I am trying to create a login mvc application in .NET through which any identity provider that supports OpenIdConnect for authentication and Oauth2.0 for authorization should be able to communicate. The objective is all my microservices will then call the login service ( which will act as a proxy) to perform single login and single logout and authorization via different identity providers such as Ping Identity or Okta or perhaps Azure AD.
Which Nuget package will be best to use in my login mvc application? Microsoft.AspNetCore.Authentication.OpenIdConnect or Microsoft.Owin.Security.OpenIdConnect. If there is any other library please shed some light. I am new in OpenIdConnect and IDP providers so please help me out here.
I would use Microsoft.AspNetCore.Authentication.OpenIdConnect for ASP.NET Core projects and Microsoft.Owin.Security.OpenIdConnect if you are using .NET Framework.
Related
I know how to add external provider using .net Core Identity for Google, But i couldn't get any example to implement for Azure AD SSO using SAML2.So far i know we can use Sustainsys library to configure SAML2.
Exising code :
var result = await _signInManager.PasswordSignInAsync(Input.Email, Input.Password, Input.RememberMe, lockoutOnFailure: true);
if (result.Succeeded)
{
//Redirect to Login page
}
I have tried using Sustainsys library to implement , But there is no sample code or documentationusing ASP.NET identity.
While the Sustainsys.Saml2 library can certainly be used with Azure AD, I'd recommend using the OpenID Connect packages from Microsoft that are built for Azure AD. They provide a better experience.
I have following scenario. I write asp.net core web api which will be used by mobile and web (asp.net core mvc web app) apps.
I authenticate user using asp.net core identity framework class SignInManager (add account controller and related classes manually) and then generate oauth token which will be used by client applications. By doing so I have 2 identities associated with the user. one is created by after I login using SignInManager.PasswordSignInAsync and second is created by generating oauth JWT token.
Is this correct approach or not?
Thanks
https://blogs.msdn.microsoft.com/webdev/2016/10/27/bearer-token-authentication-in-asp-net-core/
that might shed some light on what direction to go. there is also another blog post about using IdentityServer4 (3rd party) works well.
https://blogs.msdn.microsoft.com/webdev/2017/01/23/asp-net-core-authentication-with-identityserver4/
I can not understand the difference between the two, ASP.NET Identy is based on OWIN and does not introduce a middleware while IdentityServer introduced him, I'm confused ..
ASP.NET Identity is a user store/identity management library. It includes some OWIN helper classes to hook into the OWIN security middleware, but otherwise has nothing to do with authentication.
IdentityServer is an OpenID Connect provider, that acts as a central authentication server for multiple applications. It has nothing to do with user storage or identity management.
We are building ASP.NET MVC core web app and accessing data through ASP.NET Core Web API.
We have to give authentication and authorization to both MVC Core and Web API Core side.
If user is authenticated in MVC core web app then while accessing the data on web API core it is should not again authenticate. If user is directly accessing the web API then it should not allow and ask for authentication.
We also want to give authentication through Google.
For WebAPI I suggest token based authentication, Google support OAuth.
I suggest you take a look at the following link:
https://stormpath.com/blog/token-authentication-asp-net-core
There are some community-led efforts to build rich token authentication functionality for ASP.NET Core:
AspNet.Security.OpenIdConnect.Server – Similar to the OAuth Authorization Server middleware for ASP.NET 4.x.
OpenIddict – Wraps OpenIdConnect.Server up into an easier-to-use package that plugs into ASP.NET Identity.
IdentityServer4 – A port of Thinktecture IdentityServer3 to .NET Core.
All of them have sample MVC and API apps. Enjoy.
I want to compare authentication methods in asp.identity and dotnetnuke. I have read very articles about authentication in dotnetnuke.
DNN AUTHENTICATION WITH NEW ASP.NET IDENTITY SYSTEM
DotNetNuke Tips and Tricks #12: Creating your own Authentication Provider
Using DNN authentication and authorization info from another ASP.NET app
How to Setup the Authentication Settings in DotNetNuke
But I din't understand authentication elements and the relationship between them.
It would be very helpful if someone could explain authentication method in dotnetnuke.
Thanks.
DotNetNuke uses Asp.Net Membership not Identity. To replace the core authentication provider would be a lot of effort.
There are several ways to create your own authentication provider, but ultimately it will still be using the DotNetNuke Asp.Net Membership process. If you want to use an external service that uses Asp.Net Identity you could have your external Asp.Net Identity service pass a token/cookie to a custom DotNetNuke authentication/redirect module that validates the token/cookie, migrates the user from the Asp.Net Identity database to the DotNetNuke Asp.Net Membership database and finally does the login: DotNetNuke.Entities.Users.UserController.UserLogin.