0

So this is my first question on SO and this is my issue...

I have made a widows form app in visual studio for the Client of an organisation application(Like JIRA but not..). I am using a SQL server DB to save data and signal-r to communicate. A user must open the application and be hailed by a msgbox asking for name and pw. Using these creds I need to verify that the user is in the database and that the creds are correct. At the moment I send the data to the server and then check that the creds are valid and then return a bool indicating if it was successful or not, but I'm sure that's not the best way to do it... I've done near to no security(i just started as a junior dev) and have no idea where to start from a security stand point. i would like to save the users names and pw's in the Database as well as the connection id, but I'm not sure what to use. there are lots of examples out there (OAuth,certificate, etc.. (those might be the same thing for all I know right now)) Maybe a few examples would help, I've googled most everything I could think of and have come up with very few examples that are relevant to what i need. Maybe I'm just asking the wrong questions, but some/any help would be nice.

Thanks LegenBerry

LegenBerry
  • 3
  • 3

1 Answers1

0

As you have mentioned that your are using SignlR I assume you are using OWIN to host the application.

You should be relying on ASP.NET Identity to perform authentication and authorization.

You may follow the steps documented at https://brockallen.com/2013/10/24/a-primer-on-owin-cookie-authentication-middleware-for-the-asp-net-developer/ to write a simple cookie based authentication.

Ramesh
  • 13,043
  • 3
  • 52
  • 88
  • Thanks, that did help, i do have a better understanding of OWIN now, but, this is a desktop application, not using mvc, using windows forms application unless i need to use mvc in this somehow, if so I'm really lost... – LegenBerry Mar 27 '17 at 12:04
  • I would suggest to use Token Based authentication and follow the steps giveb in http://bitoftech.net/2014/06/01/token-based-authentication-asp-net-web-api-2-owin-asp-net-identity/ – Ramesh Mar 28 '17 at 06:29
  • http://stackoverflow.com/a/38670221/30594 Please look at this SO Answer for more details on how to use token – Ramesh Mar 28 '17 at 07:01
  • http://www.c-sharpcorner.com/UploadFile/ff2f08/token-based-authentication-using-Asp-Net-web-api-owin-and-i/ – Ramesh Mar 28 '17 at 07:02
  • The token based auth seems to be best for what i need. Thanks for all the help! – LegenBerry Mar 28 '17 at 09:46