This question has been asked so many times, and a quick search came up with lot of results. But I haven’t gotten satisfactory answer yet.
We have 2 web applications ( and we may have more in future) App1 is .Net 4 Silverlight Application and App2 is Node.js/Angular application. Both applications have different domains. www.app1.com and www.app2.com The App1 is hosted in IIS and App2 is NOT in IIS
Now, we have to implement Single Sign On Feature to support these applications. I was looking into ASP.NET Identity which is available in .Net 4.5.
Questions
1. So I thought of creating new MVC 5 application using .Net 4.5 that could serve as SSO site. If possible I wanted to use our own SQL server to maintain the credentials. But I am not sure how to share authentication ticket/cookie between sites. I have done this before using Forms Authentication where I had to use same machine key on all websites. But those were all .net applications. However with new identity framework and OWIN and with different types of applications i am not sure. So before I jump into it and start developing I wanted to know is it recommended approach, and if yes, can someone point me in the right direction. An article would greatly help.
2.Second options is to use Azure AD, but I am assuming we have to pay for it( we have MSDN sub) and we do not have local active directory either. Is Azure AD is the right option here? Does it work with Node.Js/Angular application. With Azure AD I guess App1 I may have to upgrade it to .Net 4.5
Related
I have an ASP.NET Core web app running on IIS. It's using ASP.NET Identity standard user/pass authentication and IdP initiated SSO for certain clients.
Now I need to get some of the web app features to MS Teams. I have gone through the MS Teams dev portal and have a test application up and running. The sample app itself is a Blazor app that we need to install as a separate application (let's say on an Azure app service or IIS).
Is it possible to have the Teams & my existing web application in the same project so that I don't have to create a separate site?
The reason is web app is multi-tenant enabled and have a API layer which anyway will have to be used by Teams app. So, if I can put these two together it may be easy? So in my solution, teams will have separate set of views/controls etc..
I am not sure whether my thought process is wrong in this case. Questions here and here doesn't seem to answer my requirement.
Anyway is this possible?
yes it is possible you can run multiple projects in MS teams the difference would be that they will be having different api endpoints and will be called by different names vice versa. I cant get to know what you exactly want to know but I hope it will help you.
We are trying to implement single sign on, across multiple domains from MVC 4 application to .Net Core application.
MVC 4 to MVC 4 it's working fine with MachinKey, but not with .Net core.
How can we implement SSO to share the same authentication with all other application in MVC4 and .Net core application.
Identity Server can do this. Identity Server version 4 will be supported and free for as long as .NET Core 3.1 is supported. After that, you'll need Duende Identity Server, which is the next version, available on a commercial licence.
You can also do it with OpenID Connect (AKA OpenIddict) which is free for the foreseeable future, but that will probably need you to write a bit more code.
I have used both.
Both of them are agnostic to the type of client applications, so your clients can be MVC4, .NET Core, Xamarin, React, anything at all. Both of them have good templates that you can download and get started quite quickly with a simple scenario.
Unfortunately, in my experience, making meaningful extensions or changes to the templates (such as what you're proposing) was difficult and required in-depth knowledge of internet security concepts, studying the documentation and source code of whichever library that you choose.
I have tried really hard to learn but I still find it difficult, so I wish you good luck!
Here are the sample projects for IdentityServer4:
https://github.com/IdentityServer/IdentityServer4.Templates
And here is the documentation on how to get started:
http://docs.identityserver.io/en/latest/
Here are the sample projects for Open Id Connect:
https://github.com/openiddict/openiddict-samples
And here is the documentation:
https://openid.net/connect/
I need to build an application where the front-end (ReactJs) is totally decoupled from the back-end, which is built using Asp.Net Core v5 (or higher) Web API.
Users will log in to the application using both OIDC with Azure Active Directory and local database login.
For performance reasons, I'd like to split some APIs into different projects and eventually install them on different servers.
I'm wondering if the [authorize] attribute I will put on the endpoints will work as usual even if they are running in different environments.
Please note that they could be different servers or different AWS Lambda functions, but in both cases, they can be considered different executables.
Is it something possible or I'm going in the wrong direction?
Please note that they could be different servers or different AWS
Lambda functions, but in both cases, they can be considered different
executables.
Is it something possible or I'm going in the wrong direction?
Thank you # Camilo Terevinto, Posting your suggestion as an answer to help other community members .
"It's completely possible (and common), as long as all APIs (and possibly Lambdas, depending on how they're used) authenticate against the same Azure Active Directory instance.
And we can set up ASP. NET Core Identity with both local login and AAD without any issues . Just ensure that our tokens always have the necessary scopes (to call other APIs in our system)"
For more information please refer the below links:
SO THREAD : How to use both Azure AD authentication and Identity on ASP.NET Core
Blog: Token Based Authentication using ASP. NET Web API 2, Owin, and Identity
I'm building a website from scratch using ASP.NET MVC 4.
The application is hosted on Windows Azure.
It's a rather basic website application.
Next, I would like to authenticate my users.
The authentication requirements are, again, rather basic and straight forward.
I did some reading, and it seems that the best two options for me to achieve users authentication are:
1. ASP.NET SimpleMembership
2. Windows Azure Active Directory Access Control
Now, my questions are, which one should I choose? which one is more secured?
It is dependent on what you want. WAAD -ACS gives you option to integrate various identity providers like google,yahoo etc or federate with Active directory services.
But if do not want such options and simply use your existing asp.net membership you can do that as well.
I have a scenario whereby i need to build a WCF service to provide custom authentication to 3rd parties non-web application connecting in an "Active" mode - i.e. i cannot present a web login page.
The login mechanism is also custom (i.e. not necessarily username/password), and so i cannot use ADFS or ACS.
I have read up on building active STS using WCF, but they mostly relate to .NET 3.5 and not much has been written around using .NET 4.5 since WIF has been integrated into the framework.
I have read Examples of how to a STS in .Net 4.5 using WCF but it doesn't seem to fit my scenario.
Any pointers appreciated.
Maybe you want to have a look at
http://thinktecture.github.com/Thinktecture.IdentityServer.v2/
This is an open source STS that includes active endpoints.