I have Qwik City running on Express. Would appreciate if someone could point out the easiest way to do authorization. Is using an Express authentication/authorization middleware possible?
Related
I have an application with Angular in frontend and NodeJs as a Backend.
I want to add a Login/Authentication and Subribtions/Payments to the app and wondering what is the best and easiest solution today. I read about services like Memberstack!?
I also worked with OpenId before and know that some cloud provider got their own solutions.
I wanted to know how can I implement the SSO authentication between multiple applications using the SAML in ASP.NET Core?
Is this a safe and secure way to do it?
If you know the information, better free method or how to implement it, write it down.
Thanks in advance.
I don't think free method exists. Unless you want to implement solution from scratch by yourself, which seems to be a lot of work to do.
So, if it's an option you could use some commercial solutions. I have experience working with ComponentSpace.Saml2. Configuration is pretty straightforward - you need to fill and store a bunch of configuration items such as identity providers' params, certificates data, login and logout endpoints. Then controller needs to be built, containing methods for initiating saml request and processing response from identity provider. That's just infratructure level - of course you'll need to implement authentication service to manage SAML response and to decide how it integrates into your app's architecture.
Well, as you can see, the answer is general, so is the question.
Hope this helps. At least to choose right path to go.
So I am trying to implement an IdentityServer4 for my Project. I followed the instructions I found in the documentation and other sources to setup a very basic IdSrv.
I am still struggling with how I can implement an IdSrv which accepts Windows Credentials from client and authenticate using IdSrv.
Until now I have not found anything which helps. Everything seems to be too complex. Among the IdSrv.Samples are some clues on how to achieve this, but still can't figure out the right way.
Or maybe I understood all the idea false?
Any help and tip would be appreciated.
PS. I am not using IIS or IISIntegration.
The documentation on how to implement this is at Windows Authentication
I'm about to implement the authentication module of my ASP.NET Core application.
I think I already know the answer for the following question, but I just want to make sure I am right, because I have been wrong before about some conceptions of IdentityServer.
Question: Is there ANY benefit of having the clients go through a single-point API that will centralize the access to the IdentityServer?
Answer(?): From what I understand, the IdentityServer is an implementation of the STS in the OpenIDConnect protocol, and the IdentityModel different libraries are yet again an implementation of the protocol, in the client side.
Therefore, even if I replace my IdentityServer with antoher STS - my clients won't have to change, if I configure my new STS to behave the same.
Can anyone approve the above? I'd rather make the mistakes now and not after I start :)
Have done a lot of search and reading over the WEB but could not come to any conclusion yet.
We are planning to develop a list of API's (planning to use ASP.NET WEB API). One of the business goals is to package the API and selling/licensing the Packages/API to end users.
Some thoughts that came to consideration:
Using Authorisation Filters to do check against database, if the user requesting the API has access to it or not. Not very sure of the implementation details yet even on this approach.
Are there any better suggestions or ideas or any open source libraries that we can go with?
What are the possible recommendation or best practices to achieve this.
Thanks in advance.
Please take a look at the following links. Hopefully, they help.
Web API creating API keys
How to secure an ASP.NET Web API