ASP NET Boilerplate API project creation problem - aspnetboilerplate

It is a first time that I am using ASP.NET Boilerplate for API development. There are default features like multi tenancy and role management which I don’t want to use in the template. When creating a new project. in the project wizard I am choosing “Single Page Web Application” and I am unchecking the “Include login, register, user, role and tenant management pages” box. But when I do this, it is removing the connection between Swagger and Application Service. So the methods I am writing in Application Service are not being translated as API endpoints automatically.
Ideally, I want this: ABP Template + Empty API solution + swagger connection.
Am I missing something? Could you point me in the right direction? Thanks in advance.

"The methods that I am writing in the Application Service are not automatically translated as API endpoints." Regarding that, the app service should be translated automatically in the version that does not include login and roles, check the documentation. Regarding the swagger, you have to add it manually.

Related

Spring Boot Rest API with Microsoft Azure AD

I have a Rest API developed with Spring Boot and neo4j as a database. There is no Frontend in the Spring Boot App. It only serves as a Backend. The Frontend is developed in Flutter.
In my app, the end user has to sign up and login with theis user credentials. The user management is currently handled with Spring Security and JWT, generating and storing the tokens with AuthenticationProvider, UserDetailsService and so on.
Now, we are migrating our whole infrastructure to Microsoft Azure. We already managed to get the DB, the Backend (as the Spring Boot App) and the Frontend there.
The question now is whether it makes sense to migrate the User Management to Azure Active Directory. Is this the right use case for that, or is Azure Active Directory actually there for other use cases?
Also, I want to use my Login and Signup Forms built with Flutter. I only found solutions so far where you get redirected to this Microsoft Login Form. I want to signup/login directly from my Flutter App, and then use the token for my requests in the Spring Boot App.
Does this even make sense? If yes, how can I realize that? I was searching for hours but I didn't find any proper solutions.
If you use AAD you will have to use the OAuth redirect based Microsoft login experience. There is no way around that.
If you can't think of any way you or your users will benefit by migrating to AAD, then there's no reason to do that. You're doing a bunch of work, and incurring risk, for no real benefit.

Rest API for user management

Situation
I am currently working on a project with following goals:
Front End Web Application with Blazor-Server
Database with MS SQL
Rest API as interface between Database and Blazor App
Microsoft Identity Platform for user management etc.
Question
My Question is, where do I put the Microsoft Identity part in here? As I want to use it in the Rest API to authorize users for respective api endpoints and to manage the users within the Blazor Application.
Also the database is designed with Entity Framework's Code-First approach within the Rest API.
My idea was to also put the Microsoft Identity part in the Rest API. Since in the future other services might need to consume this API aswell. But how can I make use of the generated Identity Pages (like login.cshtml etc.) in the Blazor App, when the Identity Implementation is in the API?
Im not really sure how to solve this, any help and recommendations are greatly appreciated.

MVC 5 Sharing between Web Application and Web API

I am in the process of learning ASP.NET MVC 5 (Visual Studio 2015) and have created a basic MVC web application. When I created the project, I selected "MVC" and "Web API" under "Add folders and core references for:". I also selected "Individual User Accounts" under authentication. I created some models, controllers, and views using EF. Those are working great along with authentication. I also created a "Web API 2 Controller with actions using Entity Framework" to add API capabilities to one of my models. Again this works fine.
Now I am trying to get OAuth working with the Web API but ran into problems when requesting the Token... I don't think the Web Application template comes with that piece. After much reading, I found some recommendations on Stack Overflow that it is usually better to create a separate project for your Web API.
So my questions are:
I will most likely be deploying the Web API on one server and/or subdomain and the Web Application on another. If that is the case, they have to be in separate projects anyways, right?
When having two projects, what is the best way to share common components, like models? In my Web API, should I add a reference to my Web Application and then create the Web API Controller like that or should I copy the code from the model and create a new model in the Web API?
To answer your questions:
Yes, they need to be separate projects if you are going to deploy them seperately.
To handle common items, create a library DLL project and reference that from both the Web API and Web App. It can contain the common components.
Also, if you are using cookies for authentication, you are also going to have to setup CORS to allow the cookie to be shared between two sites with different domains.

Single Sign-on through Spring Security

I have a web portal built with spring security 3.X. My web portal has links of external web applications also built with spring. Id like to know if there are any working examples or code snippets on how i can automatically POST users login credentials from my portal to my external web applications in order to simulate SSO
I assume you are not looking for an SSO solution for which you could use http://projects.spring.io/spring-security-saml/ with OpenAM/OpenSSO.
In your case you could use the AbstractPreAuthenticatedProcessingFilter, here the documentation:
http://docs.spring.io/spring-security/site/docs/3.2.5.RELEASE/reference/htmlsingle/#preauth
Here a practical example I found:
PreAuthentication with Spring Security -> Based on URL parameters
Answering my own question.....
Solution was to create a table in the db containing username,password,and application name..
On a click event of a link the controller checks if the user has a record in the table with the corresponding application name, if so the user credentials is pasted into the form and submitted automatically.

Implement Web API with OAuth and a Single Page Application

We're developing an API and a single page application (that is one of more possible future consumers of it).
We already started on the web API, and basically implemented a system very similar to the one John Papa made in his course on pluralsight, named "Building Single Page Apps (SPA) with HTML5, ASP.NET Web API, Knockout and jQuery".
We now need to implement authentication and user managing in this application and need to find the easy way out to implement this in as little time as possible as we are in a hurry.
We realized the SPA template included in the ASP.NET update had very similar features to our needs, but we wonder what the best approach to implement a similar feature in our existing code.
We are novice developers, as you might figure.
Is it possible nstall some packages using the package manager, and voila, a simple membership and OAuth auth option be readily available?
Our use case is that we need to protect some resources on our API based on roles, and that one should be able to log in using a username and password, but also log in using ones facebook, google, or twitter account.
Found an interesting talk regarding the subject here: https://vimeo.com/43603474 named Dominick Baier - Securing ASP.NET Web APIs.
Synopsis: Microsoft’s new framework for writing RESTful web services and web APIs is appropriately enough called ASP.NET Web API. As the name applies, this technology is part of ASP.NET and also inherits its well-known security architecture. But in addition it also supports a number of new extensibility points and a flexible hosting infrastructure outside of IIS. There are a number of ways how to do authentication and authorization in Web API - from Windows to usernames and passwords up to token based authentication and everything in between. This talk explores the various options, and puts special focus on technologies like claims, SAML, OAuth2, Simple Web Tokens and delegation.
We eventually went with the SPA template, doing authentication on the API (separate MVC part).
Then the API would generate a unique token and redirect the user to the front-end with the token in url parameters.
The front-end then needs to send this token on every subsequent request.
Have a look here - Identity Server done by the security experts. This is all you need in one package.
In terms of OAuth, you would need to use Client-Side Web Application flow which the access token is issue immediately to the client and can be used.

Resources