I am trying to add Windows authentication to an existing website that I have created. All information that I have read regarding using Windows authentication in silverlight requires that you start with the Silverlight Business Applicaion template instead of the Silverliight application template. I already have a website that I started writing using the Silverlight Application template. How can I add windows authentication to this existing website?
If your application is hosted in IIS and this is a intranet site, you just need to set the application in IIS authentication method to Windows Authentication, then when the client tries to load the SL App a 401 challenge will trigger asking the user to enter in his/hers credentials. You can also set IE to pass with windows credentials to the server when the site is loaded.
I have had spent quite a bit of time tweaking various properties to get the right functionality that i am looking for (especially with machine names being fully qualifies or not) but basically that's one thing to keep in mind when debugging this is that machines names play a role in how the server interprets a client trying to access the server.
Related
I am working on a desktop application that gives a desktop tray icon notification when a new pull request is created that requires your attention.
I have developed the application entirely using a public access token for my account. Now I have got to the point where other users need to be able to use the application, I am required to implement OAuth 2.0 authentication.
However, VSO's application authentication assumes my application is a web app and asks me for details that I cannot provide (and aren't even relevant).
How can I get an app id so other users can use my application?
I'm not sure if I'm misunderstanding the whole concept. This is the link I am using: https://www.visualstudio.com/en-us/docs/integrate/get-started/auth/oauth
There is no way to do this for now:
Right now, Visual Studio Team Services only support the web server
flow, so there's no supported way to implement OAuth for Visual Studio
Team Services from an app like a phone app, since there's no way to
securely store the app secret.
As an alternative way, you can use Basic Authentication and ask your users enable "Alternate authentication credentials" and then use the alternative credential to authenticate to VSTS API.
I am trying to work out how to send reset password links from a windows forms application which then work within an ASP.NET MVC 5 website. I am currently using Microsoft.OWIN Identity as the authentication provider. I am able to create users, but whenever I try to send a token, the website always states that it is invalid, does any one have any idea how I need to do this?
Thanks in advance,
Chris
The only way to use the DpapiDataProtectionProvider is for both parties, the web and win forms processes, to share the same machine key, and the web site to share the same process model. Not likely to pull that off!
Instead, could you use a webapi request so the web site can produce the token, with all proper authentication for the win forms app, and then the win forms app just sends it in it's way?
For the past 2 years we have created 3 desktop application and 2 admin section(web) for one of my client.
Every application uses its own authentication process.
I have merged the authentication process for web in single unit.
But the client wants to have one screen for getting authenticated on desktop application as well as on website.
he also want to use different browser and the username /password should be asked only once irrespective of browser opend.
I tried to use cookies for web. but every browser has got its own cookies.
Can any one suggest how can i authenticate a user for the whole computer so that authentication information is available to desktop application as well as to website irrespective of the browser being used?
Edit: As suggested by joe using windows authentication is not possible in my case.
So i created one more table with following column
ip,userid,authenticatedat
when ever a user is authenticated i insert its ip,userid, and time in table.
when ever a non authenticate user comes first i look in the table if the ip is present and authenticatedat is within 30 min i assume user is authenticated and set the session/variable with data required.
This i have checked and found it is working .
I have found this is not secure.
Windows authentication is the only way I know of doing this. Assuming your users are on a domain you control, then their Windows credentials would validate them, and they wouldn't ever need to enter a username and password.
Outside of that, I can only think of hacky dirty methods of making this happen. You could install a single authentication service on their machine which is available to connect to remotely from other applications - those apps would call your service, and that service would authenticate the user and pass an authentication token back. Easy enough for Windows apps, but making that work on a web app wouldn't be fun. Your web server wouldn't be able to talk to this service, so you'd have to rely on the client javascript talking to the service and retrieving a token or hash, and then the javascript passing this on to the web server.
Anything you put on a local machine, you have to assume the user can reverse engineer and manipulate, so if you need real security, I doubt you'll find a solution. Best bet is just to make the user log in every time you need to, and have your authentication/authorization code on your web service layer.
For an ASP.NET MVC 2 application, we are using HttpContext.User.Identity.Name to get the user name for authentication purposes. This works fine when testing. Users who are in the database are able to access areas for which they have permissons, and redirected to a 401 page otherwise. The 401 page displays their username, explaining that this user is not authorized to access this content.
However, in a deployed environment, all attempts to access any portion of the application redirect to the 401 page, and the displayed username is blank!
How can we enable the deployed application to access the username of the request?
From my research, I should go to the following screen and enable Windows Authentication, but it's not in the list!
We had an issue like this to, what we ended up doing was turning off Anonymous Access in IIS. Remember to check the Integrated box at the bottom.. Hope this helps
Ah, if you are using IIS 7, you probably need to install it first! Here's a good overview. FTA:
The default installation of IIS 7 does not include the Windows
authentication role service. To use Windows authentication on IIS, you
must install the role service, disable Anonymous authentication for
your Web site or application, and then enable Windows authentication
for the site or application.
If you're not seeing it as an option, you probably don't have it installed.
(Dictated from my Winodws 7 machine,) Go to your Start menu and type: Turn Windows features on or off.
Next, in the dialog's treeview, go to Internet Information Services - World Wide Web Services - Security and then check the Windows Authentication checkbox.
I have a simple silverlight application hosted on a corporate network. However I want to allow access to this website to few select NT users and restrict the rest. How do I configure it?
Also would such a configuration work for out of browser as well?
you should enable the Integrated windows authentication in the IIS web site or virtual directory configuration. After that in any moment you can take the User.Identity and User.Principal objects and cast them to WindowsIdentity and WindowsPrincipal and check if current user is in a certain role ( aka in a windows group ) or his/her username...
about out of the box I don't know because I have never tried it but you could surely test it once you have a label showing current user name in your SL User Interface, checking if the functionality is the same in the browser or out of browser. Hope this helps...
There are several things you can do.
1) Restrict access to the web services this is calling into - Davide's answer covers this nicely.
2) Restrict access to thw website where the SL app exists, which is easy to do with ASP.NET and the built-in support for Windows Authentication via a MembershipProvider. This way, a user can't even load the HTML page hosting the Silverlight app if they're not in the right role. This would also prevent them from installing the app as Out of Browser, as they can never get to it in the first place.
3) In the OOB mode of the app (when Application.Current.IsRunningOutOfBrowser is true), at startup call into a web service that verifies the user is in the right role - if they're not, the app could simply diplay a "not authorized" visual and not show the real app functionality.
This way, if the user ever was in the role and installed the app OOB, but then lost that permission, they'd still not be able to use the app.
As to implementation of all this, I suggest looking at WCF RIA Services. It has great authentication/authorization support that should simplify implementing this, even if you don't want to use RIA Services for data access for whatever reason (though I recommend that as well, it helps hide a lot of the async complexity of Silverlight data access).