Dominik Pinter, dominikp@kentico.com CMS.IO, Authentication Dominik Pinter, dominikp@kentico.com.

Slides:



Advertisements
Similar presentations
FIspace Security Components FIspace Security Components NetFutures 2015 FIspace project Javier Romero Negrín Javier Hitado Simarro ATOS Serdar Arslan KoçSistem.
Advertisements

CIS 451: ASP Sessions and Applications Dr. Ralph D. Westfall January, 2009.
1 Trillion Azure AD authentications since the release of the service 50 M Office 365 users active every month >1 Billion authentications every.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Chapter 2: Application layer  2.1 Web and HTTP  2.2 FTP 2-1 Lecture 5 Application Layer.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
OmStore Cloud API Harshit Agarwal Sohil Habib. About Us ●We are graduate students at CMU ●Currently at CMU Silicon Valley campus ●Working part time with.
GRDevDay March 21, 2015 Cloud-based Identity for Applications.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
OAuth-as-a-service using ASP.NET Web API and Windows Azure Access Control Maarten
Session 11: Security with ASP.NET
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
M i SMob i S Mob i Store - Mobile i nternet File Storage Platform Chetna Kaur.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Python and REST Kevin Hibma. What is REST? Why REST? REST stands for Representational State Transfer. (It is sometimes spelled "ReST".) It relies on a.
FIspace SPT Seyhun Futaci. Technology behind FIspace Authentication and Authorization IDM service of Fispace provides SSO solution for web apps, mobile.
1 Web services and security ---discuss different ways to enforce security Presenter: Han, Xue.
Using the Bookshare API July Why do it? Developed in 2008, provides 3rd party developers access to Bookshare functionality in any application It.
Dr. Mustafa Cem Kasapbaşı Security in ASP.NET. Determining Security Requirements Restricted File Types.
Module 11: Securing a Microsoft ASP.NET Web Application.
Slide 1 ASP Authentication There are basically three authentication modes Windows Passport Forms There are others through WCF You choose an authentication.
PV247 – Development I Introduction to ASP.NET and related technologies.
G CITRIXHACKIN. Citrix Presentation Server 4.5 New version is called XenApp/Server Common Deployments Nfuse classic CSG – Citrix Secure Gateway Citrix.
Ins and Outs of Authenticating Users Requests to IIS 6.0 and ASP.NET Chris Adams Program Manager IIS Product Unit Microsoft Corporation.
Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.
Observations from the OAuth Feature Survey Mike Jones March 14, 2013 IETF 86.
THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.
Access Management 2.0: UMA for the #UMAam20 for questions 20 March 2014 tinyurl.com/umawg for slides, recording, and more 1.
SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.
Securing Angular Apps Brian Noyes
Agenda Pattern Authenticate a user against UCWA Operations happen using the user’s identity Interact with the UCWA service endpoint Make HTTP requests.
Configuring and Deploying Web Applications Lesson 7.
API Auth By Kyle Bradley. Role Definitions  User (Resource Owner)  The resource owner is the person who is giving access to some portion of their account.
WEB-API & MVC5 - Identity & Security Mait Poska & Andres Käver, IT Kolledž 2014.
Personalizing Web Sites Nasrullah. Understanding Profile The ASP.NET application service that enables you to store and retrieve information about users.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Secure Mobile Development with NetIQ Access Manager
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
Wes Hackett Principal Solutions Architect Chris O’Brien Head of Development.
THE API AN INTRODUCTION TO THE MINISTRYPLATFORM APPLICATION PROGRAMMING INTERFACE STEPHEN WAREHAM.
Building Azure Mobile Apps
ArcGIS for Server Security: Advanced
SharePoint Authentication and Authorization
Federation made simple
HTTP – An overview.
The Hypertext Transfer Protocol
API Security Auditing Be Aware,Be Safe
Migrating SharePoint Add-ins from Azure ACS to Azure AD
WEB-API & MVC5 - Identity & Security
Fundamentals of WEB Programming
Jim Fawcett CSE686 – Internet Programming Summer 2005
Introduction Web Environments
Debugging Your Website with Fiddler and Chrome Developer Tools
Exam : Implementing Microsoft Azure Infrastructure Solutions
HTTP Protocol.
HTTP, RESTful Web Services, HTTP and REST Tools: Postman, Fiddler
File Transfer Protocol
IOS SDK v1.0 with NAM 4.2.
What is OAuth and Why?.
CS320 Web and Internet Programming Cookies and Session Tracking
Office 365 Identity Management
CS3220 Web and Internet Programming Cookies and Session Tracking
Office 365 Development.
CS3220 Web and Internet Programming Handling HTTP Requests
HACKIN G CITRIX.
ADUG 21-Oct 2013 Grahame Grieve
CS3220 Web and Internet Programming Cookies and Session Tracking
HTTP Hypertext Transfer Protocol
D Guidance 26-Jun: Would like to see a refresh of this title slide
Presentation transcript:

Dominik Pinter, dominikp@kentico.com CMS.IO, Authentication Dominik Pinter, dominikp@kentico.com

Agenda CMS.IO: Implementation details Pitfalls Authentication: HTTP basic authentication ASP.NET Forms authentication OAuth

CMS.IO implementation details How to start? Provider registration REST API vs. Client SDK vs. Own wrapper Recommended object model Storage features and characteristics Root directory object Flat structure Default properties Shared storage between servers Recommended object model - ukazat

CMS.IO – Writing a provider - pitfalls Authentication and authorization How to create directory? Where to store file metadata? Datacenter time zone What to do if File does not exist? (AKA System.IO related stuff) Connection to storage service is lost? (AKA storage related stuff)

CMS.IO - demos Provider registration Working with CMS.IO File creation/deletion Directory creation/deletion Web.config -> Amazon registration c:\inetpub\wwwroot\Final70SC\CMS\CMSModules\System\Files\System_FilesTest.aspx.cs Ukazat třeba na Amazonu

HTTP basic authentication Support in HTTP protocol HTTP response 401 User name and password encoded in Base64 Not safe without SSL (HTTPS) GET http://localhost/page HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 … Accept: text/html,application/xhtml+xml,application … Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Authorization: Basic dXNlcjpwYXNzd29yZA== Fiddler + localhost/Final7.0/rest

ASP.NET Forms authentication Built in ASP.NET Uses forms and HTTP POST Cookie based Configurable through web.config Integrated with ASP.NET membership provider

OAuth - basics An authentication mechanism for web applications/web services Problem: 3rd applications built upon existing web services, for example social networks need access to your an user account. The user doesn‘t want to give them an user name and a password. Solution: The original web service can give them a temporary token for accessing the user account. OAuth 1.0 - RFC 5849 http://tools.ietf.org/html/rfc5849 OAuth 2.0 – draft http://tools.ietf.org/html/draft-ietf-oauth-v2-31

(Original webservice) OAuth – how it works ReverseTweet (3d party application) 5 1 2 3 Twitter (Original webservice) User (Browser) 4 User sends request to 3rd party application 3rd party application requests access token User is redirected to original web service User authenticates by user name and password to original web service 3rd party application gets the access token

OAuth - demo ReverseTweet ReverseTweet -> Demo + kod + web twitteru

Homework File manipulation CMS.IO Create file Delete file

Q&A ?

Thank you http://www.kentico.com http://devnet.kentico.com dominikp@kentico.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.