I'm trying to use the new WCF Web API Preview 6 with Basic Authentication. But don't really know where to begin.
zanewill apparently had the same issue:
https://stackoverflow.com/questions/8304367/how-to-use-basic-authentication-with-wcf-web-api
But the question is not a dup. I'm using this with mvc and don't really see how
Wcf Basic authentication
should apply?
I've tried out this:
http://cacheandquery.com/blog/2011/03/customizing-asp-net-mvc-basic-authentication/
But can't get it to work.
Should there not be an official solution from MS?
I have to note, that we are using our custom membership provider and that I basically just wanna pass an API token to the service. So the built in Windows Basic Authentification cannot be used.
I actually figured out a way myself. I've built my custom HttpOperationHandler and combined it with an Attribute, so I get a similar functionality as the MVC AuthorizeAttribute.
You can have a look at the solution here:
http://remy.supertext.ch/2012/02/basic-authentication-with-wcf-web-api-preview-6/
I think the recommended approach is to implement custom message handler. See my blog post for an example that works with ASP.NET Web API RTM:
http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-message-handlers/
Related
I'm in need of a detailed explanation on how I should configure OpenIddict in ASP.NET Core 7.
I have been looking at the available examples and documentation for a week now.
But I do not understand why some examples have ~400 lines of code and others have ~40, in their controller or endpoint implementations.
To make my use case and problem more specific:
Server side:
ASP.NET Core 7
Using minimal APIs
EF Core 7
PostgreSQL
Clients:
Blazor WASM or Angular
Decision not yet made
A skeleton Blazor WASM app created
Mobile apps (native iOS and Android)
I also need to refresh the token, and the user to access and modify the profile data.
I will also need to use other authentication providers (e.g.: Apple, Google).
I read the official docs and tried to undertand the examples.
Edit: I tried the Balosar and Zirku examples.
It left me more confused.
So my goal would be to understand why I need to add and how to configure certain services to achive the functionality described above.
Also, how to implement the needed endpoints, can I do it in minimal APIs, or do I have to stick with the controllers, or add views?
I'm working on segregating the authentication part of my ASP.net MVC4 application using DotNetOAuth 2.0, Which will means that one project will do only authentication and send out response,based on response it will have access to other application.
The Idea is to get any application or project added later on use one common authentication process.
First thing came to my mind was building a service, in the process a read a lot about Web API and think it can help to achieve what I'm looking for.
Please suggest if you guys have implemented something like this or whats's the best practice.
Should i go with API or service, any link or sample to direct is appreciated
ASP.NET Web API is also a service - a RESTful service. The choice of using a "Service" although is good your underlying authentication platform will define what you should be using.
WCF is much more than a web service where as a Web API is pure HTTP service.
If you expect all your "applications" to be web based then there is no reason why this cannot be a Web API.
This article might be something that should help you decide on your authentication model: http://www.asp.net/web-api/overview/security/external-authentication-services
I am learning how to use the asp.net webapi. I want to make an admin area where I can do admin stuff but also add,edit,delete stuff into my database.
I believe I need to make some regular asp.net mvc views and controllers for this. I of course want to secure these pages and only let authorized users in.
I would like to use Oauth. I know that mvc 4 now has build in support now for it but I am not sure which nuget package to download into my webapi project.
I am also unclear if you can register any oauth provider. I am looking at the asp.net mvc 4 internet soultion and I see like RegisterGoogle, RegisterFacebook yet I don't see an option for foursquare and I am not sure if I can add it myself or what.
There was an article that detailed a lot of this in May's issue of MSDN magazine titled Social Authenitciation in ASP.NET MVC 4. I think this has what you are looking for, but there is also another similar stack overrflow question answered in How to implement social login in asp.net mvc 4?
I've been working lately on my own WCF AtomPub service (based on the example in the "WCF REST Starter Kit") for using WLW with my custom written blog. All basic actions such as adding, updating, retrieving and deleting an entry are working "fine".
Although, right now I'm a little stuck when trying to implement the authentication. I can't seem to understand how WLW manages the authentication with AtomPub services.
I've tried to implement it on my side by checking the Authorization header. If not present sending the Unauthorized header etc... but their fails WLW on me.
I also checked all headers send by WLW (for exemple when adding an entry) but I can't seem to find anything related to authentication.
I must say that the WCF service currently is hosted in the same site as my website. And the IIS authentication is set to Unauthorized and Forms. All others are disabled.
Can anyone help me into the right direction? Some interesting websites for example explaining this? (something I have missed in my searches on the web).
Thanks
I had to write an atompub service for the Live Writer about an year ago. These blog posts helped me a lot at that time: http://jcheng.wordpress.com/2007/10/15/how-wlw-speaks-atompub-introduction/. For your case you may look at part 2. In short - "Use Basic, Digest, or X-WSSE over HTTP or HTTPS". I used the basic authentication and had to use this library MADAM http://msdn.microsoft.com/en-us/library/aa479391.aspx to get forms and basic authentication work together. I hope this helps.
Can I offer the authentication, authorization, etc created using "ASP.NET MVC Open Id website" extension.. as a REST service in ASP.NET MVC? How can I create this service(maybe using WCF)?
(Please if you can, offer me some examples please).
Yes, you can. OpenID is not about authorizing web services at all. That's what OAuth does. But DotNetOpenAuth does both OpenID and OAuth, so your users can authenticate with OpenID, then authorize RESTful clients via OAuth, and the user story is probably exactly what you're looking for.
There is a project template that shows you exactly how to do it (does it for you, actually) available on the Visual Studio Gallery.
You can easily create REST services using just MVC. WCF is not necessary. There are tons of posts on restful architecture in ASP.NET MVC.
There is code available with a base API for Restful services using ASP.NET MVC available here: http://code.msdn.microsoft.com/MvcWebAPI .
The author of this library has an excellent article explaining how to create such a service that is capable of will serve both JSON and XML. It can be read at: http://omaralzabir.com/create_rest_api_using_asp_net_mvc_that_speaks_both_json_and_plain_xml/
There are plenty of tools that can help you implement the OpenId service, such as http://www.dotnetopenauth.net/ or the solution outlined at http://www.west-wind.com/weblog/posts/899303.aspx. You said you've already created an OpenId logging system. Basically, take the logging system, create an interface like:
public interface IOpenIdService{
bool Login(string login, string password);
}
and execute it in your Controller Action method. If it is successful return a JSON or XML success message. If it fails return a JSON or XML failure message.
*I have also found this article helpful for REST with MVC: http://blog.wekeroad.com/2007/12/06/aspnet-mvc-using-restful-architecture/. Also, if you want to extend JSON functionality, look into JSON.NET.
Have a look at the latest nerddinner tutorial on codeplex. It has OpenId integration built into the MVC example application: http://nerddinner.codeplex.com/