Authentication against Active Directory using a Mobile Device - vb.net

I currently have a Mobile Application that communicates through a WCF Service to access a Database. The Mobile App can access on the network as well as externally. It connects to the WCF Service which is hosted on one server inside the network. From there the WCF Service is pointing at another server which is hosting the Database that the Mobile Device is accessing.
With the above process how would you setup authentication using Active Directory which would confirm the user of the Mobile Application before it can access the WCF Service to confirm that the user is a member of AD and they can then login after authorization is complete. This would occur as the user opens up the Application. Would this be coded into the App to prompt for the information, then send the information to the WCF Service which would then allow access? If not this then are there any other ways or information/links that can be provided please?

Take a look at the BUILD 2013 videos. Visual Studio 2013 will create a webproject that will automagically do all that for you (I think). Just bare in mind, it uses the Microsoft.OWin.Security beta packages.
Also...you will need to install the AspNetWebTools2013 package first...
http://www.asp.net/visual-studio/overview/2013/creating-web-projects-in-visual-studio#orgauthoptions

Related

Host Asp.net Core Web Api locally

I am learning Asp.net Core Web Api. I need to access the api from a flutter application but am not ready to host the api on Azure. What are my options if I want to host the api locally on my computer so I can access it from another application like my Flutter app client, and is there any tutorials I can follow to learn how to implement the solution.
There are several ways to go about this, here are some options:
FROM VISUAL STUDIO: You can simply run the ASP.NET Core Web API from Visual Studio in Development Mode by Pressing F5
FROM COMMAND PROMPT: Run the API Project from the command line by opening a command prompt window in the root project folder of the project and use the dotnet run command. See here for more info about the command: dotner run command
HOSTING IN IIS: I am assuming you are running a windows OS. You can turn on IIS and its features. Simply follow the instructions on this page: Host ASP.NET Core in IIS on how to deploy ASP.NET Core to IIS. The advantage of this is that you have the application always running while you work on your flutter application locally.
I hope this helps you resolve your situation.
What are my options if I want to host the api locally on my computer so I can access it from another application like my Flutter app client, and is there any tutorials I can follow to learn how to implement the solution.
If your application is developing now, there is no need to host the application and let the Flutter app client to access. We could build some json file as the right format like web api response to develop the client app.
If your client application and web api has now developed successfully, you want to host the web api to let fluent app or other application to access from internet. You should have a public IP address and host the application on IIS or else. Public IP address you should ask for the IP provider company. Without a public address, the client side app couldn't access your application from internet.
If your web api and the client app are in the same intranet, you could let the client app directly access the web api after the web api hosted on IIS by using hosting server's IP address.
About how to host the asp.net core application on IIS, you could refer to this article.

WCF + web api + No connection could be made because the target machine actively refused it x.x.x.x:443

I am accessing a third party web api from my WCF application. While development I was able to access those APIs but when I deployed my WCF to IIS, its not able to connect to the web API and throwing me the following error:
"System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it X.X.X.X:443"
Just to make sure that my server is fine where I deployed my WCF. I tried accessing those web api from a simple console application. It accessed those apis from my development machine and from the server machine as well. Now I feel the culprit is not the third party web api server, but something goes wrong when a WCF service access' a web-api hosted in IIS.
Please help!!!
Finally I found the issue. IIS runs my WCF under user 'network service' or 'application pool identity'. These are nothing but window built-in users which has limited access. When I tried accessing third party API from the console application it worked because it was running under my user credential which has admin credential. So I concluded that when an application making cross-domain call then it should be running under a user with enough credential to make such calls.
Solution was to change my application pool identity to a admin user identity (I changed it to my logged in user). It worked and making calls to third party API from WCF service

Windows 8 App with Azure WCF Service

I have a Windows 8 app that I want to connect to a WCF Service hosted on Windows Azure - easy.
The tricky part is that I want to allow only Authenticated users (via their windows live account) to access my service, including being able to pass a unique identifier to the service to identify the user on the Azure hosted app.
All of this plumbing is available when you use Azure Mobile Services, but surely there must be a solution for a regular WCF app within azure.
Azure Mobile Services has a MobileServiceClient type that has all of the required functionality, but I need a regular Azure-hosted WCF equivalent
You can try pulling some of the content from the now deprecated Windows Azure Toolkit for Windows 8. For the moment the Release Preview version is available; it won't work as is since it's pre-RTM, but it should help jumpstart your effort.
I'll re-emphasize though that it's not supported and Windows Azure Mobile Services is the plan of record.

How can I simultaneously authenticate to an IIS7-hosted javascript web client and WCF service using Windows Authentication?

I have created and tested a WCF REST service that is protected with SSL and Windows Authentication through IIS 7. I have also created and tested a pure html/javascript web client that is hosted in IIS 7 that is protected with SSL and Windows Authentication -- same server, different "site" within IIS. The REST service is not public, but the web client is.
Without security, everything works beautifully, but now we are ready for field testing and security must be implemented.
My end goal is to have the user visit mywebclient.com and authenticate using their Active Directory accounts. Initially I thought it would be safe to leave the service calls from the client to the REST service unprotected (since the traffic from the web client to the web service would be internal), but this does not protect us from an internal attacker. Also, in the future, the REST services will be available to handhelds through native applications.
I've tried to gain as much information on this subject as possible, but every piece of Microsoft documentation contains client examples written in .NET.
How can I share the security context between these sites without converting the web client to a .NET-based application? Could this be accomplished by combining the web client and service into one IIS "site"?
Edit: If the client and service exist in the same app pool, does that mean they could share authentication information between client and server processes?

Web Services only connecting to Trusted Devices

I am on a project that uses web services to communicate with hand held devices (Symbol MC70s running windows mobile 5).
We need to make sure that others on the internet can't connect to the web services and start sending info.
I have made a certificate so that the hand held will only connect to my services, but I don't know how to make sure that my services will only connect to my hand held devices.
My app is coded in the .NET Compact Framework and I am using Visual Studio 2008 SP1. My services are hosted in IIS and are coded with WCF in C# (.NET 3.5 sp1).
Any ideas?
Password-protect the services. Alternatively, authenticate the client by the client SSL certificate and issue those to your users.
No way to lock access down to a specific device. A device can be spoofed fairly easily.
When you say that you've "... made a certificate so that the hand held will only connect to my services", are you saying that the device uses https to the web service or that the device is locked down to only connect to the web service http URL?
Anyway, if you are concerned about the data pulled from the web service, you could encrypt it with a key known to your device.