I was just wondering if there is any service available online that allows you to protect your applications by requiring your customers to enter a username and password into your application to activate it and the application looking up those details through this online service?
I don't know if this is a real thing, or do I have to build a service like this myself (if that's the case, then I'm screwed for quite a while)?
Thank you all
Your question is not clear, but for example Google, Yahoo, FaceBook have API, which allow users to authenticate in other applications , by using that accounts if you are looking for this
Related
I'm writing a desktop application that can access GMail via IMAP. But I'm not sure if I implemented OAuth correctly.
MailKit says I should use a Service Account (https://github.com/jstedfast/MailKit/blob/master/FAQ.md#GMailOAuth2)
But Google says a Service Account should only be used if a Service wants to access it's own data, not the data of the user. Also I don't know how a different user can login in my application then.
I also found this tutorial and it's working for me (https://www.limilabs.com/blog/oauth2-gmail-imap-installed-applications)
But I don't know if it's a good practice. I can't hide the "ClientSecret" if I want do deploy my application. How to solve this? Also the user has to copy the auth key manually from the browser into the application.
Can someone suggest a quick, but state of the art solution? I'd like to build a Mail application and not an Oauth application ):
I have a little problem and I will be happy if someone tells me what to do.
I want people to change their Facebook password. This project is in VisualStudio, using C# in data base. How to make this possible? The new password should be affected by tge username and the password.
Have you taken a look at their API documentation: https://developers.facebook.com/docs ?
Generally, any site that lets other programs interact with the password in any way should be avoided. The proliferation of federated identity (delegating authentication to a third party) is one major way to avoid security issues across many web sites by third parties better equipped to handle the challenges of authentication. It also helps users and improves security by making it easy to authenticate and not reuse the same password across multiple sites - a major security problem
At best, your application can authenticate with Facebook and authorize the user to access your site / application using their login API: https://developers.facebook.com/docs/facebook-login/
We are getting some requirements from customers wanting Single Sign On and simple user Rights setup for our WinForms application using Active-Directory.
The application has integrated sign in functionality using WCF.
I have been searching around for some guidelines but I always end up finding answers about WebForms and MVC projects.
Does anyone have any experience with this or some links that could guide me in the right direction?
I have really no experience with AD integration but know that the newer .net frameworks have built in functionality for this.
Thanks in advance :)
To perform SSO in windows applications is easy, you get the currently logged in AD user and accept that at face value.
System.DirectoryServices.AccountManagement.UserPrincipal.Current
Anything else will not be SSO. SSO stands for single sign-on, and when logged into windows the user has already done the single sign-on.
If what you want is to check the username/password they enter against AD, this isn't SSO, but you can do that with the ValidateCredentials method of a PrincipalContext object from the above namespace.
I have an Azure account and currently a Mobile Service setup with a SQL Database so that my Windows Store app can communicate with the database.
I have developed sites using ASP.NET WebPages authentication. And I need something similar for my Windows Store app.
I have successfully gone through the documentation and tutorials on the Windows Azure website and implemented ACS (Windows Live ID, Google, Yahoo!, and Facebook) - but the thing is - I don't want Google, Yahoo!, Facebook or even Windows Live ID or Microsoft Account) logins - I want my OWN login but it seems that they don't give you this option (correct me if I am wrong).
I need to allow users to signup from within my application (that means, providing their name, DOB, email, phone, address, etc) and shove it all in my database.
Now, after implementing Microsoft Account login with my Azure service, I found out that you can't even get the most basic information about any user who has logged in to your application - not even an email address.
I have spent hours searching online for something that could possibly help but I am running out of keywords - and have not hit a single related result yet.
Does anyone know if this is possible? How would we go about integrating login and signup with a Windows Store app that set/gets this data into/from a Windows Azure service?
Any code, samples, links, tutorials, documentation, etc would be highly appreciated.
You have gone down the road of hooking up external identity authentication, which in my opinion for an external facing web application is a better approach. Benefits are:
Your application is only responsible for Authorization not Authentication. There is a whole lot of work involved in Authentication and a large number of best practices. Best let those who know best take the burden of this. This doesn't mean you shouldn't try and understand it though.
If your site gets hacked you don't have to tell them that their username / email and password combo has been compromised and they will probably have to change there passwords on other sits.
You are also making sure that your users don't have to remember / manage yet another username / email address password combo
If you really want to do the Authentication then that is fine but you will need to do it yourself. Have a look at examples on Asp.Net Membership. This is not the only way and nor is it the best way but there are lots of examples.
Now if you decide you want to use external authentication I can give you some pointers to help with your current implementation.
First thing to note that the Id you get back from Live, Google, Facebook can only be assumed to be unique for that provider. Therefore if you want to keep a profile in your system for that identity and you want to use more than one provider you will need to implement it in such a way that you can keep the id unique in your system and help you associate it with a provider.
Website Authentication with Social Identity Providers and ACS Part 2 – Integrating ACS with the Universal Profile Provider
As you have found out not all of the Authentication providers return the same "claims". A claim is something that user claims to have, such as an email address, name, date of birth, etc. All the ones you can use by default via the ACS return Uid and some return a name and email address. What you have to do is fill in the gaps. When someone registers you will need to pull the relevant claims and then ask them to fill in the missing ones. You may also want to map the different claims in the ACS to a common name that you can use in your app as one provider might use slightly different names.
Federated Identity with Windows Azure Access Control Service
Just because you do not handle Authentication you still need to be responsible for keeping your application secure. Half of the work has been done for you so your code should be a lot lighter but you will still need to make use of roles.
Windows Azure Role Based authentication (ACS)
The really nice thing about this approach is you can implement your application the same why SO have done with there identity model. You can allow users to associate multiple identities against their profile meaning they can login how they want to.
If you choose not to use the built in providers for ACS you will need to implement your own Identity Provider using SAML, OpenId, etc...
You can look into the Windows Identity Foundation (WIF) for implementing WS-Trust or WS-Federation.
There is also ADFS which has the same set of support but uses Active Directory with WIF and Azure has its own version of AD that can be used.
There is also thinktecture identityserver which can jumpstart your venture into IdP land, but I have not used it myself yet.
If you want to go the OpenId route there is DotNetOpenAuth.
If you're looking to add custom identity to your Mobile Services app, check out Josh's post on custom auth: http://www.thejoyofcode.com/Exploring_custom_identity_in_Mobile_Services_Day_12_.aspx
As an organisation, we use Google Apps. We have the paid version (mapped to our domain) etc...
We are developing a web based application to manage orders, and other business functionality.
I want to be able to use federated login with our google apps accounts-
For example, if a user is logged in to their email (gMail) - they should automatically be logged in to our ASP.net application
If they're not logged in - the log in form should auth. against our google apps account.
How can this be done?
Is it possible to be able to "get" the user who is currently logged in using this method etc...?
Sure, use dotNetOpenAuth. It's recommended by OpenId library and it should be easy in use. As far as google provides OpenId interface there should be no problem with using it in your application.
Stackoverflow is successfully using it and I'm logged here always when I'm logged on my google account.
Just doing a quick search through Google's API documentation, it sounds like you need to use Google's implementation of OAuth protocol.
If you have not yet started developing, you could even considering developing for Appengine - using python or Java (though I would prefer Python myself).
Advantage is that it has a much closer integration with Google Apps services and it will be much easier to build further functionality that works with Google apps (docs/mail etc). Besides this, there arent too many hassles for hosting the app.