I'm building a website from scratch using ASP.NET MVC 4.
The application is hosted on Windows Azure.
It's a rather basic website application.
Next, I would like to authenticate my users.
The authentication requirements are, again, rather basic and straight forward.
I did some reading, and it seems that the best two options for me to achieve users authentication are:
1. ASP.NET SimpleMembership
2. Windows Azure Active Directory Access Control
Now, my questions are, which one should I choose? which one is more secured?
It is dependent on what you want. WAAD -ACS gives you option to integrate various identity providers like google,yahoo etc or federate with Active directory services.
But if do not want such options and simply use your existing asp.net membership you can do that as well.
Related
I am writing an ASP.NET Core 6 application and have to have user logins. The choices are either ASP.NET Core Identity that is a part of the ASP.NET Core 6 framework or to use Active Directory.
This will all be hosted on Azure so if I use Active Directory it will be Azure Active Directory used solely for this application.
As I see it the trade-offs are:
ASP.NET Core Identity
Integrated into the framework - easier to use.
Active Directory
Supports more MFA options
Need it if I'm going to also have a Web API available too
Can connect another Active Directory to provide users eliminating the need for duplicate logins for users on associated systems.
Am I missing something here? Because it appears to me that it's a slam dunk to use Active Directory.
I need to build an application where the front-end (ReactJs) is totally decoupled from the back-end, which is built using Asp.Net Core v5 (or higher) Web API.
Users will log in to the application using both OIDC with Azure Active Directory and local database login.
For performance reasons, I'd like to split some APIs into different projects and eventually install them on different servers.
I'm wondering if the [authorize] attribute I will put on the endpoints will work as usual even if they are running in different environments.
Please note that they could be different servers or different AWS Lambda functions, but in both cases, they can be considered different executables.
Is it something possible or I'm going in the wrong direction?
Please note that they could be different servers or different AWS
Lambda functions, but in both cases, they can be considered different
executables.
Is it something possible or I'm going in the wrong direction?
Thank you # Camilo Terevinto, Posting your suggestion as an answer to help other community members .
"It's completely possible (and common), as long as all APIs (and possibly Lambdas, depending on how they're used) authenticate against the same Azure Active Directory instance.
And we can set up ASP. NET Core Identity with both local login and AAD without any issues . Just ensure that our tokens always have the necessary scopes (to call other APIs in our system)"
For more information please refer the below links:
SO THREAD : How to use both Azure AD authentication and Identity on ASP.NET Core
Blog: Token Based Authentication using ASP. NET Web API 2, Owin, and Identity
I have two applications using MVC Core 2.2 with Entity and Identity
These two applications need to use the same user base. All applications and database are on the same server.
Permissions and roles will be different per site, my main goal is SSO (Single Sign On).
In this case, do I need to use some tool like Identity Server 4? Or can I do it in a simpler way?
I'm building a system with 3 projects and I'm struggling with how to implement user management. I have 3 projects, an asp.net core MVC, an asp.net core Web API and an identityserver4. I want to use asp.net core identity for user management because the framework provides a lot, but I don't know where to place it. The system itself is not a big system yet, but I want it to be scalable in the future. I've read that the only thing identityserver is suppose to do is the authentication and authorization and not deal with the user management part(create users, change permission, etc.)
In the system itself, I need to have an admin that has access to the users (through the frontend MVC) and can create new or delete users, etc.
so the question is, Should i implement all the user management functions that asp.net core identity provides in the identityserver4 project or should I build it in the web API and have the two projects access the same database. I don't want the 4th project only for user management, though I know that is the ideal solution.
Currently, the mvc app only connects with the web API with the bearer token that identityserver provided.
Or, should I go in a new direction and use jwt token and asp.net core identity and only have two projects?
I'm very confused about this part, and I want to know what is the best practice.
Only Identity Server project (and any projects that are related to it) should have access to the user database. All user info a client or a API resource needs, it needs to get it from the IS its self. Now, setting up Identity Server properly depends on your needs. If you want a simple one for a few apps to use, go with a single project that can sign in users and register them, and setup your clients and API resources in the config.cs files. This is not a great way to do it though. Generally, you should have a IS project for user sign in and registration, and one more project that manages those users, as well as clients and API resources. You can see a great example of it here, it also uses ASP.NET Identity, and has a STS project(Identity Server), Admin project(User, Client, API manager) and an API project(for all related db access). Hope this helps.
This question has been asked so many times, and a quick search came up with lot of results. But I haven’t gotten satisfactory answer yet.
We have 2 web applications ( and we may have more in future) App1 is .Net 4 Silverlight Application and App2 is Node.js/Angular application. Both applications have different domains. www.app1.com and www.app2.com The App1 is hosted in IIS and App2 is NOT in IIS
Now, we have to implement Single Sign On Feature to support these applications. I was looking into ASP.NET Identity which is available in .Net 4.5.
Questions
1. So I thought of creating new MVC 5 application using .Net 4.5 that could serve as SSO site. If possible I wanted to use our own SQL server to maintain the credentials. But I am not sure how to share authentication ticket/cookie between sites. I have done this before using Forms Authentication where I had to use same machine key on all websites. But those were all .net applications. However with new identity framework and OWIN and with different types of applications i am not sure. So before I jump into it and start developing I wanted to know is it recommended approach, and if yes, can someone point me in the right direction. An article would greatly help.
2.Second options is to use Azure AD, but I am assuming we have to pay for it( we have MSDN sub) and we do not have local active directory either. Is Azure AD is the right option here? Does it work with Node.Js/Angular application. With Azure AD I guess App1 I may have to upgrade it to .Net 4.5