I'm writing a new desktop app as a smart client. Although it will need to cache some data locally, data will be downloaded and commands issued via a WCF web service.
So that "not just anyone" can call the web service operations to get data or issue commands, I'd like to use forms authentication. I'd like users of the desktop app to log into it with their website credentials (all on the same domain), and from them on for the app to supply the "token" (cookie or whatever) with each WCF request, so that the WCF service can authenticate/authorise them.
Is this possible, and could someone point me in the right direction (keywords, tech to research), please?
I know that I could "roll my own" where I have an authentication service that will return a token, and that each web service operation could require a token that it will look up authorisation information for, but it seems we already have this in the ASP.NET membership stuff, so I'd like to make use of it.
Many thanks in advance.
If you are using VS 2010, it is build it, you just have to select in the project properties, and then click the Services tab. MS changed the name to Client Application Services. Just check the Enable client application services and then fill in the blanks.
Here is the whole help section on it from MS...
http://msdn.microsoft.com/en-us/library/bb384297.aspx
Related
Looking for a design solution.
We are currently migrating our old site installed in Windows Server IIS to Cloud-based Azure App service or Azure Service fabric.
We have multiple clients but one of the requirement is to move clients one by one.
I.e They want us to use the same DNS, but based on brands it should route to the new or old site.
so for example, we have 2 brands
Brand 1 - moved to a new site
Brand 2 - still using the old site.
So we when the request comes
For www.Mysite.com/brand1 then it should call Site hosted in Azure.
For www.Mysite.com/brand2 it should call old site hosted in windows
server IIS.
Is this feasible? If yes what are the options I have?
I saw options to Redirect a Domain by modifying .htaccess file.
Currently looking for options to finalize the design approach i.e moving all client at once or moving one by one. But later is preferred.
It is possible to use an Azure Function to handle the redirect. I have done something similar in order to create our own short urls for text messages. Before redirecting you can inspect the original url to determine where to redirect too.
Check out this link
Most likely a good business case for having an azure application gateway as its made for redirecting traffic based on the route requested. the gateway would need to be register under the domain name you want visible and you would then configure the routing rules on the app gateway resource. your azure resource and your on prem resource would be considered your backend pools
www.Mysite.com/brand1 -> point to my new cloud server pool
www.Mysite.com/brand2-> point to my existing app server pool
Linking the azure docs on this.
https://learn.microsoft.com/en-us/azure/application-gateway/overview
I have a WinRT app that is going to interact with a WebAPI service on my server backed by an Entity Framework managed SQL database (MVC - ASP.NET). For security, I'm only allowing users authenticated on the WinRT side with the Microsoft Live Connect SDK to interact with the WebAPI service. I already have the login code for authenticating with the Live Connect SDK on the WinRT app side working. The WebAPI service is running in the context of an MVC Web Role running on my Azure hosted server.
I've done a lot of reading on StackOverflow and there's a wide range of documents on the topics of authentication, OData, OAuth, Azure Mobile Services, WebAPI and how to combine them:
Live Connect Authentication Token for use on Azure Mobile Services (REST)
How to use a MVC WebAPI OData endpoint securely?
Disable Windows Authentication for WebAPI
I am very concerned that I choose the tools/path that implements only what I need to implement the above scenario and in a secure manner. My main attack concern is un-authenticated users trying to access the ApiController and performing harmful Puts or Deletes. Some questions:
Do I need Azure Mobile Services at all?
What tool(s) do I use or configuration changes do I need to make to manage/pass the Live Connect token between the WinRT app and the service?
Is there a template or NuGet package that I should use that automates much of this?
Is there a document that addresses my scenario or one close to it?
Is there anything built-in to Entity Framework that can help, or conversely has a vulnerability I need to address? If so, what?
What changes do I need to make to the server configuration (web.config)?
First of all, I took a look to every related topic on her about this issue. However non of them was successful in answering my question fully.
Currently I am working on a desktop app, coded in C#/wpf, that requires MySQL connection both for authentication and storing user custom lists etc.
However, the problem is that apparently allowing everyone to remotely connect to MySQL db is not good practice. Also, my current host requires IPs to be whitelisted before they can connect to the db.
What are my options on this?
Thank you in advance
You should look into creating a web service (SOAP), http web-api (REST) or some other middleware to abstract your data storage.
This has the benefits of:
Allows you to move much of the business logic out of your desktop app and into middle ware
Allows you to keep business logic out of sql which might be a bottleneck
Allows you to update your business logic without redistributing your desktop app (easier if you don't have direct control of all the desktops).
Allowing you to control authentication (many web servers have their own modules, method of authentication). Your app would control access and access storage under it's own service account.
Allows you to complete change your data storage (let's say in the future you store some in sql, some in mongodb, some in cloud storage - once again, without having to update all your desktops.
Allows you to scale out your front ends and even possibly scale out your backend storage (for example, read/write DB replicas)
If you're already working with C#, then the new MVC4 web-api should be a good fit. Read more here:
http://www.asp.net/web-api
If you go that route you could control access in your service and have your service access the database either via credentials in a connection string or if you use IIS, credentials on the application pool mapped to your site.
If you're shipping your desktop app (you're not hosting the DB) then you can also self host web-api in it's own exe if your customers don't want to install/manage IIS.
Finally, if your mysql is online, your middleware could be in the cloud (azure etc...)
Create a web service, such as with WCF or MVC Web API where your app can pass through their credentials and authenticate. I'd recommend https for transport security.
I am trying to architect a system that will have a website and an iphone app that will be driven off the same data. I understand how I would create and architect the website, but when it comes to adding the iphone app I am unsure on how it will apply.
My considerations for design:
-Using C#, SQL Server, asp.net for the website (would try to get most of my data using web services where I could)
-Using Objective-C, x-code, etc for the iphone app development
1.) Will I need to expose a web service for the iphone to interact with? If so, would that be considered a seperate web app from the actual website? Or would the webservice be built in with the website and then the iphone would interact with that web service as well?
2.) What do I need to consider, security wise, when it comes to exposing a web service?
3.) Any other architecture advice for building a system such as this? Maybe personal experiences with doing a website/iphone app that runs off the same database.
Yes you will need to expose a webservice for the application to bind/talk to. I would suggest that the service be run as a separate site (such as data.yourdomain.com, where as the site would run on yourdomain.com) which the website also uses for it's data. That way you share the same architecture for both your "end points" (site and app).
Ensuring that you webservice takes a authentication token (username/password or oauth/etc) with each call will help to prevent any unauthorised calls to the service/database. Also ensuing that your service is exposed via a valid HTTPS connection (and only https) will prevent sniffing of the data to get passwords.
As I said in point 1, build the service in such a way that it does not matter what "end point" is accessing it. That way should you add an android app or windows phone app (or even a second website) you will not need to make a fresh service. Perhaps tie each applications "account" to a "end point type" (such as Android/iPhone/WinPhone/WebSite) that will allow you to customise the data objects that you return if needed.
Will I need to expose a web service for the iphone to interact with?
If so, would that be considered a seperate web app from the actual
website? Or would the webservice be built in with the website and then
the iphone would interact with that web service as well?
It depends, if you want a native application, then you would expose the service, else you can develop an iPhone web app
What do I need to consider, security wise, when it comes to exposing a
web service?
Normal security consideration as if you would develop a web service to a windows desktop application
Any other architecture advice for building a system such as this?
Maybe personal experiences with doing a website/iphone app that runs
off the same database.
Try to make the web service as clear and light as you can
At first use use just one data source for all your projects. Expose the database with webservices. User authentication to invoke webservice procedures for security.
I am thinking about writing an application that will monitor IIS Service with iPhone, and send notification, perform resets if an IIS goes down.
I dont want to create a web service to do that but rather connect to a machine, specifying credentials and then get data from the IIS Service state.
Is it even possible?
Is it possible with iPhone?
I need to make this app generic enough for people to use with their hosted web sites and monitor their health and being able to reset it and/or recycle AppPools. I cant implement a service for any hosted environment. I need to be able to give the iPhone users an ability to connect to their host and once you are connected to the machine and authenticated to perform WMIs the phone users can mess with the iis. Is it possible?
I see your point not wanting to use web service because you want to monitor and reset IIS service, while web service is based on IIS. How about RestFul service? I have created RestFul service based on OWIN (Open Web Interface for .Net) and Kayak. Kayak may have some examples there.
The cool thing about those tools or lib is that the framework is very simple and does not rely on IIS. You can provide two URLs, one for get and one for post. The former is to get status of IIS server and post is to reset IIS. Those services can be just XML of JSON based objects and it will be up to the the OWIN service to do the job on the back end. Another great feature of this is that you can even create the service in a console app or any other ways (Windows service or Window Form in system tray) on WindowsXP or Home version. The app will provide RestFul service based on HTTP with specific port.
RestFul service is available for variety of platforms, including iPhone.
Although IIS supports remote administration I doubt there's a way to implement it on the iPhone easily.
You could write an actual Windows Server (not a web service) you could connect to with a socket which can do all the monitoring instead though.