I have done some work in Asp.NET, and i am quite used with user authentication using FormAuthentication
Now I am working on a desktop application and i want to have something like above in windows form application, I want to create and authenticate users by using the application database or xml whatever it is like i have done it in Asp.NET. So far did not any way to achieve this like i want to.
Any help would be great!
A Windows desktop application is nothing like an ASP.NET web application.
You cannot call the different forms separately.
(well you can hack the application, but if you do that, you can just as well remove any password protection)
Hence forms authentication does not make any sense.
You can create a login window as startup window, and check username and password against the database.
And that's about it.
It's a Windows application, you don't need membership provider, forms cookie ticket, etc. because unlike HTTP, Windows desktop applications are not stateless.
PS: If you do a WinForms application, make the login via ActiveDirectory authentication.
There is no point in using FormsAuthentication with Windows applications. What you can do is to use Membership, MembershipUser and Roles classes. All you need to do is to configure Membership and Roles providers in app.config.
FormsAuthentication does not actually authenticate your users. If you call Authenticate on FormsAuthentication you will see that it is obsolete method and that Membership.ValidateUser is used instead.
One drawback of these functionalities is that they are part of System.Web namespace which means that you have to use Web functionality inside of your Windows application. But if it can get the job done and fulfills the requirements, then go with it.
Related
I am developing an intranet website application in ASP.NET Core 2.0 and trying to use Windows Authentication in conjunction with IIS, and then check the user against the authorised users in a database before the user can continue.
The issue is, that the default browser pop-up is not really what is desired. Ideally, I want to use a custom login/logout page with this method, but I don't think it's possible.
Alternative routes I have seen, are turning Windows Auth off, turning Anonymous auth on and using Cookies (but it seems the password is not checked against anything, only the username), or using Identity (which I suspect might be the best route).
What is the best route to follow in this situation? Are there any alternatives? Ideally, I would like to stick with Windows/AD auth in the current form and just provide a login page.
Thanks
I'm looking for solution which uses ASP .NET Identity, Windows Authentication with roles in database. I'm building intranet web app, every user has Windows account but roles should be in database because I don't want to ask admins every time I need to assing user to role.
When I'm creating new ASP .NET MVC project in Visual Studio and choose Individual User Accounts I have a lot of things, which are done e.g. in Startup class and ConfigureAuth method there is app.UseTwitterAuthentication. Is there the same for Windows Accounts? e.g. app.UseWindowsAuthentication?
Can I just authenticate user by Windows Account and map this account to my database account?
I know that I can write my custom RoleProvider, but I'm rather looking solution done like Facebook/Google/Twitter authentication. It seems to be obvious that Windows Authentication should be somewhere, isn't it?
Thanks for every help.
Using OWIN and Active Directory to authenticate users in ASP.Net MVC 5 application passed in comment by trailmax (thanks) is one of the resolution
https://tech.trailmax.info/2016/03/using-owin-and-active-directory-to-authenticate-users-in-asp-net-mvc-5-application/
Choose no authentication
ConfigureAuth with UseCookieAuthentication
Write some kind of AdAuthenticationService
Use service in Login controller
Another worth considering are
https://github.com/MohammadYounes/Owin-MixedAuth and https://github.com/MohammadYounes/MVC5-MixedAuth
I am trying to work out how to send reset password links from a windows forms application which then work within an ASP.NET MVC 5 website. I am currently using Microsoft.OWIN Identity as the authentication provider. I am able to create users, but whenever I try to send a token, the website always states that it is invalid, does any one have any idea how I need to do this?
Thanks in advance,
Chris
The only way to use the DpapiDataProtectionProvider is for both parties, the web and win forms processes, to share the same machine key, and the web site to share the same process model. Not likely to pull that off!
Instead, could you use a webapi request so the web site can produce the token, with all proper authentication for the win forms app, and then the win forms app just sends it in it's way?
I am building an intranet website. And I am still unsure of how to implement the security of the website. I am using ASP.NET MVC 3.
Anyone in the company can access the website. It is a recognition system where you can nominate an employee for an award. Currently I am not using any type of authentication. I have a roles table that contains roles and an association table that specifies which user contain what roles, these roles are mainly administrator-type roles. If a user does belong in these roles then he/she can still access various parts of the website.
Would I need to use the built-in membership for this? Or would I need to create a custom membership for this? We don't use a login page. If the user does not have roles to access a view then he/she is redirected to another page.
We use IIS to do our authentication. Is this the same as Windows authentication? I have the roles table used for authorisation.
I'm just a little confused at the moment, I am hoping someone can give me some more clarity.
You can very well use ASP.Net MembershipProvider and RoleProvider for this
For tutorials on how to use them you should look at Videos at asp.net.
Here's a walk-through at MSDN
This blog post by Scott Guthrie might help:
Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application
For Intranet web applications, the most common authentication scenario to use is called Windows Authentication. Windows Authentication avoids the need to create a login form within an application, and does not require end-users to manually enter their username/password credentials to login to the application. Instead, ASP.NET and IIS can automatically retrieve and validate the Windows username of the end-user visiting the site in a secure way
I have a simple silverlight application hosted on a corporate network. However I want to allow access to this website to few select NT users and restrict the rest. How do I configure it?
Also would such a configuration work for out of browser as well?
you should enable the Integrated windows authentication in the IIS web site or virtual directory configuration. After that in any moment you can take the User.Identity and User.Principal objects and cast them to WindowsIdentity and WindowsPrincipal and check if current user is in a certain role ( aka in a windows group ) or his/her username...
about out of the box I don't know because I have never tried it but you could surely test it once you have a label showing current user name in your SL User Interface, checking if the functionality is the same in the browser or out of browser. Hope this helps...
There are several things you can do.
1) Restrict access to the web services this is calling into - Davide's answer covers this nicely.
2) Restrict access to thw website where the SL app exists, which is easy to do with ASP.NET and the built-in support for Windows Authentication via a MembershipProvider. This way, a user can't even load the HTML page hosting the Silverlight app if they're not in the right role. This would also prevent them from installing the app as Out of Browser, as they can never get to it in the first place.
3) In the OOB mode of the app (when Application.Current.IsRunningOutOfBrowser is true), at startup call into a web service that verifies the user is in the right role - if they're not, the app could simply diplay a "not authorized" visual and not show the real app functionality.
This way, if the user ever was in the role and installed the app OOB, but then lost that permission, they'd still not be able to use the app.
As to implementation of all this, I suggest looking at WCF RIA Services. It has great authentication/authorization support that should simplify implementing this, even if you don't want to use RIA Services for data access for whatever reason (though I recommend that as well, it helps hide a lot of the async complexity of Silverlight data access).