I would like to selfhost asp.net web api 2 within our own window service as it is described here:
https://learn.microsoft.com/en-us/aspnet/web-api/overview/hosting-aspnet-web-api/use-owin-to-self-host-web-api
Since we use Active Directory in our organization (local AD, not azure) - how would I go about having the user's principal flow to the server side once he accesses the web api (via browser).
I know it works with IIS hosting... but how do I go about it with a self hosted web api?
Related
I've some issues with a ASP.Net API and Google Authentication.
I work with VS 2017 and .net FW 4.6.1.
In this app the login can be made by create a new app user or use a Social network authentication like Google Account.
So I create a Google Project with a Credentials for Web Application and refer my dev env web site and my prod public web site.
In dev mode with Localhost it works perfectly but with my public domain name I get a
error=access_denied
The /signin-google?state=.... request, after choosing a google account, take 1 min and redirect to the home page with the access_denied error.
Do I need to regenerate the call to /api/account/externallogin with the publish website ? (I've already change the redirectURI)
Is the Google Project Name important to access to the API ?
Must the client ID be different between Dev and Prod ?
I've followed this tutorial to implement the authentication in my web site for more details :
http://csharp-video-tutorials.blogspot.com/2016/12/aspnet-web-api-google-authentication.html?_sm_au_=iVVDF8LpPKL6W0sQ
Thanks
I'm new to Web API and trying to build a CRM Web Service application with C# by using Web API. Here is the sample code I'm using: C# application which authenticates against Azure AD using ADAL and communicates with Dynamics CRM.
This code works perfectly for AD authentication on premise CRM environment. But my environment is IFD, which means I have to use OAuth. it says method calls to the web services must be authorized with the identity provider for that service endpoint. However all the example point to Microsoft Azure Active Directory. but for real case, do we have to register a CRM app with Azure Active Directory?
Then how can I define the 'Client ID', 'RedirectUrl', 'Authority' in my code, where is my endppoint? We're using ADFS authentication.
Can anyone share some sample codes for this?
Thanks.
I have asp.net mvc3 application with forms authentication. But the our client request AD authentication as well. But the mvc3 app is hosted outside the clients network. What are the possible solutions for this.
Get permission to access the clients network from remote server.
Get an API to access the active directory data from webserver.
If we choose opt one how could we access active directory for authentication from outside the client network. I anybody have any idea or better options please let me know. Thanks in advance.
My guess is that the Microsoft security products can support this out of the box but I'm not sure how so I suggest that you direct your question to whoever supplies your client with their Microsoft product support.
If you'd rather build a solution so that you've got more control over how it works a quick search found an interesting approach at https://support.freshservice.com/support/solutions/articles/169196-setting-up-active-directory-single-sign-on-sso-for-remote-authentication where they created a simple ASP.Net web site that used AD authentication for sign-on. MVC 5 can build a WebApi site that does that just by creating a new project in Visual Studio with the right options.
That site wouldn't have to do anything except confirm that the credentials supplied were valid or not. Your application would ask the user to enter login / password details, then send a (properly secured) web request to the authentication site to determine whether they're valid. As long as you keep the communication between your server and the client web service tightly secured this should do what you need without much fuss. That approach removes the need for your server to communicate directly with the client's AD server.
I have successfully installed a “Security Service Token”.
I have a Wcf-Rest service that is running under the STS created as security.
I am calling the Wcf-Rest service from a Web page using ajax. I would like get the Claims that I have received in the web page once successfully log-in in the STS.
I am able to pass the encrypted cookie, but the wcf-rest service cannot read any claim.
Does Wcf-rest (webHttpBinding) support this possibility?
With a bit of plumbing - yes.
Securing WCF Data Services using WIF
Also see Claims Based Identity & Access Control Guide which has some chapters on REST.
We have three servers that all share the same database. One server is internet facing.
I have a web page in an IFRAME in CRM that talks to the CRM web service using the standard method of connecting for on-premise. When this IFRAME is displayed through the IFD with users logged in through the forms authentication element, you are asked for login credentials.
How do I get around this?
EDIT
The IFRAME that targets the CRM service is on four servers. Two of the servers are used for IFD and On-premise use. The other two are for on-premise only. They are all in the same domain. All of the users are internal users that can log in through the web if they are using a customer's computer or a machine in an Internet cafe and therefore can't use the VPN.
A few questions to better understand you issue. Is the iframe which targets CrmService on the same IFD server? Is the IFD server on the same domain as the rest of the servers? When you say users are logged in are you refereeing to local domain users or external users?
I suspect the problem is not the services, but the IFrame. When you authenticate to MSCRM via on-premise you are doing Windows Authentication, and when you should the IFrame that authentication request is done again. Since the browser knows everything it needs this is all handled transparently.
When using IFD, you are not using authentication on the web server level - you are doing it using forms based which is on the application level. You IFrame though is still wanting authentication, and thus the iframe prompts for authentication.
If you were having a service problem, the IFrame would display and what ever action triggers the service call would fail with a 400 or 500 error.
So the question comes in how do you build a web page that can cater for windows authentication and forms based? Well that is easy in MSCRM, first make sure you are not running authentication on the web page - set it to anonymous. That ensures no more popups, then make sure you use the CrmAuthenticationToken code to get the token and use that for all calls. You should not be setting the .Credentials property of the service itself.
Assuming you're deploying your page within the CRM website (and not its own virtual directory) then here is pointing you at the SDK article for what Robert mentioned:
See the SDK topic titled: Authentication from an ASPX Page.
In my experience you should always use the CRMImpersonator in your web pages within the CRM website.
Now if you've got your own page running on its own website:
You'll want to see the Discovery service and obtaining a CRM Ticket for accessing the services.