I'm trying to add Azure Authentication to an existing website with Visual Studio 2013. It looks like this used to be a bit easier in 2012 but seems the recommended path for 2013 is to set this up when creating the project.
I created a new project with AAD (which works) to compare to the changes being made to the project I need to add authentication to. I copied the authentication classes and config settings but it still seems like there is something wrong in web.config:
For AppSettings I have:
<add key="ida:FederationMetadataLocation" value="https://login.windows.net/_____/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:Realm" value="https://AADPath/Application" />
<add key="ida:AudienceUri" value="https://AADPath/Application" />
For System.identityModel I have:
<system.identityModel>
<identityConfiguration>
<issuerNameRegistry type="RegistryClassPath, ProjectName" />
<audienceUris>
<add value="https://AADPath/Application"/>
</audienceUris>
<securityTokenHandlers>
For system.identityModel.services I have:
<federationConfiguration>
<cookieHandler requireSsl="true" />
<wsFederation passiveRedirectEnabled="true"
issuer="https://login.windows.net/AADPath/wsfed"
realm="https://AADPath/Application"
requireHttps="true" />
When I run the site, I'm redirected to the login page as I expect but after logging in I'm presented with the WIF10201: No valid key mapping found for securityToken error.
It was not the configuration but rather I didn't copy the data from the embedded database to the existing project. All seems to be working now.
Related
I have an asp.net mvc project. I installed imageresizing nuget packages. It's working in local.
When I published to my hosting then it's not working.
I set IIS situation integrated and classic but still didn't work.
I couldn't solve, can you help please? Thanks.
The following definitions are exist in web.config
<resizer>
<plugins>
<add name="MvcRoutingShim" />
<add name="DiskCache" />
<add name="SimpleFilters" />
<add name="PrettyGifs" />
</plugins>
</resizer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ImageResizingModule" type="ImageResizer.InterceptModule" />
</modules>
The self-diagnostics page at /resizer.debug explains the configuration issues present on your hosting environment
Image resizer diagnostic sheet 24.11.2014 22:15:04
2 Issues detected:
(Critical): Grant the website SecurityPermission to call UrlAuthorizationModule.CheckUrlAccessForPrincipal
Without this permission, it may be possible for users to bypass UrlAuthorization rules you have defined for your website, and access images that would otherwise be protected. If you do not use UrlAuthorization rules, this should not be a concern. You may also re-implement your security rules by handling the Config.Current.Pipeline.AuthorizeImage event.
DiskCache(ConfigurationError): Not working: Your NTFS Security permissions are preventing the application from writing to the disk cache
Please give user read and write access to directory "D:\inetpub\adafirin.com\www\imagecache" to correct the problem. You can access NTFS security settings by right-clicking the aformentioned folder and choosing Properties, then Security.
Hoping you may be able to help with a peculiar issue I'm facing with my SimpleMembershipProvider.
I have an MVC4 application that uses the SimpleMembership feature to store user and role information. This all works perfectly from the front end MVC4 application.
We also have a web service which will call the same SimpleMembershipProvider to validate the user credentials from a mobile app using the standard ValidateUser() method.
However, before I get to my ValidateUser() method I need to initialise my WebSecurity object using the WebSecurity.InitializeDatabaseConnection method. This is causing the below error:
"The Role Manager feature has not been enabled."
I'm initialising the WebSecurity object within the services startup, using the same code pulled from my Portal:
if (!WebSecurity.Initialized)
{
WebSecurity.InitializeDatabaseConnection("PortalContext", "UserProfile", "UserId", "UserName", autoCreateTables: true);
}
I've checked that my web.config of my web service contains the appSettings key
<add key="enableSimpleMembership" value="true" />
I've also included the rolemanager and membership details within my system.web section of my web.config.
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear />
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData" />
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear />
<add name="SimpleMembershipProvider" type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData" />
</providers>
</membership>
I'm now completely at a loss and have spent all morning googling for a possible solution.
Can anyone think of a reason why this might be occurring?
If you have multiple projects in the same solution and are using migrations, make the as the startup project the one containing the migrations (in Solution Explorer, Right click Project name > "Set as startup project") before running database-update.
I have a maddening situation here with an MVC4 site. At the outset, you need to know it uses Windows authentication, and I also want to use simplemembership roles (but I don't think this is working--but this is not the focus of my question). Basically, the site works on my dev machine (with IIS Express) and a test machine (with regular IIS). But it doesn't work in production environment. We get an error "could not load file or assembly WebMatrix.WebData, version=2.0.0.0.
The WebMatrix.WebData reference has CopyLocal = False. (This works in dev and test.) If I set CopyLocal = True, then the authentication goes haywire. Specifically, when you visit the site, it attempts a redirect to login.aspx (obviously not an MVC component). So, my question is Why is this happening? How do I fix?
Here's what I've got under my system.web element in the config:
<roleManager enabled="true">
<providers>
<clear/>
<add name="simple" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership>
<providers>
<clear/>
</providers>
</membership>
<authentication mode="Windows" />
I've played around with this quite a bit trying to understand the problem, but I don't really know what I'm doing with this config section/what all can be done. I wonder if there's a problem clearing all the membership providers.... while trying to use the SimpleRoleProvider. (I tried cutting out SimpleRoleProvider, but this had no effect on problem.)
I am using System.IdentityModel to authenticate users in an ASP.NET MVC4 web application using forms auth with a claims principal. (code based on this article: http://brockallen.com/2013/01/26/replacing-forms-authentication-with-wifs-session-authentication-module-sam-to-enable-claims-aware-identity/)
My ClaimsBasedAuthenticationService class issues the SAM cookie from the SessionSecurityToken, and all has been well...except that I just now noticed that it is not creating the session cookies as HTTPOnly or requiring them to require SSL. When I debug the code, I can see those properties on the CookieHandler object are set correctly in the debugger, but the final session cookie that is created simply doesn't have the HTTPOnly and Secure flags marked.
I have the web.config lines to set these to true explicitly as such:
<system.web>
<httpCookies httpOnlyCookies="true" requireSSL="true" />
<authentication mode="Forms">
<forms ... requireSSL="true" />
</authentication>
...
</system.web>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="true" hideFromScript="true" />
</federationConfiguration>
</system.identityModel.services>
Can someone tell me if there's something else I am missing in order for my FedAuth cookies to be hidden from script (HTTPOnly) and require SSL?
I am using the same implementation and do not see your issue using Fiddler2. However maybe the issue is related to your debugging tool? In IE10 debugging tools the secure and http only flags are only displayed when the cookies are first received. If you check using Chrome debugging tools you should see the flags displayed correctly on all requests.
Did you get this working? I've been using basically the same code and it's all fine.
I can't see that the following suggestions have anything to do with anything, but the only things I can suggest, are to set the cookie lifetime
<cookieHandler hideFromScript="true" requireSsl="true" persistentSessionLifetime="30" />
<forms loginUrl="/Whereever" timeout="30" requireSSL="true" />
and
<system.webServer>
<modules>
<add name="SessionAuthenticationModule" type="System.IdentityModel.Services.SessionAuthenticationModule, System.IdentityModel.Services, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" preCondition="managedHandler" />
</modules>
</system.webServer>
I am developing asp.net mvc2 application and I use asp.net membership provider which uses ASPNETDB.mdf database. I have also my own database and now I wonder how to upload these 2 databases to server? Should I upload them as .mdf file or should I use SQL server? I prefer using SQL server and if someone knows the shortest way to convert and upload these 2 databases it would help me a lot.
Thanks in advance,
Ilija
Funny I just finished doing the same thing. The basic steps are as follows:
From Visual Studio, load your .mdf and choose "publish to provider" to make a .sql file.
Open SQL Management Studio, open a connection to your database and load the sql file. Add a "use yourdbname;" on top to have it output the tables to your database, then run it.
Now you should have the full table structure. What's left is to modify web.config to read the new tables:
First the membership provider:
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider"
type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a "
connectionStringName="ConnectionStringLoginInfo"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
passwordFormat="Hashed"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
passwordStrengthRegularExpression=""
applicationName="/"
/>
</providers>
</membership>
Now the role provider:
<roleManager enabled="true">
<providers>
<clear/>
<add name="AspNetSqlRoleProvider"
type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a "
connectionStringName="ConnectionStringLoginInfo"
applicationName="/"
/>
</providers>
</roleManager>
And lastly the WebPart provider, if you use it:
<webParts>
<personalization defaultProvider="SqlDatabaseProviderDRDBLoginInfo">
<providers>
<clear/>
<add connectionStringName="ConnectionStringLoginInfo"
type="System.Web.UI.WebControls.WebParts.SqlPersonalizationProvider"
name="SqlDatabaseProviderDRDBLoginInfo"/>
</providers>
</personalization>
</webParts>
In this example I called the connection string ConnectionStringLoginInfo, but whatever you name it, make sure you set it in the connection strings part. Not gonna paste that too :)
This all took me way more than I care to say, but when I saw my app working flawlessly with the App_Data folder deleted, that was quite the moment!
Your simplest option for a hosted solution (i.e. your hosting plan is not a Virtual Private Server) is to generate SQL scripts of your database, exporting these to *.sql files and then run them in your hosted SQL connection.
I would normally connect to my web host's SQL instance using SQL Server Management Studio and either open or paste in the scripts generated by my local copy.
Depending on whether or not your web host provides the service, you might also be able to use the "Publish to provider..." option in Visual Studio.
As a supplement to Blindy's answer I wanted to mention that another way to configure the providers is to change the connection string settings of the default ConnectionString used by most of the providers, which is LocalSqlServer. To do this you just override that particular ConnectionString in your web.config like so:
<connectionStrings>
<clear />
<add name="LocalSqlServer" connectionString="change this to be the details of your host database" providerName="System.Data.SqlClient" />
</connectionStrings>
Also, if you don't want to clear the entire connectionStrings section you can just remove the particular connection string like this:
<connectionStrings>
<remove name="LocalSqlServer" />
<add name="LocalSqlServer" connectionString="change this to be the details of your host database" providerName="System.Data.SqlClient" />
</connectionStrings>
This works, because all providers that default to using Sql Server for their Data Store - such as the membership provider - use the "LocalSqlServer" connection string by default. Thus, if you override it, you don't have to change each provider to point to a different Connection String.
Also, for security reasons, you might want to look into encrypting the connectionString section of your web.config file. The following two articles provide more info.
Encrypting and Decrypting Configuration Sections
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA