In What's new in Silverlight 4 page at
http://msdn.microsoft.com/en-us/library/dd772166(v=VS.95).aspx#networking
under section: Client HTTP Processing >> "Basic and NTLM authentication support" is mentioned as a feature. Could someone explain this particular feature in more detail? A piece of sample code demonstrating "NTLM authentication" in Silverlight App would be ideal.
On above mentioned what's new page there is a link to http://msdn.microsoft.com/en-us/library/dd920295(v=VS.95).aspx but it was not of much help.
Take a look at the MSDN Documentation for this topic.
Related
I need to make some Jira REST calls in my web API application. But I have encountered difficulties around creating authentication using Oauth 2.0 according to documentation below:
https://developer.atlassian.com/cloud/jira/service-desk/oauth-2-authorization-code-grants-3lo-for-apps/
I need help on how I can call the step 1 of the above documentation in postman and subsequently, in my code to obtain the authorization code without going through a browser to paste this link below, as I am working with a backend web API application.
https://auth.atlassian.com/authorize? audience=api.atlassian.com& client_id=YOUR_CLIENT_ID& scope=REQUESTED_SCOPE_ONE%20REQUESTED_SCOPE_TWO& redirect_uri=https://YOUR_APP_CALLBACK_URL& state=YOUR_USER_BOUND_VALUE& response_type=code& prompt=consent
I hope to get suggestions as this has been a blocker for me for days. Thanks.
I've been working lately on my own WCF AtomPub service (based on the example in the "WCF REST Starter Kit") for using WLW with my custom written blog. All basic actions such as adding, updating, retrieving and deleting an entry are working "fine".
Although, right now I'm a little stuck when trying to implement the authentication. I can't seem to understand how WLW manages the authentication with AtomPub services.
I've tried to implement it on my side by checking the Authorization header. If not present sending the Unauthorized header etc... but their fails WLW on me.
I also checked all headers send by WLW (for exemple when adding an entry) but I can't seem to find anything related to authentication.
I must say that the WCF service currently is hosted in the same site as my website. And the IIS authentication is set to Unauthorized and Forms. All others are disabled.
Can anyone help me into the right direction? Some interesting websites for example explaining this? (something I have missed in my searches on the web).
Thanks
I had to write an atompub service for the Live Writer about an year ago. These blog posts helped me a lot at that time: http://jcheng.wordpress.com/2007/10/15/how-wlw-speaks-atompub-introduction/. For your case you may look at part 2. In short - "Use Basic, Digest, or X-WSSE over HTTP or HTTPS". I used the basic authentication and had to use this library MADAM http://msdn.microsoft.com/en-us/library/aa479391.aspx to get forms and basic authentication work together. I hope this helps.
I'm trying to use the new WCF Web API Preview 6 with Basic Authentication. But don't really know where to begin.
zanewill apparently had the same issue:
https://stackoverflow.com/questions/8304367/how-to-use-basic-authentication-with-wcf-web-api
But the question is not a dup. I'm using this with mvc and don't really see how
Wcf Basic authentication
should apply?
I've tried out this:
http://cacheandquery.com/blog/2011/03/customizing-asp-net-mvc-basic-authentication/
But can't get it to work.
Should there not be an official solution from MS?
I have to note, that we are using our custom membership provider and that I basically just wanna pass an API token to the service. So the built in Windows Basic Authentification cannot be used.
I actually figured out a way myself. I've built my custom HttpOperationHandler and combined it with an Attribute, so I get a similar functionality as the MVC AuthorizeAttribute.
You can have a look at the solution here:
http://remy.supertext.ch/2012/02/basic-authentication-with-wcf-web-api-preview-6/
I think the recommended approach is to implement custom message handler. See my blog post for an example that works with ASP.NET Web API RTM:
http://www.piotrwalat.net/basic-http-authentication-in-asp-net-web-api-using-message-handlers/
I'm looking for a complete step-by-step guide or a sample project about implementing a RESTful Service using .NET 4.0 using Custom Basic Authentication over HTTPS hosted in IIS.
I've been googling about it for 3 days and I could only find either an implementation with WCF 3.5 which is very different, or without Custom Basic Authentication, or without SSL.
Basically I implemented my REST service on WCF 4, and added SSL, but I can't use a custom authentication using my custom users database.
Any references would be really appreciated.
It's not currently possible using the available WCF extension points.
It is possible with custom HTTP module allowing basic authentication against custom credential store. Built-in module in IIS supports only windows accounts.
I wrestled with this for a while and ended up just implementing basic auth in my service. Check WebOperationContext.Current.IncomingRequest.Headers for an 'Authorization' header. If it's missing or the credentials don't match set the challenge header and return a 401 status:
WebOperationContext.Current.OutgoingResponse.Headers.Add("WWW-Authenticate: Basic realm=\"myrealm\"");
throw new WebFaultException<string>("Username and password needed", HttpStatus.Unauthorized);
That's enough to trigger a browser to prompt the user for credentials. See https://www.rfc-editor.org/rfc/rfc2617 for more on basic auth, http://ithoughthecamewithyou.com/post/Basic-HTTP-auth-for-an-IIS-hosted-WCF-4-RESTful-service.aspx for more on this frustrating missing capability.
Could any one suggest me the best sites to learn Authentication and Authorization Roles with some sample code ?Because am the beginner to security system in asp.net.
Tutorials here are very informative and in detail with sample code.
http://www.asp.net/web-forms/security (including videos)
https://web.archive.org/web/20211020202857/http://www.4guysfromrolla.com/articles/120705-1.aspx
There aren't any major changes in 4.0 in terms of authorization and authentication.
So any tutorial with 2.0+ should be fine.