I want to use my own table for user login and role in asp .net MVC 5. So that I can get Custom identity value in controller and can check authentication and authorization in controller.
I see these
http://www.dotnet-tricks.com/Tutorial/mvc/G54G220114-Custom-Authentication-and-Authorization-in-ASP.NET-MVC.html
http://blogs.msdn.com/b/webdev/archive/2013/07/03/understanding-owin-forms-authentication-in-mvc-5.aspx
but can not get good answer any body can help me?
Look at System.Web.Security.Membership
I would register the user on your database using EF then call the CreateUser Method with the creditentials.
You can then validate the user against your stored email/username and password
using the ValidateUser Method.
Hope that helps
Related
first I am not good in English but trying to explain my problem here I use c# .net framework example and assign app.config as - use my app integration key in ds_client_id and use DS_impersonated_guid from admin >users menu >edit user >next to email user guid . and use private key generated for my app but still it gives me invalid grant exception. please also explain where Key and from where their value will come.
The JSON Web Token (JWT) grant is an OAuth 2.0 flow that is used to grant an access token to service integrations. Each request to a DocuSign API must include a valid access token.
When you use a service auth flow, your user is not going to be prompted to login to DocuSign, but you still make API calls for the user, after consent was given for the application (which is represented by the Integration Key) to do so.
The example we have for C# should work for you. I'm not sure if that's how you started. I recommend you clone the git repo - https://github.com/docusign/eg-01-csharp-jwt-framework and then update the config with your IK as well as ensure that all the information is valid and consistent.
"Invalid Grant" exception suggest that maybe your IK is not set correctly. There are 2 options in the "keys" page to set an IK for either flow. Make sure you have the correct checkbox checked (for implicit flow) and double check all the information.
I have an API eg. http://www.myportal.com/login and when we call this URL it asks for username and password and after successful login, it returns an access token.
Same thing I have to implement in Loopback4 by calling the above URL.
Please give some idea, will appreciate your help.
Based on your question, what you need to do is do authentication using passport-local strategy and then create a jwt token with authenticated user obtained.
But to do this, you will need to create a separate component with decorators and providers in loopback4. Loopback 4 team is working on ways to provide such features out of the box in the framework. But its not there yet.
We created a loopback extension for the same which supports 4 different passport strategies. You can use that from here. Hope it helps.
If I have two .net core WebApi Controllers, AdminController and UserController (in one project). And both requires authorization then how can I set them as 2 scopes in IdentityServer4 so that Admin user would have access to both controllers but simple user could not access Admin controller but simple user controller only? My client is of Angular 2 type. And is there any example where Role based authorization is also shown ?
Thanks,Maverick
Not the definitive answer to your question probably (since it doesnt involve 2 scopes) - but it might lead you somewhere.
Im assuming your using the TokenValidation middleware, and that your api is setup using IdentityServerAuthentication
You can have a role claim, which indicates what role the user has (ie. user, admin).
Then you can put up a check on the role for the admin api using the [Authorize(Roles="admin")] attribute, and for the user api, just use [Authorize] which ensures that a user is logged in, or specify both roles as a comma separated list ([Authorize(Roles="admin,user")]) if needed.
i.e:
[Authorize(Roles="Admin")]
public class AdminController : ApiController
{
Here is a link to the docs on the Authorize attribute for .net Core:
https://learn.microsoft.com/en-us/aspnet/core/security/authorization/roles
I'm trying to construct this following solution - https://social.msdn.microsoft.com/Forums/azure/en-US/2d527121-42dd-4ed3-a68f-a70ad0a36c0d/get-user-info-like-name-email-id-etc-from-authentication-token-in-net-backend-mobile-service?forum=azuremobile&prof=required
This is based on C# solution. Since we are new on this Azure Mobile App, we are taking the approach of using Node.JS instead as per Quick Start solution/Xamarin doco.
How do we turn this into node.JS backend then?
Thanks
You can use the App Service Authentication/Authorization feature for this.
Retrieving the email from the auth token also depends on the authentication source. For example, if you are using MSA, the email is not part of the claim. Please refer my blog post on how to add the email field in the claim in case of MSA.
https://blogs.msdn.microsoft.com/kaushal/2016/04/01/azure-web-apps-how-to-retrieve-user-email-in-the-claim-when-using-microsoft-account-as-a-provider-in-easy-auth/
I have VS2013 MVC5 project with Individual User Accounts. I modified Startup {Configuration(IAppBuilder app)} so that UseOpenIdConnectAuthentication is the only allowed authentication.
Users can register in the AspNetIdentity DB using the out of the box MVC project template plumbing. After registration, Users login with OIDC.
The OpenID Connect STS (IdentityServer3 with AspNetIdentity) returns a security token with claims and roles. These claims are available from the authenticated ClaimsPrincipalin the Request.GetOwinContext().Authentication.User.
However these claims are missing from the Controller.User (Current HTTP Request context).
Is it a good thing to make the two ClaimsPrincipal match?
QUESTION: If so how and where do I do that? I'm not an expert and wonder what about OpenIdConnectAuthenticationNotifications.SecurityTokenValidated or
Application_PostAuthenticateRequest?
I realize this is a side-effect of mixing MVC5 System.Web with OWIN middleware for OpenIdConnect, rather than the default MVC5 project authentication middleware.
if you are working with ASP.NET 4.6 and Katana 3.x you should be able to access the claims you want from ClaimsPrincipal.Current.
See the comment below