Securing Rest API content using .Net Identity Framework - rest

Can anyone provide direction on how to add a Rest API to an existing Azure .net website as an alternative to receive private information? Like many website, we already have good U&P authentication via .Net Identity Framework over SSL to protect the U&P and content.
There are a lot of .net C# websites that have implemented the .net U&P framework that works great over SSL. With the proliferation of Rest APIs, we need to provide these users capability to login with their already existing credentials via Rest API so how can we simply extend this?

Related

How can I call the Salesforce API from .NET Core

We are presently calling Salesforce using their SOAP API in our app. It is .NET Framework based (written in C#).
We're trying to move it to .NET Core which does not support System.Web. The Salesforce SOAP client is built in VisualStudio using WSDL and that creates code using System.Web.
Salesforce also has a REST API, but unfortunately it using OAuth for authentication and our system is used by many of our customers on servers that there is no one on it to respond to an OAuth login. So we can't use that.
What's our best option here?

.net webapi OAuth2

I am making an API in .net that is using WebApi. The API is going to be consumed by an adroid native application. I would like to implement OAuth2 for authentication however I don't want to use Entity Framework and the baked in implementation when you create a project seems to use that. Is there an easy way to implement the OAuth2 modules without the Entity Framework integration or do I have to try and write my own classes that implement the same interfaces as the user classes in Entity Framework?
You don't need to. That's just there for convenience. First, you need to understand how OAuth works from an Authentication Server perspective. I have a feeling you are using OWIN.
In that case, you need to enable OAuthAuthentication and use their delegates to intercept when clients are calling your API for authentication (so that you can generate a token). Then you just authenticate against a database... worst case scenario you can do.. "SELECT u, p from Users where u = 'user' and p = 'password'.... My point is that you don't need Entity Framework at all. Once you have a valid user, then you create a token, add some claims to it and send it back. Done. There are plenty of examples online.

SSO for Wirecloud/IdM and Moodle?

Looking for best practice instructions on how to integrate a Fiware/Wirecloud with Moodle. It would seem that Fiware/IdM should be providing the user data and Moodle connects via one of its plugins. Moodle offers a number of different authentication options (actually too many, difficult to decide best path). Ideally, once logged in, Moodle pluggins should also be able to access other FIWARE backend services.
Should be possible in principle but I notice that the Fiware academy http://edu.fiware.org/ does not have SSO with the FIWARE lab :-)
WireCloud supports using the OAuth2 token provided by the IdM to access third-party services, so the real problem is how to integrate Moodle with the IdM (as commented by #Meier).
There are some moodle plugins like auth_googleoauth2 that supposedly offer support for adding your own OAuth2 providers. Take into account that probably you will need to make more modifications to this kind of plugins as usually the OAuth provider are only used for the sign in process, but this doesn't mean that you will be able to use the OAuth2 token as valid credentials for making request to the web service API.

Testing REST APIs which use OAuth 2.0 using robot framework

How do we test RESTful APIs which use OAuth 2.0 using robot framework?
Do we have any keywords available? So far I have used HTTP Basic authentication which is very simple.
Please let me know if there is already have implementation for this.
You can use any general-purpose HTTP Requests calls or libs to do OAuth, as long as you set the credentials in the Authorization header. See How to make a POST (ReST) API in Robot framework with for more info.

How to login on ios device with django server?

I am making an ios app that requires a webservice. The webservice will be using an already-in-place and completely unchangeable (for my purposes) database that is handled by Django. I know how to set up the UI and develop apps in general, but how do I manage the backend side / client side for login? I noticed some people talking about TastyPie when I researched the topic but I am unsure about what exactly that entails. I've been using php for the rest of the service - would using TastyPie make me write it in some other language? Is TastyPie really necessary?
Furthermore, I saw someone say that one may just put a UIWebView and then take the cookie out of it when the login. Is that feasible? It sounds like the easiest option.
Thanks for any help!
Tastypie is just a Python Django framework to help developers write REST APIs easily.
Yes using Tastypie will make you write APIs in Python. Tastypie is not necessary to write REST APIs.
In your case since you can not change the database. I would suggest you to write REST API in Python Django and use django.auth login method after authenticating the credentials. login method will create the session key for you. You can send back that key in response and then pass that key to all the subsequent REST API calls. Do not use Tastypie for writing this API as Tastypie will require you to add some tables in the DB.
I will suggest AFNetworking as a library that is commonly used to communicate with REST services. There should be no need to change your existing server code. AFNetworking is on github.
There are also a ton of posts on StackOverflow about using AFNetworking. Pertaining to the specifics of logging in - look at this User Login With AFNetworking or search further.