.net webapi OAuth2 - entity-framework

I am making an API in .net that is using WebApi. The API is going to be consumed by an adroid native application. I would like to implement OAuth2 for authentication however I don't want to use Entity Framework and the baked in implementation when you create a project seems to use that. Is there an easy way to implement the OAuth2 modules without the Entity Framework integration or do I have to try and write my own classes that implement the same interfaces as the user classes in Entity Framework?

You don't need to. That's just there for convenience. First, you need to understand how OAuth works from an Authentication Server perspective. I have a feeling you are using OWIN.
In that case, you need to enable OAuthAuthentication and use their delegates to intercept when clients are calling your API for authentication (so that you can generate a token). Then you just authenticate against a database... worst case scenario you can do.. "SELECT u, p from Users where u = 'user' and p = 'password'.... My point is that you don't need Entity Framework at all. Once you have a valid user, then you create a token, add some claims to it and send it back. Done. There are plenty of examples online.

Related

Securing Rest API content using .Net Identity Framework

Can anyone provide direction on how to add a Rest API to an existing Azure .net website as an alternative to receive private information? Like many website, we already have good U&P authentication via .Net Identity Framework over SSL to protect the U&P and content.
There are a lot of .net C# websites that have implemented the .net U&P framework that works great over SSL. With the proliferation of Rest APIs, we need to provide these users capability to login with their already existing credentials via Rest API so how can we simply extend this?

Using AspNetSqlMembershipProvider in MVC5

working with MVC5 and trying to integrate AspNetSqlMembershipProvider than the default provider or simple membership provider.
Is that possible to use AspNetSqlMembershipProvider with MVC5? All login and register codes looks clumsy and I am not able to figure out what exactly UserManager. I did all necessary alterations in the web.config level, still my users are not validating with the SQL Database which we have created.
AspNetSqlMembershipProvider is deprecated.
ASP.NET Universal Providers is an updated version of ASP.Net Membership Provider.
Is that possible to use AspNetSqlMembershipProvider with MVC5?
Yes you can use ASP.NET Universal Providers in MVC5. If you have used ASP.Net Membership Provider in WebForm previously, they basically are same except you cannot get Async and Await.
All login and register codes looks clumsy and I am not able to figure
out what exactly UserManager.
You do not need to use UserManager which is used by ASP.net Identity.

Web API2 authentication against a REST service

We would like to use the new authorization/token system of Web API2 and have upgraded to MVC5/Web API2.
There is an internal REST API that does authentication already that we would like to reuse. Essentially it takes uid/pwd and some additional profile parameters and returns true/false.
Question: how to hook up an authentication filter against that service instead of the default Entity Framework 6 DB-based Identity store?
I looked at UserManager class and it is unclear this is the right path.
Hope following video answer your question.
http://www.pluralsight.com/training/Courses/TableOfContents/webapi-v2-security

How to login on ios device with django server?

I am making an ios app that requires a webservice. The webservice will be using an already-in-place and completely unchangeable (for my purposes) database that is handled by Django. I know how to set up the UI and develop apps in general, but how do I manage the backend side / client side for login? I noticed some people talking about TastyPie when I researched the topic but I am unsure about what exactly that entails. I've been using php for the rest of the service - would using TastyPie make me write it in some other language? Is TastyPie really necessary?
Furthermore, I saw someone say that one may just put a UIWebView and then take the cookie out of it when the login. Is that feasible? It sounds like the easiest option.
Thanks for any help!
Tastypie is just a Python Django framework to help developers write REST APIs easily.
Yes using Tastypie will make you write APIs in Python. Tastypie is not necessary to write REST APIs.
In your case since you can not change the database. I would suggest you to write REST API in Python Django and use django.auth login method after authenticating the credentials. login method will create the session key for you. You can send back that key in response and then pass that key to all the subsequent REST API calls. Do not use Tastypie for writing this API as Tastypie will require you to add some tables in the DB.
I will suggest AFNetworking as a library that is commonly used to communicate with REST services. There should be no need to change your existing server code. AFNetworking is on github.
There are also a ton of posts on StackOverflow about using AFNetworking. Pertaining to the specifics of logging in - look at this User Login With AFNetworking or search further.

Module access in Sugar CRM - difference (non-admin) between soap and web?

We've a custom rigging of Sugar (using GWT for various front end stuff), and we use the SOAP API for much of our querying (vs. directly to the DB).
One of the API calls to check credentials is get_available_modules, which returns all available modules for a given user. How could a user have access to a module in the web interface, but not via a SOAP call (same session id?).
Not entirely sure on your question. Do you want a user to hve access to one set of modules from web and another set via soap? Or is there a difference on you setup?
First off, there should not be a difference between a user's available modules on web and soap calls.
If you want a different set for each access method, you need to change e.g. "get_available_modules" in the soap web service. One crude approch could be to make an override array in config_override.php abd check against that array in the soap function.