Reference:
https://github.com/azure-ad-b2c/samples/tree/master/policies/sign-in-with-magic-link
Using this in your Production Application - Could you please help how can we use authentication library to create a state and handle authentication request using id_token_hint.
It has been explained in this referenced link. Please help if there is any link how we can integrate magic link custom policy with production app. Note: using run as link and jwt.ms it is working as expected.
I am using Asp.net core 3.1 and c# programming language. I was following web api which is mentioned in this doc (source code) . I added another controller, model and view with top of this api(which has identity controller and oidc controller).
This can be achieved by passing id_token_hint to account controller.
Related
I am converting an Asp.Net Web Api project to Asp.Net Core with .net6.
This project uses a custom Api-Key authentication and authorization method to give access to some of the controllers and actions.
In the old project, when opening the swagger documentation, the only controllers and actions displayed are the ones that do not require authentication.
Once the user inserts the api key and clicks on Explore button, the authorized controllers and actions shows up in documentation.
To do this, in the legacy project, I used IOperationFilter and IDocumentFilter to hide controllers and actions if not authorized.
This is working because when you click on Explore button after providing the api key, the page is refreshed and, at every refresh of the page, the IOperationFilter and IDocumentFilter are applied.
In Asp.Net Core, it seems that the IOperationFilter and IDocumentFilter are applied only at startup, and, in addition, the new Authorize button does not reload the page, and works only client side to provide authorization to the subsequent user interactions with the Try it out button present on every action.
Is it possibile to do something similar in Asp.Net Core, or should I drop that feature in the new version?
I found something may help you :
In asp.net core Swagger construct the UI page with a json file as below :
app.UseSwaggerUI(c=>
{
c.SwaggerEndpoint("/swagger/v1/swagger.json","SwaggerFilterv1");
});
This json file is constructed with the options you configured when you registed the service
Then I tried to copy the content of json file to the static file in the project ,deleted part of the path(you could also apply the filters and copy the json file directly ),and replaced the json file constructed by .net core
It worked as excepted : Some of the Api was missing
and you may inject your js file to control it(Add a request header you if auth succeeded and refresh the page and check request header with middleware):
app.UseSwaggerUI(c=>
{
......
c.InjectJavascript("")
});
I tried to branch the pipeline(I omitted the Authentication process just tried to check the query para):
app.UseWhen(x =>x.Request.Query.ContainsKey("Key"),
app =>app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/somejson.json", "SwaggerFilter v1");
}));
app.UseWhen(......)
The Result:
I'm trying to get Microsoft configured as an external login provider in Identityserver4.
I succeeded by following identity server's documentation with using AddMicrosoftAccount:
services.AddAuthentication().AddMicrosoftAccount(microsoftOptions =>
{
microsoftOptions.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
microsoftOptions.ClientId = configuration["MicrosoftLoginProvider:ClientId"];
microsoftOptions.ClientSecret = configuration["MicrosoftLoginProvider:ClientSecret"];
});
However, I didn't have luck with getting single sign-out to work. The documentation is in line with Microsoft's documentation at https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins?view=aspnetcore-5.0.
However, if you follow the instructions to create an app in Microsoft Developer Portal (portal.azure.com), the sample code on that portal suggests a different way. The sample application that the portal generated for me (WebApp-OpenIDConnect-DotNet) is using AddMicrosoftIdentityWebApp:
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"));
Since this application is working out-of-the-box including single sign-out, Iam wondering if this is the way I have to continue.
To my surprise, however, I can't find any doc/blogs about how to integrate this approach in IdentityServer4. I almost got it to work myself, but there are a few weird issues.
Can someone clarify if using AddMicrosoftIdentityWebApp is the way to go to add Microsoft as an external identity provider to Identityserver4?
Has someone succeeded in getting AddMicrosoftIdentityWebApp to work with IdentityServer4?
THanks for your help!
I figured how to get it to work.
Actually, only two things I had to do.
First, I had to remove OpenIdConnectDefaults.AuthenticationScheme in the call to AddAuthentication in the example code that Microsoft generated. So the code becomes:
services.AddAuthentication()
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"));
Then, in the code that reads the external identity from a temporary cookie, I had to use CookieAuthenticationDefaults.AuthenticationScheme. So, that code now reads as follows:
var authenticationResult = await HttpContext.AuthenticateAsync(CookieAuthenticationDefaults.AuthenticationScheme);
That was all.
After digging around I found this statement here:
Microsoft.Identity.Web is a simpler way to use Azure AD in ASP.NET Core web apps and web APIs.
It doesn't replace ASP.NET Identity in any way, it doesn't replace AddJwtBearer or AddCookie or any of the lower level primitives, but it does use and configure them correctly for Azure AD.
It doesn't work with non-Azure identity providers. It replaces AzureAD.UI and AzureADB2C.UI which are obsolete in .NET 5.0
So, the conclusion is that Microsoft.Identity.Web does not work outside Azure AD and hence not with IdentityServer.
If you do get it to work then let me know!
I need to localize (in italian) all the pages of Identity/Account Area that I scaffolded (I started the asp.net 3.1 core project with No Authentication and then added the pages below with the Add New Scaffolded Item...)
I discovered there is for every culture an assembly Microsoft.AspNet.Identity.Core. (eg. Microsoft.AspNet.Identity.Core.it), but I don't understood how to use.
I tried to load and reference it, but nothing changes... do you have a sample how to use?
Is it usable only if I use the "hidden" mode (eg. create the asp.net 3.1 project with Authentication Individual User Account)?
Thanks
Sandro
\Areas\Identity\Pages\Account\AccessDenied.cshtml.cs
\Areas\Identity\Pages\Account\ConfirmEmail.cshtml.cs
\Areas\Identity\Pages\Account\ConfirmEmailChange.cshtml.cs
\Areas\Identity\Pages\Account\ExternalLogin.cshtml.cs
\Areas\Identity\Pages\Account\ForgotPassword.cshtml.cs
\Areas\Identity\Pages\Account\ForgotPasswordConfirmation.cshtml.cs
\Areas\Identity\Pages\Account\Lockout.cshtml.cs
\Areas\Identity\Pages\Account\Login.cshtml.cs
\Areas\Identity\Pages\Account\LoginWith2fa.cshtml.cs
\Areas\Identity\Pages\Account\LoginWithRecoveryCode.cshtml.cs
\Areas\Identity\Pages\Account\Logout.cshtml.cs
\Areas\Identity\Pages\Account\Register.cshtml.cs
\Areas\Identity\Pages\Account\RegisterConfirmation.cshtml.cs
\Areas\Identity\Pages\Account\ResendEmailConfirmation.cshtml.cs
\Areas\Identity\Pages\Account\ResetPassword.cshtml.cs
\Areas\Identity\Pages\Account\ResetPasswordConfirmation.cshtml.cs
\Areas\Identity\Pages\Account\Manage\ChangePassword.cshtml.cs
\Areas\Identity\Pages\Account\Manage\DeletePersonalData.cshtml.cs
\Areas\Identity\Pages\Account\Manage\Disable2fa.cshtml.cs
\Areas\Identity\Pages\Account\Manage\DownloadPersonalData.cshtml.cs
\Areas\Identity\Pages\Account\Manage\Email.cshtml.cs
\Areas\Identity\Pages\Account\Manage\EnableAuthenticator.cshtml.cs
\Areas\Identity\Pages\Account\Manage\ExternalLogins.cshtml.cs
\Areas\Identity\Pages\Account\Manage\GenerateRecoveryCodes.cshtml.cs
\Areas\Identity\Pages\Account\Manage\Index.cshtml.cs
\Areas\Identity\Pages\Account\Manage\ManageNavPages.cs
\Areas\Identity\Pages\Account\Manage\PersonalData.cshtml.cs
\Areas\Identity\Pages\Account\Manage\ResetAuthenticator.cshtml.cs
\Areas\Identity\Pages\Account\Manage\SetPassword.cshtml.cs
\Areas\Identity\Pages\Account\Manage\ShowRecoveryCodes.cshtml.cs
\Areas\Identity\Pages\Account\Manage\TwoFactorAuthentication.cshtml.cs
``
I tried to load and reference it, but nothing changes... do you have a sample how to use?
Is it usable only if I use the "hidden" mode (eg. create the asp.net 3.1 project with Authentication Individual User Account)?
As far as I know, the Microsoft.AspNet.Identity.Core is used for ASP.NET not for ASP.NET Core. The asp.net core identity package is Microsoft.AspNetCore.Identity. There is no simple to use asp.net identity in asp.net core.
If you want to use Localization for asp.net core identity, you should have basic knowledge of Localization for asp.net core. Please refer to this article. You should know what is the Resource files and know how it work in asp.net core to generate different language for different culture.
Then you could refer to this example project which has already enabled Localization for the asp.net core identity.
You could directly Fork the repro, create resource files for the language you want to translate, add the new language to the supportedCultures list before zu-ZA in Startup.cs and pull a request to test.
Notice: This example project is 2.2. If you want to use 3.1, you could follow the example project to create Localization for 3.1 project.
In my MVC4 app I'm using Ninject.Extensions.Conventions to autobind all itnerfaces with their implementation using default mechanism:
kernel.Bind(x => x
.FromAssembliesMatching("*")
.SelectAllClasses()
.BindDefaultInterface());
This works great for regular controllers, but doesn't for WebApi controllers. What do I need to change/add?
Ok, I resolved the issue by following this article:
http://www.peterprovost.org/blog/2012/06/19/adding-ninject-to-web-api/
In short: I created my own dependency resolver (as per article) and assigned it to GlobalConfiguration.Configuration.DependencyResolver as suggested by nemesv
There are already a many examples on how to integrate NInject with Web API through the web, using:
DependencyResolver
On ASP.NET website is shown standart way of integration of any DI/IoC with Web API:
http://www.asp.net/web-api/overview/extensibility/using-the-web-api-dependency-resolver
IDependencyResolver.
WebApiContrib project shows how to do it with IDependencyResolver
https://github.com/WebApiContrib/WebApiContrib.IoC.Ninject
Please post more information about your implementation of these resolvers, to be more specific in answer.
I'm using Upshotjs and knockout in an MVC4 SPA project to create a simple blog site. I am trying to enable roles based authentication so that only registered users can post a blog.
To do this I have an authorize filter on the DbDataController AddBlog method which passes back a 401 for unathorised users. This works fine and the error callback function in the orginating dataSource.commitChanges call is fired off but how do I get the error details from this function?
I have tried the dataSource.getEntityErrors method but this has nothing in it.
Grateful for any help.