What is the best practice to map/name OAuth scopes to Web API methods of...
Hi,What is the best practice to map/name OAuth scopes to Web API methods of controllers?
View ArticleASP.Net Forms Authentication failing if login page is default page
I have a Forms secured site where I decided to rename the classic login.aspx to default.aspx, and now the login does not react to input unless I browse to /default.aspx. Browsing to...
View ArticleSecurely calling an asp.net mvc action method Using WebClient or calling it...
I have the following ScanServer() action method inside my asp.net mvc web application, which exposes a WebService :-[HttpPost] public async Task<ActionResult> ScanServer(string FQDN) { string...
View ArticleClaim in OAuth Scopes - Identity Server 3
I noticed that in model for Scopes in Identity Server 3, there is a claims inside the scope.But, I did not notice this in the spec for OAuth. 1. Is this something specific to Identity Server 3 or...
View ArticleHow to authenticate internet users using active directory?
Hi,I am developing an internet site but I was asked to use credentials in active directory to authenticate users - the single-sign on. When users inside our network, they should be automatically...
View ArticleASP.NET Membership adapter to work over ASP.NET Identity database
Is there a way to create an ASP.NET Membership provider which uses ASP.NET Identity internally?Or may be there is one already?This could be usefull if you have two applications, one of them using the...
View ArticleHow to get client user personal details
How to get client user personal details when users visited our site. We get their IP address,Mac ID,Internet connection provider,Browser,Location,everithing for security in ASP.net Please give me full...
View ArticleAutomatic Login - Redirect to Error page for non Active directory user
Hi All,I am having Windows authentication enabled application. I have configured for Automatic log on in IE for Active directory users by adding an IIS Server IP address in Intranet Zone in IE, That is...
View ArticleIssuing SAML 2.0 Authentication Request
Is there any library/example I could use to issue SAML 2.0 AuthnRequest ? I am using .NET 4.6
View ArticleIdentity Server 3 - Best practice for securing Custom User Service, Custom...
Hi,What is the best practice for securing Custom User Service, Custom Scope Store and Client Store?Should I add by default "admin" user with appropriate "admin" scope?
View ArticleServer logs me in as different user
Hi, I have windows authentication setup on numerous ASP.NET websites on my web server. When I navigate to an application, it thinks I am logged in as Joe Bloggs rather than Dan Dare, if I query what...
View ArticleOAuth 2.0 custom provider
Good day to anyone reading.I am starting a project where I'm required to implement OAuth 2.0 protocol using our own server acting as both an authorization and resource server.I did some initial...
View ArticleForms Authentication redirecting to login after accessing different application
I have 3 asp.net webforms application using Forms Authentication on the same server, same domain. They share a machineKey for encryption/decryption of the authentication cookie. Application1 and...
View Articlehow to restrict the users from the outside domain for website which uses...
We have a website which is exposed to internet with asp.net MVC 3 with forms authentication. The users are not accessing the website using their domain emailds , they have seperate usernames.Here our...
View ArticleBack end Security Architecture
We are grappling with how best to architect our back end servers for best security. I think one of best practices is to separate your web server/s from your internal network (in their own DMZ) but...
View ArticleOauth scopes clarification
After reading OAuth spec couple of time, I am struggling to understand the relation between clients, owners and the scopes for all possible scenarios.The scope it self is clear to me, but the relation...
View ArticleSave password in table
HiI want to create a login system to my website. How can I save the password of the users of my website? I don't want to see the password of the users.thank you
View ArticleHow do I use session to get userid and use it to insert records
How do I use session to get userid and use it to insert records. Any examples?
View ArticleASP. NET licencing for closed envieroment
We have an ASP.net web forms application which we need to deploy to clients who are inside closed VPN network enforced by strict security police.Right now we do not have any licencing system.What we...
View ArticleVisual Studio 2015 vs Visual Studio 2013 Windows Authentication
I spent the entire day and move my entire project back down to Visual Studio 2013 from VS Studio 2015 which uses framework 4.0. I used same Windows 2012 server IIS 8.0 one VS 2015 the other VS 2013...
View Article
