Anyone know of a service oriented membership provider / service? I’m looking for a hosted solution that provides user registration and authentication services. Basically I don’t want to deal with managing user credentials for my applications. I’d rather leave that to a service that specializes in that. Anything like that out there?
Well, you can just use OpenId: http://openid.net/
OpenID or Facebook Connect suitable for your project?
Related
First of all, I apologize in advance for my naïveté on the topic.
I am trying to create a few microservices that are exposed using an API gateway. A few of these services will need credentials from Google account to access Google Calendar/Gmail etc.. is there any way for a user to only have to login once so that the credentials are all shared between the services? Or should only one service be facing the Google services with credentials?
It seems possible, you can ask a user to authenticate and authorize all permissions your application will need, all at once. But think about the user, when an application requires to access gmail, hangouts, photos, camera, etc. at once, the user normally disbelieve the application. So, the recommended approach is asking for the specific permission when the application requires it so that the user can realize each action you app do.
There exist many different ways to address your question depending on details, however the following link can help you to know where to start:
This link (Google Sign-in) has a wide context on all the Identity mechanisms to look for the most appropriate for you.
This another one explain all possible Identity mechanisms for specific use cases.
This authentication example for Google Calendar is useful, but this post explain how microservices authentication and authorization was solved.
I'm building a web service on Azure. I need to authenticate the users preferably with usernames and passwords in my database, but to be honest, I'll do it with the easiest and simplest way. Azure is pretty easy to use and I'm not sure why I'm struggling to find and documentation on how to secure my web service. Can anyone offer any advice?
In case you want to authenticate users with username and password I'd give MembershipProvider a try.
Using ASP.NET Membership Provider authentincation in a WCF service
Search for wcf security. Azure will just host your service, but the development part is up to you.
Take a look at this msdn links:
http://msdn.microsoft.com/en-us/library/aa354513.aspx
http://msdn.microsoft.com/en-us/library/ff405740.aspx
I've been scratching my head over this issue for over a week. We have a web app that we would like to implement SSO for. SSO with windows active directories of our clients (i.e. we essentially need to authenticate against our clients' active directories without much trouble)
The only thing I am 100% sure about is that I will needed a security token service that will have to communicate with an Identity Provider. My question:
Which service is most suitable for the above scenario (AD FS? OpenID & OAuth 2.0? SAML 2.0 and shibboleth?)
How will I connect to the active directories of the clients? Maybe I'm not understanding how the STS is to be used, could anyone clarify? I'm working with an Azure Web App
Will there have to be a different IdP for each client? Will the client have to do more than just give us standard information? What would this info be?
...should I be using Windows Identity Foundation?
HELP :( ... this is an SOS
If anyone could clarify at all, I will forever be grateful. I normally upvote anything I find helpful and accept whichever answer is the best so feel free to answer with what you think might be useful in helping me understand how I can achieve what I am after.
These are the three options I know:
As you mention one option is ADFS this solution means that your customers should install and expose Adfs. ADFS means Active directory-Federation Services, so in this case your application needs to speak WS-Fed (not oauth). Typically if the user is inside the LAN adfs uses integrated auth, if not it will prompt credentials.
WAAD is a new service from Azure, it allows companies to expose their directories to use in cloud applications. With this approach your customers need an account in Azure, create a directory and use the dir sync agent. Your application will talk SAMLP with WAAD.
Auth0 is an authentication broker that allows developers to use social but also enterprise identity providers like AD but also google apps, waad, adfs, salesforce, etc. if your customer only has AD you will provide him an msi for a windows service, that will bridge the company AD with your auth0 account, you can have as many AD as you want. Your application speak oauth with Auth0. This agent supports kerberos authentication as well. The following graph explains this solution:
Disclaimer: I work for Auth0.
WIF doesn't support SAML or OAuth.
Your application is in Azure.
Suggest add WIF to the application and then "bind" to Azure Active Directory. In VS 2013, use the "Change Authentication" feature for this.
Make the application multi-tenanted.
Each customer has their own tenant. User DirSync to sync. each customer AD with their AAD tenant. (That gives same sign-on). Adding ADFS to each customer gives single sign-on.
However, the customers will probably push back on this because of perceptions around security.
Would like to know how I can enable my wcf web service to provide encryption and authenication? Currently, my web service is connected to Azure(ACS) and ask the identity provider for authentication checking, I can implement the ssl tunneling for getting username and password. but how I can get the acs token and perform SSO? I want to know any current implementation or is there any good example to follow?
Many thanks,
Mike
There is a codeplex project with some great documentation.
http://acs.codeplex.com/documentation
When you mention SSO, I'm assuming you mean federated authentication with active directory. If so, there's a sample project available on MDSN with an example.
http://msdn.microsoft.com/en-us/library/hh127796.aspx
lot's of useful information and samples here http://msdn.microsoft.com/en-us/library/windowsazure/gg185912.aspx
I have multiple NET.TCP services that provide access to my apps bussiness logic layer. I want to authenticate clients with username & password, within all the services, from one dedicated authentication service.
I have thinked that I can generate a custom authentication ticket when the authentication service logons the user and send it to other services. However when talking about security I prefer to use builtin implementations that have been already tested.
Is there a more WCF way to do this? Should I ever try this, or share the authentication logic and authenticate every service?
Thanks in advance
Yes, the (new) WCF way to do this is to use a (or implement your own) security token service based on the windows identity foundation framework.