I have a WCF service that uses Membership for security. If I create a Silverlight Business Application It automatically links in with it and authenticates. How do I do the same with Windows Forms, and possibly XNA?
You can use Microsoft's Client Application Services http://msdn.microsoft.com/en-us/library/bb384297.aspx. I think that is what you are looking for.
Client application services make it easy for you to create Windows-based applications that use the Microsoft Ajax login, roles, and profile application services included in the Microsoft ASP.NET 2.0 AJAX Extensions. These services enable multiple Web and Windows-based applications to share user information and user-management functionality from a single server. For example, you can use these services to perform the following tasks:
Related
We have to develop a larger application with an Angular App on top and a lot of ASP.NET Core based Microservices under the hood.
Also we have to support external applications.
The external applications can be services without UI and also user GUI client applications.
Now the requirement is, that all internal Microservices are auto-trusted automatically and only for external Application the user should get the trust workflow in IdentityServer.
We're not sure how the workflow here should be configured or is be named in this scenario.
I think we need two different workflow configurations for internal and external application trusts.
Can anybody push me into the right direction which workflow and configuration fits most to our requirement?
Following providers we have to support:
- Simple Forms Authentication for our platform
- External Azure Active Directory
I'm planning to develop a pos application for restaurant. Client will be using pc and mobile. Application will be used in local area connection. I'm still considering whether to go with wcf or web api. What are the advantages of using wcf/web api for the type of application i'm building?
Use WCF to create reliable, secure web services that accessible over a variety of transports.
Use ASP.NET Web API to create HTTP-based services that are accessible from a wide variety of clients.
Use ASP.NET Web API if you are creating and designing new REST-style services. Although WCF provides some support for writing REST-style services, the support for REST in ASP.NET Web API is more complete and all future REST feature improvements will be made in ASP.NET Web API.
If you have an existing WCF service and you want to expose additional REST endpoints, use WCF and the WebHttpBinding.
from the official Microsoft Documentation.
Essentially, my take on this is that WCF is much more difficult to work with, and not completely compatible out of the box with many mobile clients, so only use it if you know that it's something you need.
I have a WPF application that uses Client Application Services to allow authentication (username/password logon) against a related web application that uses Forms authentication and the SqlMembershipProvider/SqlProfileProvider/SqlRoleProvider. This all works and I can reliably validate a user/password combination.
The WPF application also calls a number of WCF services that are exposed by the same web application as is used for the CAS authentication. I now want to be able to pass through the authentication details (from Client Application Services) to the WCF services in order that I can identify the user that was authenticated within those services. I also need to be able to prevent the WCF services from being used if no authentication has taken place.
I have found a couple of .NET 3.5 examples where CAS authentication is used against .asmx web services, or authentication is provided against WCF Data Services which does not use ClientBase and has authentication facilities built in, but I cannot find any examples with pure WCF. Can anybody point me toward instruction that will enable this scenario? I am using .NET 4.0 for this project.
I have also found this stackoverflow question but again this is answered for .asmx web services and not for WCF.
The closest I have gotten involves the creation of an OperationContextScope and then copying the cookie header from the ClientFormsIdentity object to an HttpRequestMessageProperty and adding this to the OutgoingMessageProperties of the current OperationContext. I then call one or more methods of the service within the lifespan of the OperationContextScope. Thing is, when I then get to the WCF service, I still cannot see anything that resembles authentication in such a way as I can identify the original user. This methodology has been taken from various examples but I am obviously missing a step at the WCF end.
I think you need to switch to the Web API that Microsoft is now having people use for WCF Services. Check out Using Forms Authentication with Web API and http://aamirposwal.blogspot.com/2012/05/aspnet-web-api-custom-authorize-and.html
Found it.
In my binding, I specified allowCookies="true".
According to Wiktor Zychla, "setting the AllowCookies property on a BasicHttpBinding to true turns on the automatic cookie management" - this means that any attempt to set a cookie in code will be ignored and this is what I was doing.
I am new to Windows Azure and I have a question.
I have:
Web site which deployed to Windows Azure - The web site manage a table (add, edit, delete). I used this guide: Deploying an ASP.NET Web Application to a Windows Azure Web Site and SQL Database
Andorid application & iOS Application (Native Code).
Now, I want the mobile applications to get data (in JSON format) from the web site (and from the DB).
What is the best practice to do that?
I tried to create a Azure (WCF) Service (the project refrenced to the web site project) but I didn't succeded. If this is the way - Is anyone knows a good tutorial to do that?
Is there another option? Maybe from the web site itself?
Thank you very much,
Yuval
If you want to integrate with non-Microsoft technologies I suggest you take a look at the ASP.NET Web API which allows you to build REST services using content negotiation. Content negotiation allows your consumer to specify the format it requires (json, xml, ...).
To host the ASP.NET Web API in a Windows Azure Web Site you should take a look at Carlos' blog, he describes in detail what you need to do to make this work: Creating ASP.NET Web APIs on Azure Web Sites
Have you given ASP.NET Web API a look-see?
http://www.asp.net/web-api
I'm having a hard time wrapping my head around some architectural elements to securing a core WCF service that is consumed by many different applications.
Internally, we have an application that allows HR folks to update a peron's details. This is contained in a WPF app. Externally, we have a website that would allow individual people to authenticate (throuh an AD Membership provider) and update their details.
We don't want users to be able to see other user's information (for obvious reasons). But we don't want to host this service inside the same web application that the users would log into. Here is how the architecture would look from a visual studio perspective:
ServiceApplication
WpfApplication
MVCWebApplication
They don't exist inside the same domains, for example, the service application would be hosted at http://www.service1.com/Service.svc and the mvc application would be hosted at http://www.updateyourprofile.com . So a user logs into http://www.updateyourprofile.com and we'd like to hit a Wcf service via JSON. Both the service application, wpf application, and mvc web application would use AD credentials to authenticate. But how do we secure the service so that users who log into the mvc web application can only see their information?
Most of the examples I see say to use the HttpContext.Current.User check inside the service. But since the user authenticated at a different site, how does the cookie transfer? Do you end up having to publish your service inside the same web application that you want to consume so that the cookies travel transparently?
Or is it just not possible to have a centrally located service with disparate applications that use the same authentication store to determine who has access to what on the service?
What you are looking for is some kind of federated authentication system which is used by all the entry points. That is what Windows Identity Foundation can help you to build.
Inside each application, access control would be claims-based, according to the claims embedded in each user's security token issued by the authentication system.
There's an entire book on the subject on MSDN.