I am building an intranet website. And I am still unsure of how to implement the security of the website. I am using ASP.NET MVC 3.
Anyone in the company can access the website. It is a recognition system where you can nominate an employee for an award. Currently I am not using any type of authentication. I have a roles table that contains roles and an association table that specifies which user contain what roles, these roles are mainly administrator-type roles. If a user does belong in these roles then he/she can still access various parts of the website.
Would I need to use the built-in membership for this? Or would I need to create a custom membership for this? We don't use a login page. If the user does not have roles to access a view then he/she is redirected to another page.
We use IIS to do our authentication. Is this the same as Windows authentication? I have the roles table used for authorisation.
I'm just a little confused at the moment, I am hoping someone can give me some more clarity.
You can very well use ASP.Net MembershipProvider and RoleProvider for this
For tutorials on how to use them you should look at Videos at asp.net.
Here's a walk-through at MSDN
This blog post by Scott Guthrie might help:
Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application
For Intranet web applications, the most common authentication scenario to use is called Windows Authentication. Windows Authentication avoids the need to create a login form within an application, and does not require end-users to manually enter their username/password credentials to login to the application. Instead, ASP.NET and IIS can automatically retrieve and validate the Windows username of the end-user visiting the site in a secure way
Related
I am looking for a way how to implement authentication and authorization fo several applications.
I have one main application and several child application.
I have only one domain so I access my child applications like a mydomain.com/app1.
My goal:
Use one account for all web applications
Have specific permission for each user, for each application
Implement register, login views only once.
My thoughts are:
- Create one WebApp/API which will maintain user accounts
- Call this webapp from other apps
I was googling a lot and I found some technologies which could be useful:
Jwt bearer token - generate token with claims and in each app
implement logic which claims are necessary for specific policy
Identity server 4
I am so confused from identity server so I don't undestand how to use it (but according to description I thnik it could help to solve my problem)
Something like this scenario:
Request web page
WebApp checks authentication (proprably Jwt token?) if user is not authenticated call auth server --> some login page
After authentication Jwt is generated, Jwt & webpage from web app is returned to user
I saw lot of samples, but most of them are for fronted backend solutions, mobile applications etc..
I would like to use simple MVC, Razor pages apps..
Are my thoughts right or it should be done in other way?
Could you recommend me some technologies, tutorials how to achieve this?
Thank you very much!
I'm looking for solution which uses ASP .NET Identity, Windows Authentication with roles in database. I'm building intranet web app, every user has Windows account but roles should be in database because I don't want to ask admins every time I need to assing user to role.
When I'm creating new ASP .NET MVC project in Visual Studio and choose Individual User Accounts I have a lot of things, which are done e.g. in Startup class and ConfigureAuth method there is app.UseTwitterAuthentication. Is there the same for Windows Accounts? e.g. app.UseWindowsAuthentication?
Can I just authenticate user by Windows Account and map this account to my database account?
I know that I can write my custom RoleProvider, but I'm rather looking solution done like Facebook/Google/Twitter authentication. It seems to be obvious that Windows Authentication should be somewhere, isn't it?
Thanks for every help.
Using OWIN and Active Directory to authenticate users in ASP.Net MVC 5 application passed in comment by trailmax (thanks) is one of the resolution
https://tech.trailmax.info/2016/03/using-owin-and-active-directory-to-authenticate-users-in-asp-net-mvc-5-application/
Choose no authentication
ConfigureAuth with UseCookieAuthentication
Write some kind of AdAuthenticationService
Use service in Login controller
Another worth considering are
https://github.com/MohammadYounes/Owin-MixedAuth and https://github.com/MohammadYounes/MVC5-MixedAuth
I want to implement authentication and authorization in my application. I am developing my application using AngularJs and ASP.NET Web API.
I want to achieve:
Its an intranet application and want to use windows authentication.
For Authorization, we want to maintain a table in database with username and role column and using this table we will be authorizing users.
Please suggest how could I implement this within my application using AngularJs and Web API.
Set up your WebAPI libraries to use Windows Authentication. Add your [Authorization] attributes to your controllers. Your startup logic can certainly pull role names from your database and add those roles for use in the [Authorization] attributes on the controllers/methods.
I don't know that I'd do this on a per-username basis though - I'd create some roles (e.g. admin, user) and control those through AD if I was using Windows Auth. I'd then just store the AD group names as my role names.
Angualr.JS doesn't really factor into the picture much at all here - the auth will be handled by the browser. The one thing you may want or need is some way to get the user name from the User object in the API layer - in other words, creating an API method to return information about the logged in user (including that user's name, which won't be managed by the Angular.JS application as it might be if you were using some other form of authentication).
I am working on an ASP.NET MVC application that uses Azure AD auth out-of-the-box.
What I want to do is define custom roles for certain users. For example, mark JohnDoe#contoso as a "Portal Admin" or SarahJones#contoso as a "Site Manager" - I want to do that without messing with AD roles, since I don't have full access to the AD internals.
I am fine deploying a custom DB to contain the roles. Is there a generic solution for this or do I have to implement my custom verification layer?
Update 1: I can deploy a custom role provider and connect it to a different DB, but am wondering if there is a more straightforward way to do this.
If you use Azure Web Apps, which supports ASP.NET MVC then you can use the Azure Active Directory authentication mechanism. Here is a blog post describing how to set it up:
https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-active-directory-authentication/
Once you have that, auth will be enabled for your app and you can configure the AAD app in the portal. See this blog post for more details:
http://blogs.technet.com/b/ad/archive/2014/12/18/azure-active-directory-now-with-group-claims-and-application-roles.aspx
To modify the permission levels, you should be able to use role claims. See this example for guidance:
https://github.com/Azure-Samples/active-directory-dotnet-webapp-roleclaims
Accessing the manifest:
I'm developing a MVC application that will require a user to be authenticated against an AD. how to create log in page in MVC to create an Intranet Application that automatically authenticates a user against an AD
Why don't you use the Intranet Template provided by Microsoft Visual Studio, which does exactly what you want out of the box?
Your requirement is paradox. Why do you want a login page, which does login a user automatically, while being logged in by visiting the (main-)site automatically, does not require the visitor to do anything at all, because he is already authenticated by entering his credentials at the windows-logon
More information: http://msdn.microsoft.com/en-us/library/gg703322(v=vs.98).aspx
you can use the built in windows authentication feature. the example is in here
if you need mixed authenticated for example you want the user can access from outside using their AD it will involve either two applications or two different pages for authentication types. find the example here
I'm not entirely sure if you actually want a login page that automatically authenticates a user that visits the main site. Maybe your wording is a bit confusing there.
I'll asumme you want your Web-App to be able to authenticate users against AD after having to log in with intranet credentials. If that's the case, you might want to have a look at this article detailing how to set that up using IIS and an ASP.NET app.
If not, please disregard this answer.