I am writing two applications which communicate with the facebook servers. The first one is an ASP .NET application which gets an access token for the user and another console application which runs on a schedule and gets some data from the server. My issue is how to send the access token to the console application since I cannot get a user access token from a pure C# application right?
There are many ways to pass data between applications. You can use database, file system if your applications are running on one server. You can also try web service, wcf service or web api in distributed systems.
Related
I'm working on a Windows Desktop application that needs to authenticate to a Web API that uses JWT.
We are using the authentication based on if the end-user of the desktop client is successfully logged into their computers with a smart card. So if they are logged into their computers, we pass a specific piece of that data to our Web API to verify that value is in the database of the Web API, and then that particular data will use that to determine the roles. JWT works excellent and has no issues. We are accomplishing JWT via this article: https://auth0.com/blog/add-auth-to-native-desktop-csharp-apps-with-jwt/
Is there another way to make sure they are coming from our desktop applications and not hitting our API via another application in the network? Or do we not need to worry about that since they have been pre-authenticated into the computer itself.
I have a scheduled task to create to get data from a site using the webclient
class. How do I execute a database update with the data retrieved under a different windows user? I was told not to use the same account to access the site as performs the update. Should I just create a windows service that runs the web request then call a db component with authentication settings set under IIS to run under a different user? Or is there a tidier way to do this running a single exe as a scheduled task? The Scheduled task runs under a single user. Could I run the task and switch user for the update? We are using Windows authentication at the database level.
Run two Windows Services. One to get the data from the website, running under Account "A" which stores the data locally. The other Windows Service running under Account "B" picks up the locally stored data and executes the database update.
Other designs will require you to store the credentials somewhere in a config or other file - this way the Windows Services are always running under the correct account for the task they are attempting.
You clearly stated that you will have to use a Windows user to get access to the database. However, often this will not be the case when you authenticate against a web site so exactly how you solve your problem will depend on the details of that.
You should probably execute your process as the Windows user that has access to the database. Then you have to solve how to authenticate against the web site. If the site uses forms based authentication it is a bit complicated but there is an answer to the question WebClient accessing page with credentials that might help.
If you need to use the WebClient.Credentials property to authenticate against the web site you might find it easier to execute your process as the user that has access to the web site. You then need to use impersonation to access the database. A simple way to do that is to use the SimpleImpersonation NuGet package.
In most cases you will have to store the password for one of the users so your process can use it to either log in to the web site or impersonate the user. A relatively safe way to store the password is to use the Windows Data Protection API (DPAPI). The class ProtectedData can assist you in storing secrets so only a specific user on the computer can access the secret (e.g. the password).
For the past 2 years we have created 3 desktop application and 2 admin section(web) for one of my client.
Every application uses its own authentication process.
I have merged the authentication process for web in single unit.
But the client wants to have one screen for getting authenticated on desktop application as well as on website.
he also want to use different browser and the username /password should be asked only once irrespective of browser opend.
I tried to use cookies for web. but every browser has got its own cookies.
Can any one suggest how can i authenticate a user for the whole computer so that authentication information is available to desktop application as well as to website irrespective of the browser being used?
Edit: As suggested by joe using windows authentication is not possible in my case.
So i created one more table with following column
ip,userid,authenticatedat
when ever a user is authenticated i insert its ip,userid, and time in table.
when ever a non authenticate user comes first i look in the table if the ip is present and authenticatedat is within 30 min i assume user is authenticated and set the session/variable with data required.
This i have checked and found it is working .
I have found this is not secure.
Windows authentication is the only way I know of doing this. Assuming your users are on a domain you control, then their Windows credentials would validate them, and they wouldn't ever need to enter a username and password.
Outside of that, I can only think of hacky dirty methods of making this happen. You could install a single authentication service on their machine which is available to connect to remotely from other applications - those apps would call your service, and that service would authenticate the user and pass an authentication token back. Easy enough for Windows apps, but making that work on a web app wouldn't be fun. Your web server wouldn't be able to talk to this service, so you'd have to rely on the client javascript talking to the service and retrieving a token or hash, and then the javascript passing this on to the web server.
Anything you put on a local machine, you have to assume the user can reverse engineer and manipulate, so if you need real security, I doubt you'll find a solution. Best bet is just to make the user log in every time you need to, and have your authentication/authorization code on your web service layer.
I am trying to add Windows authentication to an existing website that I have created. All information that I have read regarding using Windows authentication in silverlight requires that you start with the Silverlight Business Applicaion template instead of the Silverliight application template. I already have a website that I started writing using the Silverlight Application template. How can I add windows authentication to this existing website?
If your application is hosted in IIS and this is a intranet site, you just need to set the application in IIS authentication method to Windows Authentication, then when the client tries to load the SL App a 401 challenge will trigger asking the user to enter in his/hers credentials. You can also set IE to pass with windows credentials to the server when the site is loaded.
I have had spent quite a bit of time tweaking various properties to get the right functionality that i am looking for (especially with machine names being fully qualifies or not) but basically that's one thing to keep in mind when debugging this is that machines names play a role in how the server interprets a client trying to access the server.
I'm having a problem where i want to get the users windows login information sent to IIS then from there sent to a WCF service hosted in a console application and then that service uses the credentials to go to a database and retrieve results.
i'm looking for an example on the web that does EXACTLY this but for the life of me can't find one. I can find a million example that
1. Give general information about WCF, Windows Authentication, Delegation, impersonation etc..
1. Uses the credential to go to a WCF service hosted in IIS and then to the database
2. Uses the credentials to go straight to a WCF service and then to the database
But I can’t an example going first to a regular webpage in IIS, then to a WCF service hosted in a console app and then to the database
Can anyone find this specific scenario?
Can you get current user under IIS? write Login method in WCF and pass that data to WCF service, use sessions, and require that Login should be called first, after all close the session