Could any one suggest me the best sites to learn Authentication and Authorization Roles with some sample code ?Because am the beginner to security system in asp.net.
Tutorials here are very informative and in detail with sample code.
http://www.asp.net/web-forms/security (including videos)
https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx
There aren't any major changes in 4.0 in terms of authorization and authentication.
So any tutorial with 2.0+ should be fine.
Related
I have been reading today about the auth implemented in asp.net core for google and facebook, and prototype-ed a lot. Something that's not clear to me at all, even after going through the MSDN docs. and several blogs: Is any support for backend API validation added in .net core or do I still need to call into the google auth library to validate the auth tokens received from the client.
Note: I am using asp.net core as Web API and I don't use the MVC/Razor part.
thanks for any detail added on this!
I want to create a SPA with Vue.js which consumes my ASP.NET Core Web-API. I need user authentication with username and password. The API will also be consumed by a mobile app (Android and iOS) later on.
I read this: ASP.NET Core Web API Authentication
I am wondering if there is nothing official available? Is Basic Auth even the right approach? I've read some documentation for ASP.NET Web-API using filters, didn't work for Core.
Then I though about implementing token based authentication myself.
I've also read that since ASP.NET Core 2.0 it's better to use services instead of middleware?
I am stuck and don't know where to start. Maybe the approach in the Question above is okay for my needs?! I am not quite sure.
You should consider Oauth and Identity. You can even use something such as Auth0.
I've read some article on token based authentication in Asp.Net Core. I'm new to Asp.Net Core and Token based Authentication. Can anyone help me with that? Some code will be helpful for me. I'm using latest version of visual studio community 2017.
There is an excellent tutorial already written here
Also, IdentityServer4 have a lot of tutorials that show you how to configure identity server (to generate tokens) and how to secure your web api (token based authentication).
I'm working on segregating the authentication part of my ASP.net MVC4 application using DotNetOAuth 2.0, Which will means that one project will do only authentication and send out response,based on response it will have access to other application.
The Idea is to get any application or project added later on use one common authentication process.
First thing came to my mind was building a service, in the process a read a lot about Web API and think it can help to achieve what I'm looking for.
Please suggest if you guys have implemented something like this or whats's the best practice.
Should i go with API or service, any link or sample to direct is appreciated
ASP.NET Web API is also a service - a RESTful service. The choice of using a "Service" although is good your underlying authentication platform will define what you should be using.
WCF is much more than a web service where as a Web API is pure HTTP service.
If you expect all your "applications" to be web based then there is no reason why this cannot be a Web API.
This article might be something that should help you decide on your authentication model: http://www.asp.net/web-api/overview/security/external-authentication-services
Can I offer the authentication, authorization, etc created using "ASP.NET MVC Open Id website" extension.. as a REST service in ASP.NET MVC? How can I create this service(maybe using WCF)?
(Please if you can, offer me some examples please).
Yes, you can. OpenID is not about authorizing web services at all. That's what OAuth does. But DotNetOpenAuth does both OpenID and OAuth, so your users can authenticate with OpenID, then authorize RESTful clients via OAuth, and the user story is probably exactly what you're looking for.
There is a project template that shows you exactly how to do it (does it for you, actually) available on the Visual Studio Gallery.
You can easily create REST services using just MVC. WCF is not necessary. There are tons of posts on restful architecture in ASP.NET MVC.
There is code available with a base API for Restful services using ASP.NET MVC available here: http://code.msdn.microsoft.com/MvcWebAPI .
The author of this library has an excellent article explaining how to create such a service that is capable of will serve both JSON and XML. It can be read at: http://omaralzabir.com/create_rest_api_using_asp_net_mvc_that_speaks_both_json_and_plain_xml/
There are plenty of tools that can help you implement the OpenId service, such as http://www.dotnetopenauth.net/ or the solution outlined at http://www.west-wind.com/weblog/posts/899303.aspx. You said you've already created an OpenId logging system. Basically, take the logging system, create an interface like:
public interface IOpenIdService{
bool Login(string login, string password);
}
and execute it in your Controller Action method. If it is successful return a JSON or XML success message. If it fails return a JSON or XML failure message.
*I have also found this article helpful for REST with MVC: http://blog.wekeroad.com/2007/12/06/aspnet-mvc-using-restful-architecture/. Also, if you want to extend JSON functionality, look into JSON.NET.
Have a look at the latest nerddinner tutorial on codeplex. It has OpenId integration built into the MVC example application: http://nerddinner.codeplex.com/