Tuesday, 2 June 2015

Asp.Net Identity for Web Forms Introduction

I am starting a new series on the new Asp.Net Identity there are plenty of resources for MVC etc. but little for Web Forms so i thought I’d do a little investigation and document it here.

I am using Visual Studio 2013 Ultimate, remember Visual Studio 2013 Community is the new free edition of Visual Studio 2013 it is equivalent to Pro but has been stripped down to make it a smaller download, but I believe most of the bits that have been removed to create the community edition can be added back in, see Connect(); Microsoft Visual Studio vNext & Azure on Channel9.

Overview of the new Project Templates

Requirements .Net 4.5 and above, if you select .Net 4 as your framework type from the new Project dialog you will not see the One ASP.Net dialog and you will get the classic Membership added and this is not what you want as we are talking about the new Identity system.

web-forms-dot-net-4-web-application

Add new project template here for comparison.

Figure 1 – .Net 4 Web Application Project

Now we need to select the project template with a .Net framework of 4.5 as a minimum.

selecting-the-project-template

Figure 2 – Selecting the project template

one-asp-net-dialog

Figure 3 – The One Asp.Net dialog

You will get the One Asp.net dialog from this you can change the the authentication type.

change-authentication-dialog

Figure 4 – Change Authentication dialog

Let’s examine the four options offered here:

No Authentication

This is simple enough no authentication will be added to the project, it’s worth noting that this is not the default so you will need to select this option of you want a project without authentication.

change-authentication-dialog-option-2

Figure 5 – Option 1

Individual User Accounts

This option is equivalent to the old Membership system default,

change-authentication-dialog-option-1

Figure 6 – Option 2

Organizational Accounts

This is an area of big improvement over the old Membership system allowing us greater flexibility, all these options are using some form of Active Directory Federation Services Overview i.e. ADFS, Azure Active Directory. but none connect directly with Active Directory if I understand this correctly, this is probably a good thing as the issue with AD is that it’s slow so if you are looking for Roles membership in AD you would need to cache as the delays can become very long.

change-authentication-dialog-option-3a

Figure 7 – Option 3

change-authentication-dialog-option-3b

Figure 8 – More Options

  1. Choose this option to connect to your Microsoft Azure Active Directory tenet.
  2. Enter the domain name of you Microsoft Azure Active Directory tenet.
  3. Indicate what access the application will have to the directory. For an application that queries the directory using the Directory Graph API, choose an option that enables reading or writing.
  4. Enter a unique URI to identify this application. (If you leave it blank, a URI will be created automatically by appending the project name to the Microsoft Azure Active Directory domain with a number if needed to make it unique.)

change-authentication-dialog-option-3c

Figure 9 – On-Premises option for Active Directory

  1. Choose On-Premises if the organization manages user accounts by using Windows Server Active Directory or ADFS and you don’t want to use Microsoft Azure Active Directory.
  2. The metadata document contains the coordinates of the authority. Your application will use those coordinates to drive the web sign on flow.
  3. Provide a unique URI that Windows Server Active Directory can use to identify this app.

Windows Authentication

This is the same as the original Windows Authentication, in fact if you look at Figure 11 you can see the changes to the web.config are the same as the always have been for “Windows Authentication”.

change-authentication-dialog-option-4

Figure 10 – Option 4

option-4-web-config

Figure 11 – web.config authentication changes

So that’s the introduction done next we will be adding Identity to a existing WebForms application.

2 comments:

Ron Palmer said...

Hi Steve

Great post, I am just about to get back into Dynamic Data, I do have a quick question though regarding security, before we used to use "Microsoft Membership" to secure our dynamic Date projects, do have you a tutorial for adding "Microsoft Identity" to a Dynamic Data Project? as that would be pretty cool.

Stephen Naughton said...

Hi Ron,I don't sorry I use my own that I rolled as the built in was not good enough for my needs,I do have an article on that on my blog. I have the customisation for identity to come also.