I need to make my new ASP.NET Core Blazor WASM application authenticate with our on-prem ADFS/WSFederation servers. Specifically, it needs to automatically log-in users that are already logged into our AD domain, without making them go to a login page. Basic single sign on behavior. (This is how ASP.NET worked by default with ADFS/WSFederation)
I can get SSO to work without using Identity, and I get get Identity to use a log-in screen that will allow you to choose a WSFederation server as an external log-in provider, but that still begins at a log-in screen.
Can ASP.NET Core Identity work in an SSO configuration (no login screens appear for domain users), or is Identity built on the assumption that Log-in screens will be used? If it can be done, how is that set up? If I can't use Identity, can I still use other middleware like Authorization?
Related
I am working on a new ASP.NET Core Blazor application that I am basing on the BlazorHero clean architecture template.
The major modification that I need to make is the switch from its ASP.NET Core Identity based system to relying on WS-Federation SSO authentication.
My initial goal is to get the app to stop using the login screen. (Which is caused by the
App.razor in the Blazor Client sending unauthorized users to login) What do I need to modify for the app to go to the home page rather than the login screen?
My second goal is to get the user service to return the current user information from our Ws-Federation server. I can write the code that will populate the current user from Ws-Federation. How/where do I tell the Identity service what I want it to return for the current user?
My assumption is that I will need to re-write (at minimum) the IdentityService.cs, the UserService.cs and the RoleService.cs files.
I have selected Individual User Accounts while creating Blazor application. I have no idea where I can modify the Login page that was created, the file with source dode is not available anywhere.
How to modify Login page in that scenario?
When choosing your configuration the created template gets delivered with IdentityServer and ASP.NET Core Identity. IdentityServer makes the Endpoint OpenID/OAuth compatible. This is needed for the Blazor WebAssembly app to streamline the process of getting a token, validating it etc. ASP.NET Core Identity is used to save and retrieve the users from the database, loging them in by setting a Cookie and checking the correctness of provided passwords, hashing them etc. This link answers how you can modify the default Razor Pages delivered when an app with ASP.NET Core Identity is created.
Where are the Login and Register pages in an AspNet Core scaffolded app?
I really need your help. I am trying to implement IdentityServer4to generate tokens for authenticated users giving them access to the web application. However, I have set my IdentityServer Project in its own solution. Then I have a web application that runs. What I need to implement is:
1.Using Identity user signs in.
2. if successful redirect to identity server4 to generate token
3. Redirect back to application with genrated tok
You will have to add in IdentityServer configuration web application as a client with scopes. Please see here:
http://docs.identityserver.io/en/latest/topics/clients.html
https://github.com/IdentityServer/IdentityServer4/tree/main/samples/Quickstarts/2_InteractiveAspNetCore/src
Is it possible to integrate FIDO2 WebAuthn with Blazor Web Assembly authorization and Identity Server? I am able to use FIDO2 to log in directly to Identity, but I cannot see how to use FIDO2 with my Blazor OIDC connection logic.
Yes, I have gotten everything working well. Basically I use the ASP.NET Core Identity pages - login, Enable2FA, etc. - to manage the registration and login processes. The final step in the login process, once the FIDO2 biometric login has completed successfully, is to from within the FIDO2 controller MakeAssertion call complete the sign-on with SignInManager's SignInAsync.
Biometric login is now working well from iOS, Android, Windows Hello, and using a Yubikey security key.
I am developing an Angular + ASP.NET Web API application and would like to use ASP.NET Identity. The customer uses Active Directory and would like to log in to the application using their AD credentials. On IE "inside" the network, the app should use the credentials of the current user (it will be in the intranet zone). On non-IE browsers or outside the network, the customer would like a login page (as opposed to a NTLM or Basic Auth prompt for credentials).
Given all that, I've landed on writing a custom Identity IUserStore that handles authenticating against LDAP, similar to the ActiveDirectoryMembershipProvider, but for Identity. Is there an existing implementation for Identity against AD? The customer does not have ADFS configured, but should I be pushing them toward that instead of rolling my own provider?