I was thinking about writing my own MembershipProvider for my web app. People won't normally register but will be supplied with login info. Will membership then not be the right thing?
I still will have some roles and such as well and I might wan't to be able for people to Authenticate using ClientCertificate instead of normal login. I still wan't them to be membership verified (there is a identifiable field in Certificate and Database I could use) and use roles and such.
Is MembershipProvider perhaps only used with original login Authentication and not authorization?
There doesn't seem to happen anything special when a user is validated so hwo does the authorization atrtibute know who is autorized?
The existing membership works just fine if you want to supply login info. There is no requirement that user registration be initiated by the user. Just take the standard code and let the site administrator run it.
Yes, membership is just for authentication. The out of the box feature for authorization is the roles feature.
Related
Am I mad?
I can create authentication providers using OWIN and ASP.Net Identity for Facebook, google, etc. But I have a requirement to authenticate my users against Windows. I'd rather not require the configuration of AD, or to tell IIS what Domain to authenticate against; I just want the IIS to authenticate as if the settings was Windows Authentication in the Web config.
But then I want to be able to get roles and user details. I want Roles in SQL Server. I also require the user first and last name, which are not directly available from windows auth).
In the past I have done this with a mixed authentication middleware, and grabbed the user details from the principle context when creating the user, store that in SQL, and in the authentication cookie. but this seems a bit of overkill here.
Has anyone succesfully used basic Windows Authentication but held roles and first/last name in sql?
thanks
Yes, you can use Windows authentication with ASP.NET and IIS.
This article, should be a good start.
You can then store users and their AD groups in the application, and manage access based on that mapping.
I am editing a template with authentication enabled in MVC with OWIN. I want to disable the authentication in the template and use an oracle db in the server to login the users. I searched on how to disable the authentication but found no result. I don't have option for registration. The user should be logged in if the user name and password is in the db.
There might be some confusion.As far I can understand from your question you want to remove authentication because you want to use oracle authentication. But, You can keep your authentication module and use oracle db no problem. If you are using Microsoft Identity check here and here. Things might have changed a bit.
You have to implement your for Oracle:
User (Microsoft.AspNet.Identity.IUser),
Role (Microsoft.AspNet.Identity.IRole)
UserStore (Microsoft.AspNet.Identity.IUserStore)
UserManager (Microsoft.AspNet.Identity.UserManager)
RolesStore (Microsoft.AspNet.Identity.IRoleStore)
RoleManager (Microsoft.AspNet.Identity.RoleManager)
I am working on allowing users to log into my site using either facebook or the standard asp.net membership.
I am using the c# facebook sdk.
The first time the user logs into the site using facebook I create a new user in the membership database using their facebook id as their username and generate a random password.
So all is good I have created the new user account however I am not sure how to authenticate the logged in user against my membership database.
Within FormsAuthentication I can see a method to authenticate
FormsAuthentication.Authenticate()
It requires name and password.
Can I authenticate the user against my membership database without knowing the password? I don't want to know the password so I need to ensure a random one is always generated.
Don't know if that's your case but maybe SetAuthCookie() method will solve your problem.
http://msdn.microsoft.com/en-us/library/system.web.security.formsauthentication.setauthcookie.aspx
I'm trying to figure out how should I integrate facebook login system in my existing application through facebook c# sdk.
I have a web forms application and I'm authenticating users by standard Login control.
I'm using MembershipProvider, RoleProvider and ProfileProvider.
I'm thinking I should persist FacebookUniqueID and put it into relation with existing informations on my Membership Users table.
I'm wondering wich is a correct approach to this.
Considering I have a custom Profile Provider that uses a custom sql table, it would be fast to add a FacebookUniqueID property to my user profiles and use it in my login workflow:
Login through facebook;
retrieve facebookUniqueID;
retrieve userName for the user that
have this specific facebookUniqueID,
then
FormsAuthentication.SetAuthCookie(userName, bool);
What about providing an overload for the previous method taking facebookUniqueID as parameter?
Please let me know what do you think about this from any perspective and if anyone knows a simple working example
I think you are on the right track. We implement a similar solution (though we have rolled our own custom membership/role/profile etc and don't use the built in approach.)
You also will have to handle the situations that occur when a new user (without an existing account) logs into your site via Facebook.
I'm working on a web application that uses the ASP.NET 2.0 Membership and Roles providers with Forms Authentication. There are various roles in the system. I need to have a user role that is essentially a super-user that can "login" as any user account (in effect impersonating the user).
Does anyone know if this is possible using the providers? Any ideas?
One approach I was thinking of was to logout the super-user and sign them in as the desired user with
FormsAuthentication.SetAuthCookie(username, false);
And adding a variable to their Session to flag them as a super-user. I think this would work, but I was just wondering if there's a smarter way to do it without directly using the Session object?
Asp.net approach doesn't support the concept, so you are right on trying to find an alternate way.
Something that you can do is add the IsSuperUser info to the authentication ticket UserData property.
Why don't you have a SuperUser role that can do anything? Then the user can be just part of that role.
If what you really need to have is an ability for an administrator to impersonate someone else, I don't know what is the additional flag for? If it marks the currently logged in user giving him super powers the same will be achieved by setting up a role. If you, however, need to just impersonate someone else (e.g. this is help desk and you need to see exactly the same as the end user sees) - I would just check the credentials normally, then check if a superuser is logging in and who they want to impersonate and based on that just authenticate the logging in user as the one that he's willing to impersonate.
I hope what I wrote makes sense...
Here is what I would do. Sorry no graphics, on ipad here in bed...
1) use claims based architecture. Its easy to implement, see my project.
2) essentially impersonated user will have a second identity on the claims principal object, but will have different realm (realm may be wrong word, the string you use to create the identity)
3) You can construct the identity of the impersonated user and manually build their claims.... They should get written to the token immediately. I would look at a generic Claims Transformer class to do this.
4) You may need to adjust the way the site behaves, based on the presence of a impersonated identity, but thats the fun part.
Working WIF implementation
https://github.com/wcpro/scaffr-generated