I found this article around sqlconnection with managed identity
https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/app-service/tutorial-connect-msi-sql-database.md
BUT this article is using "System.Data.SqlClient" which is retired now (not recommended to use). Can someone redirect me to similar document which is using "Microsoft.Data.SqlClient"?
Related
We have built a portal in PHP(Laravel) + Angular for a client. User Authentication is done through LDAP.
Client also has a SAS solution for Analytics and it also has LDAP Authentication (SAS Viya).
We need to redirect the user from our portal to SAS portal and the user should get logged in automatically as both portals are authenticating the users through same LDAP.
We tried a few things, but it didn't help.
I am looking for some guidance on how to implement this and if there is any programming/configuration required on our side or on SAS side.
Hard to be specific without fully understanding your use case, but you could look to handle authentication to Viya using the SASjs Adapter (disclaimer - my team built it)
https://github.com/sasjs/adapter
Just set the LoginMechanism to REDIRECTED in the config object to support SSO or alternative login flows. If you need help, my team can be contact on https://sasapps.io/contact-us, else just raise an issue on the github.
We have an implementation on Angular that may help: https://github.com/sasjs/angular-seed-app
We have integrated a VIYA Visual Analytics report into a corporate web application, using the SDK (so not realy a redirect) with single sign on.
(I don't know all the details about how we did it. my roll was in the personalization of the report, where we went further than ordinary row level security.)
I have an ASP.NET 5 (RC1) application for which I am trying to set up authentication and authorization. However I am confused and overwhelmed by all the varying authentication and authorization information online in as it pertains to this platform. Much of it seems either hopelessly out of date or simply doesn't seem to apply in this particular usage scenario. Right now, I'm not even sure what the right 'terminology' to use for the question I am trying to ask, but I digress.
What I am trying to accomplish is a system whereby users are authenticated/authorized via Azure AD (B2C?), with additional user profile information stored in a database. However, the user context in the controllers is accessed in a consistent way using what I presume would be a custom ClaimsPrincipal/ClaimsIdentity? I would imagine this should be as simple as adding an 'authorize' attribute or something similar and accessing the ClaimsPrinciple.Current.Claims.
I have used ASP.NET Identity in the past, but many of the examples I have found aren't using that. Most are simply using the UseOpenIdConnectAuthentication middle-ware. I see that ASP.NET Identity is still available but I'm not sure it applies in this scenario. I also found a couple posts on here suggesting using a custom ClaimsIdentity to accomplish this, but I am having trouble finding useful up to date examples. BTW, I realize that much of this "profile" information can be stored as custom attributes in azure ad but the way some of the information is used within the application prohibits all of it from being in azure (i.e. EF linq joins and such).
Please, tell me if I am even close on some of this. I know this is a fairly new platform and the information is sparse, but certainly I'm not the only one asking these questions.
Just calling out an excellent article Identity management for multitenant applications in Microsoft Azure.
A lot of your questions are answered there.
e.g. you can augment the claim in the OWIN middleware AuthenticationValidated event.
ASP.NET Identity is claims-based in that the attributes are delivered as claims but authentication is on the DB, not via external IDP like Azure AD.
B2C is a special case in Azure AD - used for many (millions!) external users who can self-register and self-manage e.g. SSPR.
B2C uses a separate tenant to the normal Azure AD one and the users have no access to things like O365 or any SaaS applications.
I need to login with facebookx, twitter, gmail, openid, yahoo and other site in MVC3.
I already search for Openauth and openID but could not get the proper solution. come solution run and went to the site but never come back with identty.
So can i get the proper solution in running mode with MVC3. Also please provide me the dll and also nuget template or packages details.
Can i test with localhost for openauth/openid?
In short, Yes you can test and host on local host.
What you need to focus is a Tokens that are managed in OAuth library provider of your choice. Just follow the wiki and some tutorial and you will be fine.
As a start point look at the dotnetopenaut.net source library that brings OpenID, OAuth, and ICard capabilities to the Microsoft .NET Framework.
Reference: look at this post for more details: OpenID and OAuth using DotNetOpenAuth in ASP.NET MVC
I am using Windows authentication on a website but want to have levels of access. Currently, I am using the [Authorize(Users = "userA")] syntax.
However, with upwards of twenty Windows accounts accessing a site, I don't want to have to hard-code in twenty users with each Authorize statement. What's more, some of the users need to have different access than others. I thought of having a list of users that a CustomAuthorizationAttribute iterates through to see if the desired user is among them.
Basically, I'm trying to get roles without using Forms authentication.
What is the most effective, most simple way of doing this?
Your answer lies within the ActiveDirectory domain. Since you are using MVC 3 you should have access to the following namespace "Directory Services Account Management":
http://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.aspx
You can see this article for describing the whole process underneath, it provides sample code for you to use immediately out of the box:
http://msdn.microsoft.com/en-us/magazine/cc135979.aspx
Forwarning:
You will also have to establish an LDAP connection string. LDAP is a protocol used for retrieving that information from the secured windows database.
http://technet.microsoft.com/en-us/library/aa996205(v=exchg.65).aspx
To see the code being used in action:
http://www.willasrari.com/blog/query-active-directory-users-using-c/000133.aspx
I've done something similar to this in a .NET 3.5 environment using IIS 7.
One of the best articles I've ever read about Role-based Authorization is:
Role-Based Authorization With Forms Authentication (Part 2) By Darren Neimke and Scott Mitchell. They wrote it for ASP.NET 2.0, and no concept has been changed in version 4.0 (and 4.5 as far as I know).
To become a master in this field, read this MSDN and all of it chapters:
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
I'd like to support multiple authentication mechanisms such as oAuth and ADFS in my MVC site. Is this possible, and how would I go about using one or the other?
My understanding is that ADFS/WIF will hook into the entire site preventing alternates such as oAuth
FedUtil only allows an application to point to one instance of ADFS. If you use it again to point to another instance, it simply overwrites the old ADFS info. in the web.config.
The trick is to federate ADFS with another STS which does support the OAuth protocol.
StarterSTS is an example of an STS which supports OpenId. This was developed by Dominick Baier. He has just announced via his blog that he is developing a MVC version.
Matias Woloski has blogged about a protocol bridge here. It supports not only OpenID but also OAuth.
#nzpcmad suggestion of adding an STS to do protocol translation is correct. Another alternative is to use ACS (AppFabric Access Control Service).
You can alternatively add the trusts relationship on the web.config manually (or run Fedutil on a separate project and merge the changes). In this case the trust would be to an STS that knows how to deal with OAuth and SAML/WS-Federation (like the STSs mentioned by #nzpcmad). Out of the box, WIF only understands SAML tokens and WS-Federation/WS-Trust.
StarterSTS does not support OAuth but the follow-on project by the same guy does. Check out http://identityserver.codeplex.com/ for more details.
In addition to supporting OAuth it is new code using the ASP.NET MVC framework and WCF for its underpinnings.
This is only at CTP 1 status and is not yet considered a full release yet so review carefully.