I tried of finding samples for implementing ACS in metroapplications using c#.
But I couldn't find any samples.
Can any one please help me with step by step details for implementing ACS in metro applications using XAML with C#.
I'm not aware of ACS for metro applications and the following may not be what you're looking for. Also, I'm not familiar with the gritty details of ACS. However, metro applications provide an API to enable single sign on to OAuth providers (Facebook, Live, Google, etc...).
There are code samples available # http://code.msdn.microsoft.com/windowsapps/Web-Authentication-d0485122 and further details also available at http://msdn.microsoft.com/en-us/library/windows/apps/xaml/hh465283.aspx
Related
This link https://developers.googleblog.com/2022/03/gis-jsweb-authz-migration.html says
Your full suite of apps and platforms may be using different methods of authentication and authorization from Google. The following are NOT affected by this deprecation announcement:
Android or iOS native app SDKs,
Backend platforms directly calling Google’s OAuth 2.0 or OpenID services.
I'm currently trying to understand our huge legacy code which might be affected by the GIS migration. Currently, we just redirect to https://accounts.google.com/o/oauth2/v2/auth to start the oauth2 process, once the user clicks the "Sign in with google" button. I've seen this link in the example of the old way from the migration document here: https://developers.google.com/identity/oauth2/web/guides/migration-to-gis#oauth-2.0-endpoints however I'm not sure if it is required to migrate to GIS or not.
From what I understand, only the frontend related libraries should be worried, but I'm dumb so maybe I'm misunderstanding. Can anyone help enlighten me?
Thanks.
You do not need to migrate if you are directly making calls to the Google's OAuth 2.0 endpoints.
The guide you reference recommends using the library with the note use the Google Identity Services library to support a less intrusive popup UX mode and to avoid having to manage complex OAuth 2.0 requests and responses. The intent there is to simplify your implementation not to force a migration.
I am getting myself familiar with all the stuff related to authentication using active directory (both Azure AD and Windows Server AD).
Currently I am inspecting MS Katana project which is based on OWIN specification.
There are three libraries and one of them is kind of confusing for me:
Microsoft.Owin.Security.ActiveDirectory
Microsoft.Owin.Security.OpenIdConnect
Microsoft.Owin.Security.WsFederation
As for OpenId and WsFederation I understand what they are for, there are plenty of examples and articles about that.
What confuses me is the purpose of the ActiveDirectory library. I mean is this another way how to authenticate against active directory besides OpenId and WsFederation?
I am unable to find any relevant clear articles and examples about this one. Even on this site is the libraty only listed, but missing example:
Azure Active Directory Authentication Libraries
So my question is what is this library for and what are the use cases for using it over OpenIdConnect and WsFederation ways.
Thanks
That library contains middleware used for securing Web API with Azure AD. Any sample featuring a web API project in https://github.com/AzureADSamples/ uses it.
Is there a single sign-on solution with completely RESTful API installable on my server? I have looked at OpenAM, which have some of the API available through HTTP/JSON, but not all (and seems too heavy, but if it had all the API, I'd not care).
Do you know of solution for authorization, authentication and identity management that can be used for single sign-on and has all (maybe without setting admin password and such critical issues) its API available though HTTP(S)/JSON?
I have no need for Java API etc., HTTP(S)+CLI for setup is only thing I look for. That is, I doin;t realkly care what the solution is implemented in (no need for Java EE etc.) as far as it does its job and it is secure.
Have you seen Mozilla's new Persona solution built on BrowserID? It does a lot, but it's hard to know if it's sufficient for you without more details about how integrated you need the authorization to be.
You might want to look at Stormpath. They're the largest identify management service (for developers) -- and they are all REST + JSON API backed.
I was tasked with implementing either a SAML authentication service, or a EWS (Entitlement Web Service Authentication) service, and I was wondering if anyone has any samples or documentation on such options. I am almost 100% sure that SAML is out of the question due to the time frame of the project.
EWS has been difficult to find online, I can't seem to find any good samples or documentation on implementing such service.
You have not stated which platform you are using, but there are open source SAML implementations that you can use. In php there is SimpleSAMLphp and for java there's Shibboleth.
I am using MVC and Nhibernate in my application. How can i improve security of my application using proper authentication and authorization?
Right now i am using asp.net mvc authentication.
The question is frankly too open. "Proper" authentication and authorization depends on what your application is doing and the data it accepts, stores and outputs. For example twitter's authentication strategy is very different to that of your bank's on-line banking service.
There's also more to it than authentication and authorization, there's XSS, CSRF, Cryptography, Information Leaks and more. Start with the OWASP Top 10 and go from there. However this will not show you the code, because you can't be generic about this, it always needs tailored to the application being secured.
I would suggest you to scan your site for vulnerabilities using some of these great solutions.
Personally, i find this extremely useful.