I have been reading today about the auth implemented in asp.net core for google and facebook, and prototype-ed a lot. Something that's not clear to me at all, even after going through the MSDN docs. and several blogs: Is any support for backend API validation added in .net core or do I still need to call into the google auth library to validate the auth tokens received from the client.
Note: I am using asp.net core as Web API and I don't use the MVC/Razor part.
thanks for any detail added on this!
Related
I am trying to figure out how to implement the client credential flow in .NET Framework 4.8 app. The identity server is externally managed so this app will be requesting a token and refresh it as needed. Later when it needs to access the external API, it will set the token as bearer and send the request.
I will be using OWIN (Katana) to do all this. In my research, most examples I came across show how to manually implement the workflow. In .NET Core and above, the framework itself handles everything. You just have to configure the options and have the DI and middleware take care of the rest.
This doesn't seem to be the case in .NET framework 4.x apps. So I would really appreciate it if someone can point me in the right direction.
Thanks
The idea is to implement Single-sign on using the given technical stack (ASP.NET CORE WEB API, IdentityServer4, ReactJS - Front end)
ASP.NET Core Identity together with IdentityServer4 offers an extensions for Single-Sign-On (Google, Microsoft ect.) for MVC framework. However, a proper guidance is not given for a WEB API scenario.
Please provide me an example or a tutorial, which I can follow in this regard?
Thanks in advance.
*** Update ***
Would be great if an example is given for the flow of events on this scenario, as to how should the communication happen between the Front end application and the backend.
I have been trying for weeks to implement JWT authorisation in my .NET Core web app and have found myself following a lot of guides that I don't think are relevant to my use case. These guides talk a lot about scopes etc, and I don't think I need that level of complexity for my use case.
A lot of the guides talk about using things like OpenIddict or Identity Server to setup and configure something that the user can authorise against, but in these settings it seems like a seperate project is required to house the identity provider, and then my new asp net core application has to somehow hook into that for use. I'm also trying to get things like refresh tokens to work so the user doesn't have to log in over and over again.
The "client side" of my app will be Xamarin (for mobile) and Angular (for web).
In a single web application (a single .net core application) how can I use .NET Core Identity with JWT or OAuth? What is the minimum level of configuration required to achieve this?
ThisSimple JWT project
This is not asp.net core .This is just asp.net mvc project but this really simple and basic one. by watching this code, you will be clear how to implement JWT. Thanks
I want to create a SPA with Vue.js which consumes my ASP.NET Core Web-API. I need user authentication with username and password. The API will also be consumed by a mobile app (Android and iOS) later on.
I read this: ASP.NET Core Web API Authentication
I am wondering if there is nothing official available? Is Basic Auth even the right approach? I've read some documentation for ASP.NET Web-API using filters, didn't work for Core.
Then I though about implementing token based authentication myself.
I've also read that since ASP.NET Core 2.0 it's better to use services instead of middleware?
I am stuck and don't know where to start. Maybe the approach in the Question above is okay for my needs?! I am not quite sure.
You should consider Oauth and Identity. You can even use something such as Auth0.
I'm working on segregating the authentication part of my ASP.net MVC4 application using DotNetOAuth 2.0, Which will means that one project will do only authentication and send out response,based on response it will have access to other application.
The Idea is to get any application or project added later on use one common authentication process.
First thing came to my mind was building a service, in the process a read a lot about Web API and think it can help to achieve what I'm looking for.
Please suggest if you guys have implemented something like this or whats's the best practice.
Should i go with API or service, any link or sample to direct is appreciated
ASP.NET Web API is also a service - a RESTful service. The choice of using a "Service" although is good your underlying authentication platform will define what you should be using.
WCF is much more than a web service where as a Web API is pure HTTP service.
If you expect all your "applications" to be web based then there is no reason why this cannot be a Web API.
This article might be something that should help you decide on your authentication model: http://www.asp.net/web-api/overview/security/external-authentication-services