nuget.org/packages/Elmah.Contrib.WebApi
Also, in Web Api you can override the OnException and just call you logger from from there (Nlog, or Explicit call to Elmah).
public sealed class CustomExceptionFilterAttribute : ExceptionFilterAttribute
{
public override void OnException(HttpActionExecutedContext actionExecutedContext)
{
yourLoggingMechanism.Log(actionExecutedContext.Exception);
base.OnException(actionExecutedContext);
}
}
Then in your WebApiConfig class, in the Register method add:
config.Filters.Add(new CustomExceptionFilterAttribute());
These are just some ideas, deciding where to log to (i.e. to a Db or maybe Windows Event Viewer etc) really depends on what you're doing and your decision on this may influence whether you want to go with something like Nlog or not.
It seems like I'm barking up the wrong tree when asking this question, this question and this question.
I need to authenticate users against a custom API (in COM), and I need to keep that custom API (the COM object) alive (for that user) for future WCF calls. During authentication against that custom API, I can get back a list of custom-defined roles. I'd also like to use these for authorization of the service methods.
Moreover, I need to be able to revoke the user's session remotely. This is triggered by an event raised by the COM API.
I've got a custom UserNamePasswordValidator, but it appears that this has no mechanism for correctly setting a custom principal, so it looks like I'm heading in the wrong direction.
How do I do these three things?
You can handle authentication completely in your service. Create service contract similar to:
[ServiceContract(SessionMode=SessionMode.Required)]
public interface IService
{
// All your operations marked with [OperationContract(IsInitiating=false, IsTerminating=false)]
// Two additional operations
[OperationContract(IsInitiating=true, IsTerminating=false)]
void Login(string user, string password);
[OperationContract(IsInitiating=false, IsTerminating=true)]
void Logout();
}
Service implementing this contract has to have PerSession instancing. Implement authentication in Login method and store COM object in local field. When new client want to use such service he has to first call the Login method. So all your instances will be properly authenticated and they will store their instance of COM object.
You can also register InstanceContext and COM object to some global class which will deal with forcibly killing service instance. This will probably require some research to make it work.
Make sure that you use some secure binding (encryption) because you will send user name and password as a plain text.
I have a wcf service in front of an AzMan store that passes roles and operations to clients using the following interface:
[OperationContract]
bool AuthenticateUser(string password, string appName);
[OperationContract]
string[] GetRoles(string storelocation, string appName);
[OperationContract]
string[] GetOperations(string storeLocation, string appName, string selectedRole);
Clients connect to this service using windows authentication (but users must send their password through to reaffirm their identity). Ultimately the service delivers an array of operations that each client can perform based on their selected role.
I've opened a new Silverlight Business Application and tried to understand how authentication/authorization works in this template, as well as scoured the web to find examples to how to hook my webservice to the login box already created in the template, but I am completely at a loss as how to do this!
Can anyone offer any advice?
The Business application template has an AuthenticationService, that is based on the User object and the AuthenticationBase class. AuthenticationBase has virtual methods that you can override to use your own security mechanisms.
For example, there is a Login method, based on a username and a password. This method returns a IUser that has a name and roles.
After looking at your interface, I'd create a sub-interface of IUser to include the list of allowed operations and change the generated User class to implement this sub-interface. And I'd override the Login and related methods in AuthenticationService to use your existing Azman-based code.