locked
How to implement a web form application with Windows authentication combined with OWIN identity ? RRS feed

  • Question

  • User-609535877 posted

    I got a assignment to implement a web form application to display SSRS reports using Visual Studio 2017.

    It requires AD domain account to log on the application but not all domain users are the application users so I want to apply OWIN Identity to authenticate the users and authorize the user's application role  from database

    It also has admin role to register users and assign their application role.

    Could you give me some ideas how to implement the application or give me some sample code? 

    Thanks a lot!

    Tuesday, February 12, 2019 2:43 AM

All replies

  • User2142845853 posted

    How familiar are you with OWIN?  and Katana (Microsoft's implementation)?  If you create a new webform project and use Individual Accounts in authentication, it will generate the OWIN code to create a working basic system to let you login.  Using AD can be done by a couple lines of code once you know the AD address.

    You can setup your database with the standard OWIN login fields like roles, users, per the standard then using Migration commands you can generate the SQL code to create your tables, then use that in SQL management studio to create them in some other sql database.

    Nothing exists to manage the users and user roles, it has to be done from scratch which is odd given NuGet.  

    If using webforms you put your active forms in a folder, then include a file called web.config, not to be confused with the MAIN web.config. but in each folder you have an access web.config that you define which roles have access to what, then specify everyone else is rejected.  MVC is much better where you specify that on top of the method in the controller. 

    You may be told about "IdentityManager 1.0" and see the name Brock Allen. I wasted a couple months assuming that it worked. It does have a nice UI for doing user admin, its all written in Angularjs which you could extract if Angular is your language. 

    Tuesday, February 12, 2019 4:19 AM
  • User283571144 posted

    Hi zhao790,

    It requires AD domain account to log on the application but not all domain users are the application users so I want to apply OWIN Identity to authenticate the users and authorize the user's application role  from database

    It also has admin role to register users and assign their application role.

    Could you give me some ideas how to implement the application or give me some sample code? 

    According to your description, I suggest you could try to use OWIN Mixed Authentication library to achieve your requirement.

    You could directly install it by Nuget:

    PM> Install-Package OWIN-MixedAuth

    About how to use it, you could refer to below article:

    https://github.com/MohammadYounes/OWIN-MixedAuth 

    Best Regards,

    Brando

    Wednesday, February 13, 2019 2:29 AM
  • User-609535877 posted

    rogersbr, thank you for your advice.

    I am not so familiar with OWIN Identity and still a lot of stuff to learn. I try to use Windows Authentication template in Visual Studio 2015 to implement this project.

    I read some of your posts in this forum regarding your project. DO you have any sample code for your AD version application.

    Wednesday, February 13, 2019 1:32 PM
  • User283571144 posted

    Hi zhao790,

    I am not so familiar with OWIN Identity and still a lot of stuff to learn. I try to use Windows Authentication template in Visual Studio 2015 to implement this project.

    I read some of your posts in this forum regarding your project. DO you have any sample code for your AD version application.

    Do you mean you just want to enable the windows authentication for your project not mix windows auth and owin auth?

    If this is your requirement,  you just need to use Windows Authentication template in Visual Studio 2015 to implement this project.

    If your iis server is inside the AD domain, you could use AD user to access your web application.

    If you want to Restrict access according to the AD role, you could try to use web.config to achieve your requirement.

    Like this:

    <configuration>
      <system.web>
        <authorization>
          <allow roles="domainname\Managers" />
          <deny users="*" />
        </authorization>
      </system.web>
    </configuration>

    More details ,you could refer to below article:

    https://support.microsoft.com/en-sg/help/323176/how-to-implement-windows-authentication-and-authorization-in-asp-net 

    Best Regards,

    Brando

    Thursday, February 14, 2019 8:59 AM