-->![Gopanel 2 web server manager v2 5 0 download Gopanel 2 web server manager v2 5 0 download](https://gopanel.io/uploads/features/10_cron_gp140_copy.jpg)
GoPanel 2 – Web Server Manager v2.5.0. AppStore QR-Code goPanel 2 - Web Server Manager. Developer: Global Web SRL. V2 comes with new. Connect to and manage Linux web servers via a beautiful OS X application, without having to install additional software on your server. GoPanel offers a reliable way to manage Linux Web Servers directly from your Mac’s Desktop / Laptop, an alternative to existing control panel software you install on your Unix based servers for web hosting.
This guide demonstrates how to implement sign-in to Microsoft through an ASP.NET MVC solution by using a traditional web browser-based application and OpenID Connect.
![Gopanel 2 web server manager v2 5 0 download Gopanel 2 web server manager v2 5 0 download](https://gopanel.io/uploads/features/10_cron_gp140_copy.jpg)
When you've completed this guide, your application will be able to accept sign-ins of personal accounts from the likes of outlook.com and live.com. Additionally, work and school accounts from any company or organization that's integrated with Microsoft identity platform will be able to sign in to your app.
In this tutorial:
- Create an ASP.NET Web Application project in Visual Studio
- Add the Open Web Interface for .NET (OWIN) middleware components
- Add code to support user sign-in and sign-out
- Register the app in the Azure portal
- Test the app
Prerequisites
- Visual Studio 2019 with the ASP.NET and web development workload installed
How the sample app generated by this guide works
The sample application you create is based on a scenario where you use the browser to access an ASP.NET website that prompts a user to authenticate through a sign-in button. In this scenario, most of the work to render the web page occurs on the server side.
Libraries
This guide uses the following libraries:
Library | Description |
---|---|
Microsoft.Owin.Security.OpenIdConnect | Middleware that enables an application to use OpenIdConnect for authentication |
Microsoft.Owin.Security.Cookies | Middleware that enables an application to maintain a user session by using cookies |
Microsoft.Owin.Host.SystemWeb | Middleware that enables OWIN-based applications to run on Internet Information Services (IIS) by using the ASP.NET request pipeline |
Set up your project
This section describes how to install and configure the authentication pipeline through OWIN middleware on an ASP.NET project by using OpenID Connect.
Prefer to download this sample's Visual Studio project instead? Download a project and skip to the Register your application to configure the code sample before executing.
Create your ASP.NET project
- In Visual Studio: Go to File > New > Project.
- Under Visual C#Web, select ASP.NET Web Application (.NET Framework).
- Name your application and select OK.
- Select Empty, and then select the check box to add MVC references.
Add authentication components
- In Visual Studio: Go to Tools > NuGet Package Manager > Package Manager Console.
- Add OWIN middleware NuGet packages by typing the following in the Package Manager Console window:
About these libraries
These libraries enable single sign-on (SSO) by using OpenID Connect through cookie-based authentication. After authentication is completed and the token representing the user is sent to your application, OWIN middleware creates a session cookie. The browser then uses this cookie on subsequent requests so that the user doesn't have to retype the password, and no additional verification is needed.
Configure the authentication pipeline
The following steps are used to create an OWIN middleware Startup class to configure OpenID Connect authentication. This class is executed automatically when your IIS process starts.
Tip
If your project doesn't have a
Startup.cs
file in the root folder:- Right-click the project's root folder, and then select Add > New Item > OWIN Startup class.
- Name it Startup.cs.
Make sure the class selected is an OWIN Startup class and not a standard C# class. Confirm this by verifying that you see [assembly: OwinStartup(typeof({NameSpace}.Startup))] above the namespace.
- Add OWIN and Microsoft.IdentityModel references to Startup.cs:
- Replace Startup class with the following code:
Note
Setting
ValidateIssuer = false
is a simplification for this quickstart. In real applications, you must validate the issuer.See the samples to learn how to do that.More information
The parameters you provide in OpenIDConnectAuthenticationOptions serve as coordinates for the application to communicate with Microsoft identity platform. Because the OpenID Connect middleware uses cookies in the background, you must also set up cookie authentication as the preceding code shows. The ValidateIssuer value tells OpenIdConnect not to restrict access to one specific organization.
Add a controller to handle sign-in and sign-out requests
To create a new controller to expose sign-in and sign-out methods, follow these steps:
Gopanel 2 Web Server Manager V2 5 0 Download
- Right-click the Controllers folder and select Add > Controller.
- Select MVC (.NET version) Controller – Empty.
- Select Add.
- Name it HomeController and then select Add.
- Add OWIN references to the class:
- Add the following two methods to handle sign-in and sign-out to your controller by initiating an authentication challenge:
Create the app's home page for user sign-in
In Visual Studio, create a new view to add the sign-in button and to display user information after authentication:
- Right-click the ViewsHome folder and select Add View.
- Name the new view Index.
- Add the following HTML, which includes the sign-in button, to the file:
More information
Gopanel 2 Web Server Manager V2 5 0 User
This page adds a sign-in button in SVG format with a black background:
For more sign-in buttons, go to the Branding guidelines.
For more sign-in buttons, go to the Branding guidelines.
Add a controller to display user's claims
This controller demonstrates the uses of the
[Authorize]
attribute to protect a controller. This attribute restricts access to the controller by allowing only authenticated users. The following code makes use of the attribute to display user claims that were retrieved as part of sign-in:- Right-click the Controllers folder, and then select Add > Controller.
- Select MVC {version} Controller – Empty.
- Select Add.
- Name it ClaimsController.
- Replace the code of your controller class with the following code. This adds the
[Authorize]
attribute to the class:
More information
Because of the use of the
[Authorize]
attribute, all methods of this controller can be executed only if the user is authenticated. If the user isn't authenticated and tries to access the controller, OWIN initiates an authentication challenge and forces the user to authenticate. The preceding code looks at the list of claims for specific user attributes included in the user's ID token. These attributes include the user's full name and username, as well as the global user identifier subject. It also contains the Tenant ID, which represents the ID for the user's organization.Create a view to display the user's claims
In Visual Studio, create a new view to display the user's claims in a web page:
- Right-click the ViewsClaims folder, and then select Add View.
- Name the new view Index.
- Add the following HTML to the file:
Register your application
To register your application and add your application registration information to your solution, you have two options:
Option 1: Express mode
To quickly register your application, follow these steps:
- Go to the new Azure portal - App registrations pane.
- Enter a name for your application and select Register.
- Follow the instructions to download and automatically configure your new application in a single click.
Option 2: Advanced mode
To register your application and add the app's registration information to your solution manually, follow these steps:
- Open Visual Studio, and then:
- in Solution Explorer, select the project and view the Properties window (if you don't see a Properties window, press F4).
- Change SSL Enabled to
True
. - Right-click the project in Visual Studio, select Properties, and then select the Web tab. In the Servers section, change the Project Url setting to the SSL URL.
- Copy the SSL URL. You'll add this URL to the list of Redirect URLs in the Registration portal's list of Redirect URLs in the next step.
- Sign in to the Azure portal by using a work or school account, or by using a personal Microsoft account.
- If your account gives you access to more than one tenant, select your account in the upper-right corner, and set your portal session to the Azure AD tenant that you want.
- Go to the Microsoft identity platform for developers App registrations page.
- Select New registration.
- When the Register an application page appears, enter your application's registration information:
- In the Name section, enter a meaningful application name that will be displayed to users of the app, like ASPNET-Tutorial.
- Add the SSL URL you copied from Visual Studio in step 1 (for example,
https://localhost:44368/
) in Reply URL, and select Register.
- Select the Authentication menu, select ID tokens under Implicit Grant, and then select Save.
- Add the following in the web.config file, located in the root folder in the
configurationappSettings
section: - Replace
ClientId
with the Application ID you just registered. - Replace
redirectUri
with the SSL URL of your project.
Test your code
To test your application in Visual Studio, press F5 to run your project. The browser opens to the http://localhost:{port} location, and you see the Sign in with Microsoft button. Select the button to start the sign-in process.
When you're ready to run your test, use an Azure AD account (work or school account) or a personal Microsoft account (live.com or outlook.com) to sign in.
Permissions and consent in the Microsoft identity platform endpoint
Applications that integrate with Microsoft identity platform follow an authorization model that gives users and administrators control over how data can be accessed. After a user authenticates with Microsoft identity platform to access this application, they will be prompted to consent to the permissions requested by the application ('View your basic profile' and 'Maintain access to data you have given it access to'). After accepting these permissions, the user will continue on to the application results. However, the user may instead be prompted with a Need admin consent page if either of the following occur:
- The application developer adds any additional permissions that require Admin consent.
- Or the tenant is configured (in Enterprise Applications -> User Settings) where users cannot consent to apps accessing company data on their behalf.
For more information, refer to Permissions and consent in the Microsoft identity platform endpoint.
View application results
After you sign in, the user is redirected to the home page of your website. The home page is the HTTPS URL that's specified in your application registration info in the Microsoft Application Registration Portal. The home page includes a 'Hello <user>' welcome message, a link to sign out, and a link to view the user's claims. The link for the user's claims connects to the Claims controller that you created earlier.
View the user's claims
To view the user's claims, select the link to browse to the controller view that's available only to authenticated users.
View the claims results
After you browse to the controller view, you should see a table that contains the basic properties for the user:
Property | Value | Description |
---|---|---|
Name | User's full name | The user's first and last name |
Username | user@domain.com | The username that's used to identify the user |
Subject | Subject | A string that uniquely identifies the user across the web |
Tenant ID | Guid | A guid that uniquely represents the user's Azure AD organization |
Additionally, you should see a table of all claims that are in the authentication request. For more information, see the list of claims that are in an ID token.
Test access to a method that has an Authorize attribute (optional)
To test access as an anonymous user to a controller that's protected by the
Authorize
attribute, follow these steps:- Select the link to sign out the user, and complete the sign-out process.
- In your browser, type http://localhost:{port}/claims to access your controller that's protected by the
Authorize
attribute.
Expected results after access to a protected controller
You're prompted to authenticate to use the protected controller view.
Advanced options
Protect your entire website
To protect your entire website, in the Global.asax file, add the
AuthorizeAttribute
attribute to the GlobalFilters
filter in the Application_Start
method:Restrict who can sign in to your application
By default when you build the application created by this guide, your application will accept sign-ins of personal accounts (including outlook.com, live.com, and others) as well as work and school accounts from any company or organization that's integrated with Microsoft identity platform. This is a recommended option for SaaS applications.
To restrict user sign-in access for your application, multiple options are available.
Option 1: Restrict users from only one organization's Active Directory instance to sign in to your application (single-tenant)
This option is frequently used for LOB applications: If you want your application to accept sign-ins only from accounts that belong to a specific Azure AD instance (including guest accounts of that instance), follow these steps:
- In the web.config file, change the value for the
Tenant
parameter fromCommon
to the tenant name of the organization, such ascontoso.onmicrosoft.com
. - In your OWIN Startup class, set the
ValidateIssuer
argument totrue
.
Option 2: Restrict access to users in a specific list of organizations
You can restrict sign-in access to only those user accounts that are in an Azure AD organization that's on the list of allowed organizations:
- In your OWIN Startup class, set the
ValidateIssuer
argument totrue
. - Set the value of the
ValidIssuers
parameter to the list of allowed organizations.
Option 3: Use a custom method to validate issuers
You can implement a custom method to validate issuers by using the IssuerValidator parameter. For more information about how to use this parameter, see TokenValidationParameters class.
Help and support
If you need help, want to report an issue, or would like to learn about your support options, see Help and support for developers.
Next steps
Learn about calling protected web APIs from web apps with the Microsoft identity platform:
-->by Jim van de Erve
Summary
In this walkthrough, we will show steps for installing and configuring Web Deploy on IIS 8.0 or later for administrator or non-administrator deployments. This means the steps necessary to enable a client to use Web Deploy to publish Web site content to the server, even if the client does not have administrator credentials for the server.
Windows 8.0 and 8.1 do not come with the Web Management Service that is required for remote connections. For more information, see Remote Publishing Cannot Be Set up on Windows 8.0 or 8.1.
Installing Web Deploy
You can install Web Deploy by using the Web Platform Installer (Web PI) or the Web Deploy MSI.
- Use the Web Platform Installer (Web PI) to install the Recommended Server Configuration for Web Hosting Providers, which includes Web Deploy
- Use Web PI to install Web Deploy separately (with or without its dependencies)
- Use the Web Deploy installer.
Installing Web Deploy as Part of the Recommended Server Configuration for Web Hosting Providers
When the Web Platform Installer installs the Recommended Server Configuration for Web Hosting Providers, it configures the web server with the most common deployment for web hosting providers. This package makes sure that the IIS 8.0 or later prerequisites required for Web Deploy are installed. Dependencies such as SQL Server Management Objects and SQL Server are selected automatically for installation, and installed with the Web PI prerequisites, such as the Web Service Management Handler. The package includes some optional components, such as PHP and MySQL, that you can choose not to install with this bundle by clicking the X next to them.
The Recommended Server Configuration for Web Hosting Providers can be installed on Windows 2012 Server or later. For information about installing on earlier versions of Windows Server with IIS 7, see Installing and Configuring Web Deploy on IIS 7.
- Download the Web Platform Installer.
- Open Web PI.
- In Web PI, click in the search bar in the upper-right hand corner, enter 'Recommended' in Search, and press Enter.
- Select Recommended Server Configuration for Web Hosting Providers, and then click Add.
- Click Install.
- On the Prerequisites page, click I accept.
- After the installation has completed, click Finish.
Using the Web Platform Installer to install Web Deploy Separately
You can install Web Deploy separately with its dependencies, such as the Web Management Service (WMSvc). You can install the following versions of Web Deploy.
- Web Deploy 3.5 without bundled SQL: Installs Web Deploy alone.
- Web Deploy 3.5: Web Deploy plus support for SQL database publishing
- Web Deploy 3.5 for hosting servers: Web Deploy plus IIS/ASP.NET dependencies and support for SQL database publishing. This includes dependencies to install base IIS plus Management Service (required for non-admin publishing) and PowerShell 2.0 or later (used to do some basic non-admin publishing setup during install).
If you install Web Deploy directly in Web PI, rather than as part of the Recommended Server Configuration for Web Hosting Providers, the dependencies required for Web Deploy may not be installed.
Using Web PI, Web Deploy can be installed on Windows 2012 Server or later, or Windows 8.0 or later. For information about installing on earlier versions of Windows Server or Windows with IIS 7, see Installing and Configuring Web Deploy on IIS 7.
To install Web Deploy separately using Web PI:
- Download the Web Platform Installer.
- Open WebPI on your desktop.
- Click in the search bar in the upper-right hand corner, enter 'Web Deploy', and press Enter.
- Select the Web Deploy that you want, and then click Add.
- On the Prerequisites page, click I accept.
- After the installation has completed, click Finish.
Using the Web Deploy Installer to Install Web Deploy
You can install Web Deploy directly using the MSI installer. Using the MSI directly is generally not recommended for the novice user, as recommended or required dependent products may need to be installed separately. The following limitations may create issues when using the MSI instead of Web PI to install Web Deploy on servers:
- The MSI will not install SQL Shared Management Objects (SMO), which is required for the SQL Server database deployments. This component may be installed using Web PI to enable SQL Server database deployments.
- The MSI will not install the Web Management Service handler component if the Web Management Service is not installed. The handler component is necessary for non-administrator deployments. Windows component IIS, including Management Service, should be installed first to enable the handler component to install.
- When Web Deploy is installed directly using the Web Deploy MSI, the Web Management Service will not be configured for non-administrator deployments, unless PowerShell v2 or later is installed.
Using the Web Deploy Installer, Web Deploy can be installed on Windows 2012 Server or later, or Windows 8.0 or later.
To install Web Deploy from the .msi file:
- Go to the Web Deploy download page.
- On the Web Deploy download page, move to the Download Web Deploy section, and for the language you want, select x86 or x64.
- Run the Web Deploy .msi, and move through the installer wizard, selecting the features that you want in the Custom Setup page.
Configuring a Site for Delegated Non-Administrator Deployment
After installing Web Deploy, all server-level configuration is complete for non-administrator publishing; however, additional configuration is required at a site level. This site configuration can be accomplished using PowerShell or IIS Manager, as described below.
Remote Publishing Cannot Be Set up on Windows 8.0 or 8.1
You cannot set up remote publishing using Web Deploy for a site that is hosted in IIS on Windows 8.0 or 8.1. The reason is that the client SKUs for Windows do not come with the Web Management Service that is required for remote connections. As a result, on Windows 8.0 or 8.1, the IIS Manager Permissions icon and the Configure Web Deploy Publishing deployment option that are required to configure remote publishing are not available in the IIS Manager.
When you use the Add Roles and Features wizard to install the Management Service role on Windows Server 2012 or later, the Web Management Service is installed and enabled. The IIS Manager Permissions icon is available for a Web site in the Management area of the IIS Manager, and the Configure Web Deploy Publishing deployment option is available in the Deploy menu for a Web site in IIS Manager. With these features, the Web Management Service allows you to configure publishing to a Web server from a remote computer using Web Deploy.
Using PowerShell to configure Web Deploy for a Non-Administrator
- Create a new site or set permissions on an existing Web site for a new or existing non-administrator user using Web Deploy PowerShell scripts. For more information, see PowerShell Scripts for Automating Web Deploy Setup and Web Deploy PowerShell Cmdlets.
Using the IIS Manager to configure Web Deploy for a Non-Administrator
The following steps configure publishing on an existing site for an existing user using the IIS Manager UI.
- Start IIS Manager (open Server Manager, click Tools, and then open IIS Manager.
- Expand the Sites node and click a site.
- In the Management area of the site's home pane, double-click IIS Manager Permissions. Myriad 4 2 1 – audio batch processors.
- In the Actions pane, click Allow User. Man reader 1 8.
- In the Allow User… dialog box, with Windows selected, click Select.
- In the Select User or Group dialog box, in Enter the object name to select, enter the name of a non-administrator Windows user who will have publishing permissions to the site, with domain. Click Check Names, and then after the name has been verified, click OK.
- In the Allow User… dialog box, click OK.
- Verify that the name with domain is entered in the IIS Manager Permissions pane.
- Right-click the site that you are configuring, point to Deploy, and then click Configure Web Deploy Publishing... The following UI will appear:Note: If the Deploy command is not shown in the menu for a site, close and then reopen IIS Manager.
- Click the down arrow for Select a user to give publishing permissions, and select the user that you entered for IIS Manager Permissions.
- Click Setup.The following log lines will appear:
- Publish enabled for 'NonAdminUser'
- Granted 'NonAdminUser' full control on
C:inetpubwwwroottest
- Successfully created settings file
C:UsersjanedoeDesktopCONTOSO_johndoe_Default Web Site.PublishSettings
The non-administrator Windows user (NonAdminUser) may now publish to the site.
Install and Configure Web Deploy for Administrator deployments
Requirements:
Install Web Deploy using one of the procedures described above.
Troubleshooting Common Issues:
- If you are upgrading an existing installation of Web Deploy, make sure to restart the handler and agent services by running the following commands at an administrative command prompt:
- net stop msdepsvc & net start msdepsvc
- net stop wmsvc & net start wmsvc
- Make sure your firewall allows connections to the service you are using. By default, the Web Deployment Agent Service (MsDepSvc) listens on port 80, and the Web Management Service (WmSvc, also called the 'handler') listens on port 8172 by default.
- You must run MsDepSvc by using the built-in Administrator account, or from a domain account that has been added to the Administrators group. A local administrator which is not the built-in account will not work with MsDepSvc.
- Check to see if .NET 4.0 has not been registered with IIS:Symptoms: .NET 4.0 is installed, but there are no .NET 4.0 application pools or handler mappings in IIS. You cannot browse to applications that use .NET 4.0 (for example, applications based on WebMatrix's site template applications) after you publish them.Cause: Your machine had .NET 4.0 installed on it before IIS was installed.Solution: Run the following command to register .NET 4.0 with IIS:
%systemdrive%WindowsMicrosoft.NETFramework64v4.0.30319aspnet_regiis.exe -iru