Can I offer the authentication, authorization, etc created using "ASP.NET MVC Open Id website" extension.. as a REST service in ASP.NET MVC? How can I create this service(maybe using WCF)?
(Please if you can, offer me some examples please).
Yes, you can. OpenID is not about authorizing web services at all. That's what OAuth does. But DotNetOpenAuth does both OpenID and OAuth, so your users can authenticate with OpenID, then authorize RESTful clients via OAuth, and the user story is probably exactly what you're looking for.
There is a project template that shows you exactly how to do it (does it for you, actually) available on the Visual Studio Gallery.
You can easily create REST services using just MVC. WCF is not necessary. There are tons of posts on restful architecture in ASP.NET MVC.
There is code available with a base API for Restful services using ASP.NET MVC available here: http://code.msdn.microsoft.com/MvcWebAPI .
The author of this library has an excellent article explaining how to create such a service that is capable of will serve both JSON and XML. It can be read at: http://omaralzabir.com/create_rest_api_using_asp_net_mvc_that_speaks_both_json_and_plain_xml/
There are plenty of tools that can help you implement the OpenId service, such as http://www.dotnetopenauth.net/ or the solution outlined at http://www.west-wind.com/weblog/posts/899303.aspx. You said you've already created an OpenId logging system. Basically, take the logging system, create an interface like:
public interface IOpenIdService{
bool Login(string login, string password);
}
and execute it in your Controller Action method. If it is successful return a JSON or XML success message. If it fails return a JSON or XML failure message.
*I have also found this article helpful for REST with MVC: http://blog.wekeroad.com/2007/12/06/aspnet-mvc-using-restful-architecture/. Also, if you want to extend JSON functionality, look into JSON.NET.
Have a look at the latest nerddinner tutorial on codeplex. It has OpenId integration built into the MVC example application: http://nerddinner.codeplex.com/
Related
The idea is to implement Single-sign on using the given technical stack (ASP.NET CORE WEB API, IdentityServer4, ReactJS - Front end)
ASP.NET Core Identity together with IdentityServer4 offers an extensions for Single-Sign-On (Google, Microsoft ect.) for MVC framework. However, a proper guidance is not given for a WEB API scenario.
Please provide me an example or a tutorial, which I can follow in this regard?
Thanks in advance.
*** Update ***
Would be great if an example is given for the flow of events on this scenario, as to how should the communication happen between the Front end application and the backend.
I have been trying for weeks to implement JWT authorisation in my .NET Core web app and have found myself following a lot of guides that I don't think are relevant to my use case. These guides talk a lot about scopes etc, and I don't think I need that level of complexity for my use case.
A lot of the guides talk about using things like OpenIddict or Identity Server to setup and configure something that the user can authorise against, but in these settings it seems like a seperate project is required to house the identity provider, and then my new asp net core application has to somehow hook into that for use. I'm also trying to get things like refresh tokens to work so the user doesn't have to log in over and over again.
The "client side" of my app will be Xamarin (for mobile) and Angular (for web).
In a single web application (a single .net core application) how can I use .NET Core Identity with JWT or OAuth? What is the minimum level of configuration required to achieve this?
ThisSimple JWT project
This is not asp.net core .This is just asp.net mvc project but this really simple and basic one. by watching this code, you will be clear how to implement JWT. Thanks
I have been reading today about the auth implemented in asp.net core for google and facebook, and prototype-ed a lot. Something that's not clear to me at all, even after going through the MSDN docs. and several blogs: Is any support for backend API validation added in .net core or do I still need to call into the google auth library to validate the auth tokens received from the client.
Note: I am using asp.net core as Web API and I don't use the MVC/Razor part.
thanks for any detail added on this!
I'm working on segregating the authentication part of my ASP.net MVC4 application using DotNetOAuth 2.0, Which will means that one project will do only authentication and send out response,based on response it will have access to other application.
The Idea is to get any application or project added later on use one common authentication process.
First thing came to my mind was building a service, in the process a read a lot about Web API and think it can help to achieve what I'm looking for.
Please suggest if you guys have implemented something like this or whats's the best practice.
Should i go with API or service, any link or sample to direct is appreciated
ASP.NET Web API is also a service - a RESTful service. The choice of using a "Service" although is good your underlying authentication platform will define what you should be using.
WCF is much more than a web service where as a Web API is pure HTTP service.
If you expect all your "applications" to be web based then there is no reason why this cannot be a Web API.
This article might be something that should help you decide on your authentication model: http://www.asp.net/web-api/overview/security/external-authentication-services
I'm trying to use the new WCF Web API Preview 6 with Basic Authentication. But don't really know where to begin.
zanewill apparently had the same issue:
https://stackoverflow.com/questions/8304367/how-to-use-basic-authentication-with-wcf-web-api
But the question is not a dup. I'm using this with mvc and don't really see how
Wcf Basic authentication
should apply?
I've tried out this:
http://cacheandquery.com/blog/2011/03/customizing-asp-net-mvc-basic-authentication/
But can't get it to work.
Should there not be an official solution from MS?
I have to note, that we are using our custom membership provider and that I basically just wanna pass an API token to the service. So the built in Windows Basic Authentification cannot be used.
I actually figured out a way myself. I've built my custom HttpOperationHandler and combined it with an Attribute, so I get a similar functionality as the MVC AuthorizeAttribute.
You can have a look at the solution here:
http://remy.supertext.ch/2012/02/basic-authentication-with-wcf-web-api-preview-6/
I think the recommended approach is to implement custom message handler. See my blog post for an example that works with ASP.NET Web API RTM:
http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-message-handlers/