I have a new MVC6 solution that uses ASP.Net Authentication and OAuth.
For my Account controller, I am able to retrieve the logged in Context.User.
However, I am not able to retrieve the same values when using another controller. Context.User.Identity fields all have null values.
How do I enable my other controller to retrieve the logged in user?
UPDATE: As mentioned in the comment trail in an answer below, the problem was in the client, not in the server, as the client was not sending the proper credentials for ASP.Net Authentication to identify.
First of all Microsoft merge Web API and MVC in MVC 6, so we can say there is no "WebAPI" anymore.
Maybe you are using MVC 5 and add the wrong tag? If that's the case maybe this or this can help you.
Related
I think this is the first time to ask a question here, but wanted to try. Hope I got this right. I have searched all over web but nothing seems to come up for this scenario.
On a Test Project, I was going to have a ASP.NET Web API that will be exposed to the web. It will have authentication and authorization. The roles will be managed thru the Web API. I will have a ASP.NET CORE MVC app as one of the clients accessing the Web API.
What I would like to do is pass the users roles (in a Claim?) from the Web API into the Web Site and have the roles be used in the Controllers Authorize as well as in the views (menu filter and button disable functionality). Of course the issue is the separation of the Website from the Web API.
I have seen tutorials where the role is passed to a Angular/React/Vue site but I am trying to see about this in a Asp.net Core website.
I think I want to pass the claim(with the Roles) to the Website and have it use it as if the website was accessing the DB directly.
Just trying to figure out how this would be done.
Any direction would be appreciated.
Thanks
We have our own existing we portal in ASP.NET MVC, now our one of the customer do not want to use our portal as separate tool, instead they want to consume our feature via WEB API and consume it on their side.
Now I want to implement authentication and authorization in web API, I did google to find my question's answer, but didn't get it.
I am confused in below points.
Is it best choice to OWIN the default implementation which Microsoft provide? or some custom implementation?
What are the advantage and disadvantage to use OWIN in terms of security?
When to Use JWT (Json Web token) and OWIN?
Or any other implementation which help to create more secured web API?
Looking for all expert's valuable to input to help me to decide.
I implemented something similar. This is how we work: we have our application (MVC app) which permits us to login. Logging in uses a separate mvc project (our STS) which handles all user authentication. When our login and password is posted correctly, we generate a JWT which is returned to the MVC app. Back on the application side, we decode our token and build up the claims in it in an asp.net application cookie.
We also have a separate project containing our WebApi REST methods. Those can only be called by using the JWT generated by our STS. We elaborated this more with a custom attribute so we can set permissions on specific permission or role claims that are in the token.
For creating all of this, i was helped very much using these series of articles: http://bitoftech.net/2014/10/27/json-web-token-asp-net-web-api-2-jwt-owin-authorization-server/
In terms of architecture this is in my opinion 'how it should be' but i am not an expert in this.
So summary:
Web Application - application cookie to authenticate/authorize
Calling WebApi Rest methods - using the JWT to authenticate/authorize
Separate STS which takes in POSTS to authenticate and generate JWTs
My solution directory has ASP.Net 4 web-forms project, that at present has all the development of my website.
The plan is migrate some of the existing front-end to ASP.Net5/MVC6 web application. And for that to happen, I have added ASP.NET 5 empty web application to the existing solution directory. The reason I have decided to use blank template is so that I can add all the required capabilities myself, and understand the flow better.
Capabilities like MVC, Session, Caching, Logging etc.
I have added MVC capabilities. And to add Session related capabilities I have followed the steps given in the below documentation,
https://docs.asp.net/en/latest/fundamentals/app-state.html#installing-and-configuring-session
After this, I am able to add the access the Session in my controller class. I can put some values in the session and can access it in view to verify Session is operating fine.
Both of my web applications (ASP.Net 4 and ASP.Net 5) would be running side by side, and I want to enable user to navigate back and forth with a single sign on. That effectively means, they to share same session.
And hence, I am looking for a way to access SessionID from the Session, so that I can check whether the value is same for both the websites, however there is no method that gives me SessionID...
Can someone explain why it is so and how to retrieve unique session identity?
This is a a topic with a variety of opinions around the web.
Basically i am developing a SAAS application using ASP.net MVC 3.
I wanted to know what would be a good way of storing user_id to see if the correct user is authenticated?
I know the classic session asp.net method but really want to avoid this.
Any suggestions would be great
One thing is that you can Authorize the users simply in the controller method. There you can authenticate an individual user/s or group/s.
If you are using ASP.NET Membership provider,
Guid userGuid = (Guid)Membership.GetUser().ProviderUserKey;
This will work. Please comment if you need any other guidance.
Does anyone know is there a way to implement Windows Live ID authentication into your ASP.NET MVC site. I am moving a project from Web Forms to a MVC solution and do not want to rebuild the database so ASP.NET Membership mentioned in windows-live-id-in-asp-net-mvc is not a valid solution.
And just to avoide this question the customer not want to use Open ID.
I don't fully understand your question, but here's an example of a MVC.NET app which uses LiveID but doesn't use an ASP.NET Membership provider:
http://blog.smarx.com/posts/actually-i-m-a-cia-agent