I'm looking for solution which uses ASP .NET Identity, Windows Authentication with roles in database. I'm building intranet web app, every user has Windows account but roles should be in database because I don't want to ask admins every time I need to assing user to role.
When I'm creating new ASP .NET MVC project in Visual Studio and choose Individual User Accounts I have a lot of things, which are done e.g. in Startup class and ConfigureAuth method there is app.UseTwitterAuthentication. Is there the same for Windows Accounts? e.g. app.UseWindowsAuthentication?
Can I just authenticate user by Windows Account and map this account to my database account?
I know that I can write my custom RoleProvider, but I'm rather looking solution done like Facebook/Google/Twitter authentication. It seems to be obvious that Windows Authentication should be somewhere, isn't it?
Thanks for every help.
Using OWIN and Active Directory to authenticate users in ASP.Net MVC 5 application passed in comment by trailmax (thanks) is one of the resolution
https://tech.trailmax.info/2016/03/using-owin-and-active-directory-to-authenticate-users-in-asp-net-mvc-5-application/
Choose no authentication
ConfigureAuth with UseCookieAuthentication
Write some kind of AdAuthenticationService
Use service in Login controller
Another worth considering are
https://github.com/MohammadYounes/Owin-MixedAuth and https://github.com/MohammadYounes/MVC5-MixedAuth
Related
Suppose I'd like to use ASP.NET Core in an intranet project, where I want to enable single sign-on for users based on their AD Identity. The project needs to have different roles assigned per user and associated with these identities.
Can I? There is not much information online about it.... but here is what I've found:
What I've done...
In VS2017 I just created a new ASP.NET Core project and selected Windows Authentication as my authentication mechanism. If I run this project locally, IIS correctly passes my local WindowsIdentity to the application (my machine is not part of the domain) and I can access the user's claims.
My question is:
Will this same behavior hold in a server that is domain joined, and for a user that is part of the directory? Will IIS correctly pass AD credentials to or the WindowsIdentity object to my asp.net core application?
Bonus:
How could I handle roles in this scenario? I am thinking either through claims configured directly in the directory (assuming IIS can hand me that information) or to manage the roles myself based on a user claim (like username). Thoughts?
I'm developing a MVC application that will require a user to be authenticated against an AD. how to create log in page in MVC to create an Intranet Application that automatically authenticates a user against an AD
Why don't you use the Intranet Template provided by Microsoft Visual Studio, which does exactly what you want out of the box?
Your requirement is paradox. Why do you want a login page, which does login a user automatically, while being logged in by visiting the (main-)site automatically, does not require the visitor to do anything at all, because he is already authenticated by entering his credentials at the windows-logon
More information: http://msdn.microsoft.com/en-us/library/gg703322(v=vs.98).aspx
you can use the built in windows authentication feature. the example is in here
if you need mixed authenticated for example you want the user can access from outside using their AD it will involve either two applications or two different pages for authentication types. find the example here
I'm not entirely sure if you actually want a login page that automatically authenticates a user that visits the main site. Maybe your wording is a bit confusing there.
I'll asumme you want your Web-App to be able to authenticate users against AD after having to log in with intranet credentials. If that's the case, you might want to have a look at this article detailing how to set that up using IIS and an ASP.NET app.
If not, please disregard this answer.
I have done some work in Asp.NET, and i am quite used with user authentication using FormAuthentication
Now I am working on a desktop application and i want to have something like above in windows form application, I want to create and authenticate users by using the application database or xml whatever it is like i have done it in Asp.NET. So far did not any way to achieve this like i want to.
Any help would be great!
A Windows desktop application is nothing like an ASP.NET web application.
You cannot call the different forms separately.
(well you can hack the application, but if you do that, you can just as well remove any password protection)
Hence forms authentication does not make any sense.
You can create a login window as startup window, and check username and password against the database.
And that's about it.
It's a Windows application, you don't need membership provider, forms cookie ticket, etc. because unlike HTTP, Windows desktop applications are not stateless.
PS: If you do a WinForms application, make the login via ActiveDirectory authentication.
There is no point in using FormsAuthentication with Windows applications. What you can do is to use Membership, MembershipUser and Roles classes. All you need to do is to configure Membership and Roles providers in app.config.
FormsAuthentication does not actually authenticate your users. If you call Authenticate on FormsAuthentication you will see that it is obsolete method and that Membership.ValidateUser is used instead.
One drawback of these functionalities is that they are part of System.Web namespace which means that you have to use Web functionality inside of your Windows application. But if it can get the job done and fulfills the requirements, then go with it.
I am building an intranet website. And I am still unsure of how to implement the security of the website. I am using ASP.NET MVC 3.
Anyone in the company can access the website. It is a recognition system where you can nominate an employee for an award. Currently I am not using any type of authentication. I have a roles table that contains roles and an association table that specifies which user contain what roles, these roles are mainly administrator-type roles. If a user does belong in these roles then he/she can still access various parts of the website.
Would I need to use the built-in membership for this? Or would I need to create a custom membership for this? We don't use a login page. If the user does not have roles to access a view then he/she is redirected to another page.
We use IIS to do our authentication. Is this the same as Windows authentication? I have the roles table used for authorisation.
I'm just a little confused at the moment, I am hoping someone can give me some more clarity.
You can very well use ASP.Net MembershipProvider and RoleProvider for this
For tutorials on how to use them you should look at Videos at asp.net.
Here's a walk-through at MSDN
This blog post by Scott Guthrie might help:
Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application
For Intranet web applications, the most common authentication scenario to use is called Windows Authentication. Windows Authentication avoids the need to create a login form within an application, and does not require end-users to manually enter their username/password credentials to login to the application. Instead, ASP.NET and IIS can automatically retrieve and validate the Windows username of the end-user visiting the site in a secure way
I currently have an app which using Active Directory for authentication. In other words, the IIS virtual directory is setup Active Directory authentication and I do no have to deal with it at all. If you are on the domain, you can get in.
Some customers now also want to add a feature where they can log in using a standard userid/password combo. The scenario being a contractor coming in for a few days with their laptop and need access to the app. There is no point of creating an Active Directory account for such a person.
Is this possible in an ASP.NET app? How would I go about it?
If you converted your app to use Forms Authentication, then you could configure 2 membership providers; one to authenticate against active directory, and the other could use the standard SqlMembershipProvider. This second provider is the one you would create your temporary accounts in.
In regards to authenticating against multiple providers, this is quite straight-forward. This article describes the process.
If you convert the application to use Forms Authentication, you can then process the login method to authenticate off of either Active Directory, or your own internal user database, depending on whatever criteria you expect. There are several articles out there on how to write your own code to perform a simple authentication against Active Directory.
I'd say you probably want your own Authentication Provider as discussed in this article. You'd build the validation logic to auth against the right store depending on your criteria.