locked
Reinforcing authentication in LS HTML Client applications RRS feed

  • Question

  • Hello,

    I'm doing some research on wether is possible (or not) to reinforce authentication in LS, for example implementing OTP (One time Password)+OAuth, or even better, integrating with digital signature tokens (using PKCS#11).

    The specific requirement is to try to make sure the user entering the App is who she/he claims to be.

    If someone out there has something to share, it would be very welcome.

    Thanks.


    Nicolás Lope de Barrios
    If you found this post helpful, please "Vote as Helpful". If it actually answered your question, please remember to "Mark as Answer". This will help other people find answers to their problems more quickly.

    Thursday, June 25, 2015 11:26 PM

All replies

  • HI,

    In lightswitch, we can use a custom membership provider, or social media credentials, etc. For OTP (One time Password)+OAuth authentication, I noticed that it’s existed in two-factor authentication to an application using ASP.NET Identity

     Identity uses an implementation of the RFC 6238 Time-based One-Time Password algorithm (TOTP) for generation of the PIN used for two factor authentication. The PIN generated is 6 digits in length and is valid for a period for 180 seconds (3 minutes).

    With regards,

    Angie


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    • Edited by Angie Xu Monday, June 29, 2015 7:30 AM
    Monday, June 29, 2015 7:30 AM
  • Thank you Angie. I've read the articles you provided. The first two ones are too outdated, and it seems like too much work writing my own membership provider. I don't want to reinvent the wheel here.

    ASP.NET Identity looks great, and as it's stated in their homepage, http://www.asp.net/identity, "The ASP.NET Identity system is designed to replace the previous ASP.NET Membership and Simple Membership systems. It includes profile support, OAuth integration, works with OWIN, and is included with the ASP.NET templates shipped with Visual Studio 2013."

    Except, of course, LightSwitch.

    Do you know if it would be integrated with LightSwitch with the upcoming release of Visual Studio? or if it's possible to replace the ASP.NET Membership provider with ASP.NET Identity on a currently finished App?

    thanks.


    Nicolás Lope de Barrios
    If you found this post helpful, please "Vote as Helpful". If it actually answered your question, please remember to "Mark as Answer". This will help other people find answers to their problems more quickly.

    Wednesday, July 1, 2015 1:48 PM
  • HI Nicolás Lope de Barrios,

    Thanks for your feedback.

    According to current information, currently we can't use asp.net identity in Lightswitch application, other community member post this request in Visual Studio Uservoice site, we can vote there.

    With regards,

    Angie


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, July 7, 2015 8:44 AM
  • OK, thank you Angie. I'm going to look at these steps https://www.asp.net/identity/overview/getting-started/adding-aspnet-identity-to-an-empty-or-existing-web-forms-project to add Identity to an empty Project. If someone cares to join me, it would be great.


    Nicolás Lope de Barrios
    If you found this post helpful, please "Vote as Helpful". If it actually answered your question, please remember to "Mark as Answer". This will help other people find answers to their problems more quickly.

    Tuesday, July 7, 2015 2:17 PM