My company is thinking to use Orchard CMS as the framework to our intranet application. Speaking theoretically, it should work; however, I'm facing troubles finding information about using it with existing setup. We already have about database, from the old application, we already have our accounts, logins, etc. based on ASP.Net Memebership Provider, and we already have our own custom authorisation, roles, etc.
Can someone guides me to the direction where I find information about how to "plug" Orchard CMS to an existing ASP.Net Memebership Provider, and apply custom authorisation logic?
Basicaly you need to override Orchard's IMembershipProvider.
Have a look at this answer and also at Piotr's blog post blog post
Related
I think this is the first time to ask a question here, but wanted to try. Hope I got this right. I have searched all over web but nothing seems to come up for this scenario.
On a Test Project, I was going to have a ASP.NET Web API that will be exposed to the web. It will have authentication and authorization. The roles will be managed thru the Web API. I will have a ASP.NET CORE MVC app as one of the clients accessing the Web API.
What I would like to do is pass the users roles (in a Claim?) from the Web API into the Web Site and have the roles be used in the Controllers Authorize as well as in the views (menu filter and button disable functionality). Of course the issue is the separation of the Website from the Web API.
I have seen tutorials where the role is passed to a Angular/React/Vue site but I am trying to see about this in a Asp.net Core website.
I think I want to pass the claim(with the Roles) to the Website and have it use it as if the website was accessing the DB directly.
Just trying to figure out how this would be done.
Any direction would be appreciated.
Thanks
I have an ASP.NET 5 (RC1) application for which I am trying to set up authentication and authorization. However I am confused and overwhelmed by all the varying authentication and authorization information online in as it pertains to this platform. Much of it seems either hopelessly out of date or simply doesn't seem to apply in this particular usage scenario. Right now, I'm not even sure what the right 'terminology' to use for the question I am trying to ask, but I digress.
What I am trying to accomplish is a system whereby users are authenticated/authorized via Azure AD (B2C?), with additional user profile information stored in a database. However, the user context in the controllers is accessed in a consistent way using what I presume would be a custom ClaimsPrincipal/ClaimsIdentity? I would imagine this should be as simple as adding an 'authorize' attribute or something similar and accessing the ClaimsPrinciple.Current.Claims.
I have used ASP.NET Identity in the past, but many of the examples I have found aren't using that. Most are simply using the UseOpenIdConnectAuthentication middle-ware. I see that ASP.NET Identity is still available but I'm not sure it applies in this scenario. I also found a couple posts on here suggesting using a custom ClaimsIdentity to accomplish this, but I am having trouble finding useful up to date examples. BTW, I realize that much of this "profile" information can be stored as custom attributes in azure ad but the way some of the information is used within the application prohibits all of it from being in azure (i.e. EF linq joins and such).
Please, tell me if I am even close on some of this. I know this is a fairly new platform and the information is sparse, but certainly I'm not the only one asking these questions.
Just calling out an excellent article Identity management for multitenant applications in Microsoft Azure.
A lot of your questions are answered there.
e.g. you can augment the claim in the OWIN middleware AuthenticationValidated event.
ASP.NET Identity is claims-based in that the attributes are delivered as claims but authentication is on the DB, not via external IDP like Azure AD.
B2C is a special case in Azure AD - used for many (millions!) external users who can self-register and self-manage e.g. SSPR.
B2C uses a separate tenant to the normal Azure AD one and the users have no access to things like O365 or any SaaS applications.
I'm working on a school project and I need to implement Role-based authorization in an ASP.NET mvc3 application. Currently the application only stores the user's role in a field in the database and there is only one login page. I need to alter the entire application in other for it to grant different content to different users including admin, supervisor and counselors (counselors are able to input new client info and edit and view client information that they inputted. Supervisors can view and edit all client info and also view and edit counselor info. Admin has crud access to everything on the application.)
I'm not sure about what other info to provide about the application but i'll really appreciate any help i can get as i am new to ASP.net mvc as a whole. Most of the tutorials i found focus on specific piece of the role based approach. I need more of a bottom-up approach to implementing the roles and its authorization.
Take a look at ASPNET configuration tool. I believe that it's what you're looking for:
Visual Studio 2013 and ASP.NET Web Configuration Tool
http://msdn.microsoft.com/en-us/library/yy40ytx0.aspx
I'm learning how to write simple websites with MVC 3. I have a little problem with loging on to my website. I created an account via ASP.Net Configuration site and there is no problem to log in unless I try to do this not on localhost. When I use log in form on my published online site, it takes a while and redirecting me to /shared/error. What did i wrong? Maybe I forgot about some libraries? I use default Account system, just this one which is created in new Web App project.
What are you using for persistence on the server? the ASP.Net Configuration is creating a user account in a database. If you don't explicitly specify a database, one is created for development purposes for you, but it is not copied to the server.
Also, there are some tables inserted into the database for you by the ASP.Net Configuration site for supporting users, roles, etc. These tables would need to be created on your server. see Creating the Membership Schema in SQL Server
If possible, you should consider MVC 4 instead of MVC 3, since the pre-built templates for it use Simple Membership instead of the full featured ASP.net Membership providers. Simple Membership uses only a few tables, and the views and stored procedures have been removed.
Does anyone know is there a way to implement Windows Live ID authentication into your ASP.NET MVC site. I am moving a project from Web Forms to a MVC solution and do not want to rebuild the database so ASP.NET Membership mentioned in windows-live-id-in-asp-net-mvc is not a valid solution.
And just to avoide this question the customer not want to use Open ID.
I don't fully understand your question, but here's an example of a MVC.NET app which uses LiveID but doesn't use an ASP.NET Membership provider:
http://blog.smarx.com/posts/actually-i-m-a-cia-agent