I'm looking into a custom membership provider in Sitefinity 9.1 to manage users from an external API. However, we'd also like to manage user profiles externally. I haven't seen any documentation on how to also create a custom profile provider. Any help would be appreciated!
Related
Is it possible to use keycloak with custom DB? E.g. we have a database where we have all the users and their password. Can we use keycloak with that database or do we need to add each user to keycloak and have to keep our-user-db and keycloak-db in sync ?
The answer is YES. In User Federation, you can add LDAP or kerberos with Keycloak supported. And you can develop custom User Federation.
Custom Provider tells you can achieve your goal. But from here, it says you can migrate from early User Federation SPI. This User Federation SPI can be created in Keycloak 2.4.0 with the APIs at that version. On keycloak website, I just find 1.9.0, it says there's a provider/federation-provider sample you can refer. Maybe you can try to find 2.4.0 bundle and sample to do your work.
After you create your User Federation SPI, then you refer here to migrate. You can choose to import or non-import.
I am working on an application which has an azure asp.net mvc website and an azure mobile service. Both will be using the same azure sql database.
I understand that I can use custom or Microsoft, Facebook based authentication using my mobile service. The website and the mobile app that I will be building though will have different features in the website and on the mobile app based on the role of the user.
How should I go about implementing user roles? If this was just an asp.net application, I would have just used ASP.NET Identity but not sure how to do this with Mobile Services.
I found a similar question asked a year ago with no resolution - Using ASP.NET 4.0 membership provider with Azure Mobile Services
If there is an existing implementation or guidance out there, please point me in that direction. Thanks.
As of today, there isn't a super easy way to handle this no matter how you slice it. You can take a look at this post (there is another dealing with the JavaScript backend that is linked from this) http://www.acupofcode.com/2014/04/general-roles-based-access-control-in-the-net-backend/ that talks about role based access control using Azure Active Directory. AAD may not be the option you want to go with. In which case, you'd need to implement the roles and checks in your Mobile Service yourself. If you only have two levels such as "normal user" and "admin" you COULD dictate everything based off of the user.level property and if they are "authenticated" they only have basic user access but if they're "admin" they have admin functionality. You'd still need to do the role based logic in your backend but I think you'll need to handle that no matter what.
Alternatively, what I think you could look at doing, is using the ASP.NET Identity system. Then from your Mobile Service, you can use the same type of custom auth I've documented here (http://chrisrisner.com/Custom-Authentication-with-Azure-Mobile-Services-and-LensRocket) but instead of checking against and storing a username/password in your Mobile Service like that sample is doing, when the user goes to register / login, you could check against the user backend created by the ASP.NET identity system. I don't have a sample off hand of that working but it sounds doable in my head.
I have a large customer base and would like to migrate them from using OAuth1 2LO to OAuth2 Domain-Wide Delegation and
1) Would like to know if it's possible.
2) If possible, can it be done without user intervention/impact.
For reference, I am looking at/following the OAuth1 migration doc (https://developers.google.com/accounts/docs/OAuth_ref#migration):
According to the delegation docs, we'd want to create a "service account", but the OAuth1 -> OAuth2 migration guide (https://developers.google.com/accounts/docs/OAuth_ref#migration)
Your application must have an OAuth 2.0 Client ID. You get this Client ID by registering the application as an installed app or a web app in the Google Cloud Console.
1) Does this also work for "service accounts"?
If the migration does work for service accounts, there appear to be manual steps on the part of the admin for setting up delegation (found here: https://developers.google.com/drive/delegation)
The service account that you created now needs to be granted access to the Google Apps domain’s user data that you want to access. The following tasks have to be performed by an administrator of the Google Apps domain:...
2) Does this mean that we will require our customers to complete these steps ?
Any help would be appreciated
There is no token migration involved for the delegation case (so, ignore the migrations docs: https://developers.google.com/accounts/docs/OAuth_ref#migration).
In order to migrate to OAuth2 in this case, you will have to implement Google's 2-legged OAuth2. For information on how to do so, check out Google's 2-legged OAuth2 and Google Drive SDK delegation docs.
Hope that helps!
I have recently been playing around with ASP.NET MVC5 and the new OWIN authentication middleware.
I want my users to login with their Steam account and password. After a user logs in successfully, I just need the Steam Account Id for further processing. Steam can act as an OpenId Provider as stated in the documentation.
In MVC4 one would implement a custom OpenIdClient. It seems to me that in MVC5 the OpenIdClient class has been removed and authentication is configured using the IAppBuilder class which offers methods to login with Facebook, Google and other predefined providers.
Unfortunately, I haven't been able to find any documentation about plugging a custom provider to the new authentication system. Can you give me any instructions or references?
This is an answer to the bounty that was placed by #Buzinas.
This solution is going to use the NuGet package Owin Security Providers which is available here.
Go to the Package Manager Console (Tools -> Library Package Manager -> Package Manager Console) and install the above package:
Install-Package Owin.Security.Providers
In your App_Start\Startup.Auth.cs add the proper using statement. For Steam, you want
using Owin.Security.Providers.Steam;
Side note, there are several options available, so this package isn't just for Steam.
In the ConfigureAuth method, add app.UseSteamAuthentication("<<API KEY>>");
<<API_KEY>> should be replaced with the API key you received from Valve
Docs are still a bit sparse. One option is to copy-paste a similar existing provider and adapt as needed.
Recommended way to implement custom authentication provider for owin authentication
https://katanaproject.codeplex.com/SourceControl/latest
I am new to windows azure development.
I am developing an application for hosting online tests.
This application needs to have multiple authentication options like Windows live ID, Facebook etc.
It also needs to have default form based authentication fed by the database in back end (simple User name and Password match).
Based on the authentication mechanism different permissions will be available to the user.
Can anyone please suggest how i should proceed on this?
Thanks
Do you really need forms authentication, or do you just need an application specific store where people can use a credential specific to your app?
I'd suggest researching Windows Azure Active Directory and Windows Azure Access Control Services together. You may create either an AD tenant for your application store and use it as an Identity Provider for ACS or you could host your own Secure Token Service and Identity Provider which uses your backend database as the user store also registered with ACS. This means that all of your authentication goes through the same process and allows for you to have your own user store, plus the social Identity Provider capability.
The key here is that you want try to avoid having forms authentication AND Social, but rather a mechanism where multiple Identity Providers can be used, including one of your own.
As Gaurav stated there are a ton of resources out there for this:
Understand the difference between WAAD and ACS.
Provisioning an Azure AD Tenant as a Identity Provider in ACS
Windows Azure Identity
There are also many blogs and MSDN documents talking about how to set these up.
If you start with the default "ASP.net MVC4 Web Application" template in Visual Studio you get a web application mini-sample with an AccountController that supports local and 'social' accounts out of the box. See documentation here. It is based on DotNetOpenAuth (a fantastic lib with terrible documentation) and a Microsoft implementation of an special MembershipProvider which lives in WebMatrix.WebData.
Regarding the Azure Access Control Service 2.0: I have no idea what the status of this service is but it looks to me as if MS itself tries to discourage developers form using this service since it was to deeply hidden somewhere under Windows Azure Active Directory in the documentation.