I'm separating one super-large Blazor app (an English education site) into two separate solutions for independent development: the main educational site, and a second gaming app.
Given that the two are hosted as apps under the same IIS site, will they share their login credentials? If not so by default, is there any way to achieve this?
Specifically, I want someone who is currently signed in under the main app to be able to navigate to the gaming section under the same credentials, but I want oustide users (who may not even know about the educational site) to be able to register and login to the gaming app.
Both apps share the same SQL database, and use the default Blazor identity system.
Yes, you can integrate with external authentication services. That will serve as centralized login service.
Azure B2C for example:
https://learn.microsoft.com/pt-br/aspnet/core/blazor/security/webassembly/hosted-with-azure-active-directory-b2c?view=aspnetcore-7.0
There are others services like aws aws cognito. Also you can create your own authentication service.
Related
I programmed a web app and now i need to deploy it for my organization. There are 500 potential users. What factors i need to consider before the deploy? There's an easy way to deploy it? there are limitations to consider? what risks there are? there are a model or can you give tips or experiences for the deployment?
There are no definable risks or dangers, it all depends on what your application does.
When you choose who are the users authorized to access, you will inevitably have to select anyone within your organization, otherwise only you (or the account with which the script was created) will be able to access. While as for the execution mode, you will have to choose how you or the user who accesses the application. This is important because if the application accesses an external service, such as Google Analytics, it can do so as the user with whom the application was generated or as the user who is accessing the application. Based on that selection you will see the Analytics data of one or the other Account.
So it all depends on what your application does and how it is to be used.
Im currently in the process of switching to google compute engine for my web hosting because my current provider performance has been deteriorating over time. Giving me more flexibility to upgrade as I need to.
Ive got my website setup and working on the engine. But the next steps need to go smoothly to ensure my customers don't experience any downtime.
I have a few things I need to work out:
- Does google have a way of managing email addresses at your own domain? Then I can just send or receive from gmail.com or another email client on my domain? Or do I have to setup a email server in my VM? If so is there any way to setup a cpanel like management software on it?
- To my understanding I should just have to call my current provider to ask them for my SSL certificates and for them to switch my domain over to google and then point it to my VM? or is there something I'm missing here?
Are there any simple ways to ensure my server says secure when I'm managing it myself other then just updating packages manually? Like a website I can use to track known security problems with the packages I have installed?
Edit:
Please read Dan Cornilescu's comment on this question about setting up your own custom domain email. He said it can possibly be managed using google apps.
On the topic of SSL/Domains I called my current provider and they said they would help me switch over if its what I decided. They also upgrading my hosting plan and things seem better now and are comparable to the performance I was getting on my google VM so Ill be trying that for now.
I have two applications one is a business process management (BPM) & the other is a document management system (DMS) , both systems exposes web services to enable integration with other systems. Both system provide a master login username and password to provide JSON API Authentication. for example to start a process ("process1") inside the BPM ; the DMS can send the following API call
/jw/web/json/workflow/process/start/process1?master_username=BPMadmin&master_password=982716171717&loginAS=currentusername
and same apply for calling DMS web services.
The limitation in this security approach is that i am unable to call any of the DMS or the BPM web services using JavaScript and consume the returned JSON using javaScript, since if i follow the javaScript approach i will be exposing the master_username & master_password to the end users and they can manually modify the LoginAs parameter to other usernames and perform actions they are not authorized to do.
so my questions are:-
Can i make the web service calls secure using JavaScript?
second question what other security approaches i can follow to make the web services calls secure using javaScript? baring in mind that i can modify the webs service security to other approaches rather than using master login username and password, but this might require more time and effort from my side?
Thanks in advance for any help
Best Regards
First of all JS is client side and does not include any special security/magic/irreversible functions, like browser aided crypto engine, high grate SPRNG for key generation and so forth. So long story short anything you do with js is not secure it can be obfuscated but it will be NOT SECURE. That is the point you already made. Another more approach is to use your server as 'proxy'. So lets say You are designing an JS aided gui and show some documents ro so, then you make an AJAX request to your app server (not BPM nor DMS) and it acts as proxy that will do the authentication against DMS and call WS and then return the result back to your JS :) So your setup would look like JS (session)-> App (ws auth)-> DMS -> App (sesion)-> JS (I assume you have authenticated user and we'll use users session as JS <-> server secure channel, if not you will have to incorporate some other js auth mechanism maybe one time pass or something but it will be easy because it is your system). And voila. Only security consideration is to not allow anyone to call your servers proxy site :)
I am new to web development, I've learned php, mysql and javascript. I'm trying to make a website that uses facebook authentication and login. At the moment, I'm still working on localhost and am running xxamp. Is there any way to use the facebook development tools on a localhost? Or would it be simpler if I made my own mysql user database?
Thanks
Facebook authentication working same way in local environment as it working in every other place (just configure application using local URL's for "Canvas URL" and/or "Site URL"). To achieve this you may use both PHP-SDK and JS-SDK for that. See examples for PHP-SDK how-to implement authentication of user.
There is however functionality like social channels for which you'll need that Facebook be able to reach the machine your app running on (this may be solved with a bit of effort too)...
I've got a Windows Azure project I'm working on. It has two web roles - one is a public-facing site, and the second is an administration site for my customer to make changes to the database etc.
I had expected to be able to use a subdomain for each role - so for example have mysite.com and admin.mysite.com (obviously CNAME-mapped to the .cloudapp.net DNS name). However it looks like Azure doesn't do this, and instead has one subdomain (mysite.com) with different ports for each web role. So, for example, I would have mysite.com:80 for the main public site, and mysite.com:8080 for the administration.
Is this correct? Is there no way I can have subdomains for particular web roles?
Thanks in advance
John
This is correct. You can, of course, respond to both subdomains in a single role. But multiple web roles in Windows Azure correspond to multiple ports on the same virtual IP address.